Privacy Policy

Privacy Policy for Yolodex.ai

Effective: 13/08/2025 • Last Updated: 13/08/2025

1) Who we are

Yolodex Ltd (63 Clapton Square, London E5 8HE, UK) builds tools that help brands identify and manage VIP customers. Contact: support@yolodex.ai.

2) Scope & roles

  • Website & account data: Yolodex is the controller for visitors and users of yolodex.ai and for account/billing/admin data.

  • Client-provided data: When a business client provides customer data for enrichment/insights, Yolodex is a processor acting on the client’s documented instructions (see our DPA).

3) Data we collect

  • You provide: name, email, phone, company, preferences; messages you send us.

  • Payments: processed by our provider (we don’t store full card details).

  • Usage/telemetry: IP, device, browser, pages viewed, referring URLs, and cookie identifiers.

  • Client data (processor context): customer identifiers (e.g., name, email, postcode), order history, and attributes derived via enrichment (e.g., interests, demographic indicators) as instructed by the client.

4) Sources

Directly from you; your employer (if they are our client); service providers; and publicly available sources used for enrichment.

5) How we use data (controller context)

  • Provide and secure our services and website.

  • Account management, billing, support, and service communications.

  • Improve and develop features (including analytics and diagnostics).

  • Optional marketing with opt-out at any time.

Legal bases (EEA/UK): contract performance, legitimate interests (security, product improvement, preventing abuse), consent (where required, e.g., non-essential cookies/marketing), and legal obligations.

6) Processing on behalf of clients (processor context)

We process client data only per the client’s written instructions and our Data Processing Addendum (DPA), including security, sub-processor, assistance, and deletion terms.

7) Sharing & sub-processors

We share personal data with vendors who help us run the service (hosting, analytics, communications, payments, enrichment) under appropriate contracts. Our current sub-processor list is in the DPA (Schedule A, Annex III). We also share data if required by law or to protect rights, safety, and security.

8) International transfers

Where data is transferred outside the EEA/UK (e.g., to the United States), we use EU Standard Contractual Clauses (2021/914) and, for UK transfers, the UK IDTA/Addendum, plus supplementary measures where appropriate.

9) Retention

  • Website/account data: kept for as long as your account is active and as needed for legal/business purposes, then deleted or anonymised per our retention schedule.

  • Client-provided data (processor): retained for the term of the agreement and deleted within 30 days after termination or earlier on request; backup media are overwritten within an additional 30 days. We can provide written deletion confirmation.

10) Security

We use industry-standard measures including encryption in transit/at rest, access controls, MFA for admin access, network segregation, vulnerability management, secure SDLC, and incident response. No system is 100% secure.

11) Cookies

We use cookies and similar technologies for functionality and analytics. Where required, we rely on consent for non-essential cookies. You can manage preferences via Cookie Settings and your browser.

12) Your rights

EEA/UK: access, correction, deletion, portability, restriction/objection, and withdrawal of consent.
California (CPRA): know/access, delete, correct, and limit use of sensitive personal information; opt-out of “sale” or “sharing” (cross-context behavioral advertising). We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will update this notice and provide opt-out mechanisms.

To exercise rights or request assistance as a client’s processor, email support@yolodex.ai. We will respond within applicable timelines.

13) Children

Our services are intended for business users and are not directed to children under 16. We do not knowingly collect children’s data.

14) Automated decisions & profiling

We do not make decisions that produce legal or similarly significant effects based solely on automated processing. Profiling may be used to generate insights; clients remain responsible for the legal basis where we act as processor.

15) Third-party links

Our site may link to third-party sites; their privacy practices apply to their services.

16) Changes

We may update this policy. We’ll post changes here and update the “Last Updated” date. Material changes may also be notified by email or banner.

17) Contact

Questions or requests: support@yolodex.ai
Postal: Yolodex Ltd, 63 Clapton Square, London E5 8HE, UK