YEBO
Create Free

Privacy Policy

Last updated: April 6, 2026

Yebo Inc. (“Yebo”, “we”, “our”, “us”) operates yebo.dev, the Yebo iOS application, and associated developer services. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

  • Account information: name, email, company, role
  • Usage data: API requests, authorization events, audit logs
  • Technical data: IP addresses, browser/device info, session identifiers
  • Payment data: processed by Stripe; we never store raw card numbers
  • Device identity data: device identity ID and public key (generated on your device during setup)
  • Mandate data: capability type, amount, counterparty, policy references, and authorization session identifiers

2. How We Use Your Information

  • To provide and operate the Yebo platform
  • To evaluate, authorize, and verify mandates against your enterprise policies
  • To maintain an immutable audit trail for compliance and dispute resolution
  • To enable third-party AI agent plugins to propose, evaluate, and execute authorized mandates when you grant AI data sharing permission
  • To process authorized financial transactions through payment processors
  • To send transactional emails (receipts, alerts, invoices)
  • To send product updates (you can opt out at any time)
  • To detect and prevent fraud and abuse
  • To comply with legal obligations

3. Data Retention

  • Authorization receipts: 90 days (Free), 1 year (Growth), custom (Enterprise)
  • Account data: retained while account is active + 30 days after deletion
  • Audit logs: per-tier retention as above
  • Third-party AI service data: processed in real-time only. Yebo does not instruct AI providers to store your data beyond the request lifecycle. See each provider's privacy policy for their retention practices.

4. Your Rights

You may request access, correction, or deletion of your data by emailing privacy@yebo.dev. EU/UK residents have additional rights under GDPR/UK GDPR. You may revoke AI data sharing consent at any time in the Yebo iOS app under Settings → Privacy.

5. Third Parties

We use the following service providers to operate the Yebo platform. We do not sell your data to any third party.

  • Stripe (payments processing)
  • Apple Pay (payments processing via PassKit)
  • Vercel (website and dashboard hosting)
  • Resend (transactional email delivery)

5a. Third-Party AI Services

When you install an AI agent plugin in the Yebo iOS app and explicitly grant AI data sharing consent, the following third-party AI services may receive limited data to enable plugin functionality:

Who receives data

  • OpenAI, L.L.C. (api.openai.com)
  • Anthropic, PBC (api.anthropic.com)

What data is sent

  • Agent name and agent ID (not your personal name or email)
  • Mandate proposals: capability type, amount limit, and counterparty name
  • Authorization session ID (a randomized identifier, not linked to your real identity)
  • Plugin-specific data, only when you individually grant each permission:
    • read_identity: your display name and handle
    • read_audit: anonymized audit event summaries
    • receive_receipt: mandate execution receipts (amount, status, timestamp)

What is NOT sent to third-party AI services

  • Email address
  • Phone number
  • Biometric data (Face ID / Touch ID data never leaves your device)
  • Payment card numbers or bank account details
  • Raw cryptographic key material

How this data is collected and shared

Data is shared with third-party AI services only when all of the following conditions are met:

  1. You install an AI agent plugin in the Yebo iOS app
  2. You explicitly grant AI data sharing consent via the in-app toggle (Settings → Privacy)
  3. You individually grant the specific permissions each plugin requests

No data is shared with any third-party AI service before you grant explicit permission. You can revoke AI data sharing consent at any time in Settings → Privacy, which immediately stops all data sharing with AI services. Uninstalling a plugin also stops all data sharing with that service.

Purpose

To enable AI agent plugins to propose and execute authorized mandates on your behalf through the Yebo gateway. Plugins cannot execute actions directly — only you can authorize mandates via biometric verification.

Data protection

Both OpenAI and Anthropic maintain SOC 2 Type II certification, encrypt data in transit (TLS 1.3), and are contractually bound to provide equal or greater data protection under Yebo's data processing agreements. Neither provider is instructed to retain your data beyond the request lifecycle.

6. Cookies

We use only essential cookies required for site functionality and security. No advertising or tracking cookies.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Authorization receipts are cryptographically signed and tamper-evident. Biometric verification occurs entirely on-device and cryptographic key material never leaves the hardware security module.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on our site at least 30 days before changes take effect.

9. Contact

Questions about this policy? Email us at privacy@yebo.dev.