Privacy Policy

1. Introduction

Year-Ly ("we," "us," "our," or "Company") is committed to protecting your privacy in accordance with Mexican law. This Privacy Policy (Aviso de Privacidad) explains how we collect, use, disclose, and otherwise process personal data when you use our website, mobile applications, and services (collectively, the "Service").

We comply with the Ley Federal de Protección de Datos Personales en Posesión de Particulares (LFPDPPP) and its corresponding regulations. If you have any questions, please contact us at privacy@year-ly.com.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password, name, and profile information
• Calendar Data: Events, categories, goals, milestones, and all content you create
• Preferences: Layout preferences, category colors, visibility settings, and calendar organization
• Communication: Messages, feedback, and support inquiries
• Payment Information: Processed securely through Stripe (we don't store credit card details)

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, IP address
• Usage Data: Pages viewed, features used, time spent, interactions, and click patterns
• Cookies & Tracking: Session cookies, authentication tokens, and analytics cookies
• Location: General location based on IP address (not precise GPS location)

2.3 Information from Third Parties

• Stripe: Payment processor providing transaction information
• Supabase: Backend infrastructure provider handling authentication and data storage
• Analytics: Usage patterns and error logs from your interactions with our Service

3. How We Use Your Information

We use collected information for:

• Providing and maintaining the Service
• Creating and managing your account
• Processing payments and managing subscriptions
• Sending transactional emails (confirmation, receipts, updates)
• Improving, personalizing, and optimizing our Service
• Analyzing usage patterns and debugging technical issues
• Complying with legal obligations
• Preventing fraud, abuse, and security incidents
• Responding to support requests

We do not use your calendar data or personal information for marketing purposes without your explicit consent. We never sell your data to third parties.

4. Data Sharing and Disclosure

We share information only as necessary:

• Service Providers: Stripe (payments), Supabase (hosting/database), analytics services
• Legal Compliance: When required by law or to enforce our Terms
• Business Transfers: In case of merger, acquisition, or bankruptcy
• With Your Consent: When you explicitly authorize sharing

We have data processing agreements with all third-party processors. They are bound to use your information only for providing services to us.

5. Data Retention

• Active Accounts: Data retained for the duration of your account
• Deleted Accounts: Permanently deleted within 30 days (backup copies within 90 days)
• Billing Records: Retained for 7 years (legal/tax requirement)
• Log Files: Retained for 90 days for security purposes
• Cookies: Session cookies expire when you log out; persistent cookies up to 1 year

You can request deletion of your account and data at any time through account settings or by contacting us.

6. Your Privacy Rights (Mexican Law - LFPDPPP)

6.1 Rights Under Mexican Privacy Law

According to the LFPDPPP, you have the following rights:

• Access (Acceso): Right to access your personal data held by us
• Rectification (Rectificación): Right to correct inaccurate, incomplete, or outdated personal data
• Cancellation (Cancelación): Right to request deletion of your personal data when it is no longer necessary or relevant
• Opposition (Oposición): Right to object to the processing of your personal data for specific purposes
• Revocation of Consent (Revocación del Consentimiento): Right to withdraw your consent at any time

6.2 Exercising Your ARCO Rights

To exercise your Access (Acceso), Rectification (Rectificación), Cancellation (Cancelación), or Opposition (Oposición) rights (collectively known as "ARCO" rights), you must submit a written request with:

• Your full name and contact information
• A clear description of your request and the personal data involved
• A copy of your identification document
• Any supporting documentation

Submit requests to privacy@year-ly.com or by mail to our registered address. We will respond within 20 business days from receipt of your request in accordance with LFPDPPP Article 35.

7. Data Location and International Transfers

Year-Ly operates with servers and service providers that may be located outside Mexico. When personal data is transferred outside Mexican territory, we ensure compliance with LFPDPPP Article 37, which requires that personal data receives protection equivalent to that provided under Mexican law. We use data processing agreements and other safeguards to protect your information during international transfers.

8. Security

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with password hashing
• Regular security audits and penetration testing
• Access controls limiting employee access to data
• Secure backups with encryption

However, no security system is impenetrable. We cannot guarantee absolute security. Users are responsible for maintaining confidential passwords.

9. Children's Privacy

Year-Ly is not intended for users under 18 years old. We do not knowingly collect personal information from children under 18. If we discover we have collected such information, we will delete it promptly. Parents or guardians who believe their child has provided information should contact us immediately.

10. Do Not Track (DNT)

Some browsers include a Do Not Track feature. Our Service currently does not respond to DNT signals, but users can disable cookies and tracking through browser settings.

11. Third-Party Links

Our Service may contain links to third-party websites. This Privacy Policy applies only to Year-Ly. We are not responsible for the privacy practices of linked sites. Review their privacy policies before providing information.

12. Cookies & Similar Technologies

We use cookies and similar tracking technologies for:

• Authentication and session management
• Remembering preferences
• Analytics and usage tracking
• Security and fraud prevention

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

13. Legal Basis for Data Processing

Under LFPDPPP Article 8, we process personal data only with your prior, express, and informed consent, except in the cases established by law. Our legal basis for processing includes:

• Explicit Consent: You provide consent when creating an account or using our services
• Contract Performance: Processing necessary to provide the Service you requested
• Legal Obligations: Compliance with tax, accounting, or regulatory requirements
• Data Subject Request: When you request specific services or information

14. Designated Privacy Officer

Year-Ly has designated a Privacy Officer (Responsable de Datos Personales) to address privacy concerns and manage requests related to personal data processing in accordance with LFPDPPP Article 29.

15. Contact Us

For privacy inquiries, ARCO requests, or concerns regarding this Privacy Policy:

We will respond to requests within 20 business days from receipt in accordance with LFPDPPP Article 35.

16. Applicable Law and Jurisdiction

This Privacy Policy and all matters related to the processing of personal data are governed by the laws of Mexico and in particular the Ley Federal de Protección de Datos Personales en Posesión de Particulares and its regulations. Any disputes arising from this policy shall be submitted to the jurisdiction of Mexican courts.

17. Changes to This Policy

We may update this Privacy Policy occasionally. Material changes will be communicated via email or prominent notice on the Service. Your continued use of the Service after changes indicates acceptance of the updated policy. We recommend reviewing this policy periodically.