Privacy Policy

Last updated: February 28, 2026

1. What Data We Collect

When you use Yando, we collect the following information:

• Account information: Email address and display name, provided during registration.
• Board content: Sticky notes, text boxes, shapes, and other objects you create on boards, including their positions, sizes, and styling.
• Project content: Project pages and their text content.
• Collaboration data: Board memberships, active sessions, and cursor positions during real-time collaboration.

2. Cookies and Local Storage

We use the following client-side storage:

• Session cookie: A session cookie is used to keep you logged in. This is essential for the application to function.
• Theme preference: Your light/dark mode preference is stored in localStorage for instant loading.
• Sidebar state: UI preferences such as sidebar collapse state are stored in localStorage.

We do not use any tracking cookies, analytics cookies, or advertising cookies.

3. How We Use Your Data

Your data is used solely to provide the Yando service:

• Authentication: Your email and password are used to log you in and manage your account.
• Collaboration: Board content and cursor positions are shared with other users who have access to the same board.
• Board invitations: When you invite someone to a board, their email address and your display name are transmitted to our email provider (SMTP) to deliver the invitation.
• Board snapshots: Periodic snapshots of board content are created for history purposes, retained according to the configured retention period.

4. Third-Party Services

We minimize third-party data sharing:

• No analytics or tracking: We do not use any third-party analytics, advertising, or tracking services.
• No external resource loading: All JavaScript libraries, fonts, and stylesheets are self-hosted. No requests are made to external CDNs or third-party servers when you use the application.
• Email delivery: Board invitation emails are sent via an SMTP provider. This transmits the recipient's email address and the sender's display name to the email provider.

5. Data Retention

• Account data: Your account information is retained until you request deletion.
• Board content: Board data is retained as long as the board exists. Board owners can delete their boards at any time.
• Board snapshots: Historical snapshots are automatically deleted after the configured retention period (default: 90 days).
• Collaboration sessions: Active session and cursor data is ephemeral and cleared when you disconnect.

6. Your Rights

You have the right to:

• Access your personal data stored in the application.
• Correct your account information through your account settings.
• Delete your account and associated data by contacting the administrator.
• Export your board data using the built-in export feature (PNG, PDF, Markdown, or JSON formats).

7. Data Security

We protect your data through:

• Secure session management with HTTP-only cookies.
• Content Security Policy headers to prevent cross-site scripting.
• Server-side HTML sanitization for user-generated content.
• Rate limiting on authentication endpoints.

8. Contact

For questions about this privacy policy or to exercise your data rights, please contact the application administrator.