Back to Home

Privacy Policy

Last updated: January 8, 2026

Privacy at a Glance

  • ✓ We never sell your personal data to third parties
  • ✓ Your content is encrypted and secured with industry-standard practices
  • ✓ You can export or delete your data at any time
  • ✓ We use AI providers (Google, OpenAI, Anthropic) to deliver our services
  • ✓ We collect only what's necessary to provide and improve the service

1. Introduction

Yojanai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered planning platform.

By using Yojanai, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when using the Service:

  • Account Information: Name, email address, password (encrypted), profile picture
  • Project Data: Project names, descriptions, tasks, comments, assignments
  • Planning Data: Trip plans, meal plans, financial items (credit cards, coupons, memberships)
  • Preferences: Dietary restrictions, travel preferences, budget information
  • Voice Data: Voice recordings when using the AI voice assistant (processed and deleted after transcription)
  • Collaboration Data: Team member invitations, shared project information, whiteboard content

2.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Usage Data: Features used, time spent, interactions with AI models
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed, referring URLs
  • AI Usage Logs: Prompts sent to AI models, tokens consumed, response times (for service improvement and cost tracking)
  • Analytics Data: Aggregated usage patterns, performance metrics

2.3 Information from Third Parties

When you authenticate with OAuth providers:

  • Google OAuth: Name, email, profile picture (with your permission)
  • We do not receive or store your OAuth provider passwords

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Service
  • AI Features: To process your requests through AI models and generate personalized content
  • Personalization: To customize your experience and provide relevant recommendations
  • Communication: To send you updates, notifications, and respond to inquiries
  • Security: To detect, prevent, and address fraud, abuse, and security issues
  • Analytics: To understand usage patterns and improve our features
  • Compliance: To comply with legal obligations and enforce our Terms of Service
  • Development: To develop new features and enhance existing ones

4. AI and Third-Party Processing

4.1 AI Model Providers

We use the following AI providers to deliver our services:

Google Gemini AI

Used for trip planning, meal planning, task generation, and content generation with Google Search grounding

OpenAI (Whisper & TTS)

Used for voice transcription and text-to-speech in the voice assistant

Anthropic Claude

Available as an alternative AI model for users with assignments

Amazon Nova

Available as a cost-effective AI model option

When you use AI features, your prompts and content are sent to these providers for processing. Each provider has their own privacy policies and data handling practices:

  • Google does not use your data to train their models (as per their enterprise agreement)
  • OpenAI does not use API data for model training (zero retention policy for API requests)
  • Anthropic and Amazon have similar enterprise data protection policies

4.2 Data Storage and Infrastructure

We use Supabase (built on PostgreSQL) for data storage and authentication. Supabase complies with SOC 2 Type II, GDPR, and HIPAA standards. Your data is:

  • Encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Stored in secure data centers with physical access controls
  • Protected by Row Level Security (RLS) policies ensuring users can only access their own data
  • Regularly backed up with point-in-time recovery capabilities

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Authentication: Secure password hashing (bcrypt) and OAuth 2.0 support
  • Access Control: Role-based access control and row-level security
  • Monitoring: Continuous security monitoring and intrusion detection
  • Auditing: Comprehensive audit logs for security-sensitive operations
  • Updates: Regular security patches and dependency updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Sharing and Disclosure

6.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 When We Share Data

We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize data sharing (e.g., inviting team members)
  • Service Providers: AI providers (Google, OpenAI, Anthropic, Amazon) and infrastructure providers (Supabase) necessary to operate the Service
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • Protection: To protect the rights, property, or safety of Yojanai, our users, or others

6.3 Team Collaboration

When you share projects or plans with team members, those users will have access to the shared content as specified by the sharing settings.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Authentication Cookies: To keep you signed in and maintain your session
  • Preference Cookies: To remember your settings and preferences
  • Analytics Cookies: To understand how you use the Service (aggregated data only)

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features.

8. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data (via account settings)
  • Export: Download your data in a portable format (JSON, Markdown, ICS)
  • Objection: Object to certain processing activities
  • Portability: Transfer your data to another service
  • Withdraw Consent: Revoke consent for data processing where consent was the legal basis

To exercise these rights, please contact us at privacy@yojanai.com or use the data controls in your account settings.

9. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days; some data retained for legal/security purposes
  • Voice Recordings: Deleted immediately after transcription (not stored)
  • Usage Logs: Retained for up to 90 days for analytics and service improvement
  • Backup Data: May persist in backups for up to 90 days after deletion

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@yojanai.com.

Users between 13 and 18 must have parental or guardian consent to use the Service.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@yojanai.com.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: Consent, contract performance, legitimate interests
  • Right to lodge a complaint with your supervisory authority
  • Right to restrict or object to processing
  • Data Protection Officer contact: dpo@yojanai.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Privacy Team

Email: privacy@yojanai.com

Data Protection Officer

Email: dpo@yojanai.com

General Support

Email: support@yojanai.com

Contact Form: yojanai.com/contact

Your Privacy Matters

We are committed to transparency and protecting your privacy. This policy is designed to help you understand what information we collect, why we collect it, and how you can control your data.

If anything is unclear or you have concerns, please don't hesitate to reach out. We're here to help.