Start Excel trial

Privacy Policy

This document is provided in English only.

Yig · yigcore.com · Effective

This policy describes our current practices accurately. Yig is currently a public beta operated by an individual founder; processing is limited to the data described below, including waitlist, trial registration, and license delivery for the Office Add-ins beta.

This Privacy Policy explains how Yig (the "Site", "we", "us") processes personal data of visitors, waitlist members, trial registrants, and customers. It is intended to satisfy the information obligation under Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and French law n° 78-17 of 6 January 1978 ("Loi Informatique et Libertés"). Section numbering follows the structure most often used by French CNIL guidance.

1. Data controller

The data controller for the processing described here is the founder of Yig, acting as a natural person pending formal incorporation. Identity details are in our Legal Notice. Contact: [email protected].

2. Data Protection Officer (DPO)

A DPO is not currently designated. The thresholds in GDPR Article 37 (public authority; core activity = large-scale regular monitoring; core activity = large-scale processing of special-category data) are not met at our current operating scale. Privacy questions should be directed to the contact address above. This will be re-assessed as the beta scales.

3. EU representative (GDPR Article 27)

The data controller is not established in the EU. An EU representative will be designated if our processing no longer qualifies for the occasional low-risk exception in Article 27(2)(a), and their contact details will be published here. If you believe this assessment is incorrect, please contact us.

4. What we process and why — lawful basis table

We list every category of personal data we hold, why we process it, and the legal basis under GDPR Article 6.

Data category
Purpose
Lawful basis (Art. 6)
Email address
Add to waitlist; send magic-link status page; issue trial and license access; transactional updates about your application or license.
Performance of a service you requested (Art. 6(1)(b)).
Name, role, company, country or region
Pilot-match routing; understand the buyer profile of the waitlist and Office Add-ins beta.
Legitimate interests (Art. 6(1)(f)) — pilot-routing operations. You may object at any time (section 8).
Optional qualification (ERP, close-cycle length, free-text pain description)
Pilot scoping and follow-up prioritisation.
Consent (Art. 6(1)(a)) — you provide each answer voluntarily on a separate optional step.
Source page metadata (which page you signed up from; referral code if any)
Internal analytics on referral effectiveness.
Legitimate interests (Art. 6(1)(f)).
Trial consent record (privacy/terms acceptance, version, timestamp, registration source)
Prove and administer your requested 30-day trial registration.
Performance of a service you requested (Art. 6(1)(b)) and compliance with legal obligations (Art. 6(1)(c)).
License metadata (license id, trial/license status, expiry)
Issue license keys, prevent duplicate fulfilment, and administer your trial or Partnership license.
Performance of a service you requested (Art. 6(1)(b)).
Vote dedup identifier (cookie yig_v)
Prevent the same visitor casting two votes on the same skill-pack or connector ballot.
Strictly necessary — exempt from consent per CNIL Délibération n° 2020-091 (functional cookie).
Magic-link token (localStorage)
Authenticate your status portal session.
Performance of a service you requested (Art. 6(1)(b)).

No special categories. We do not collect special-category data (Art. 9) such as health, biometric, or political data. Do not submit such data via free-text fields.

No automated decision-making. No data we hold is used for automated decisions with legal or similarly significant effects under GDPR Article 22.

5. Recipients of personal data

We share personal data only with the data processors we need to operate the Site. Each acts on our instructions under a data processing agreement.

  • Cloudflare, Inc. (United States) — hosting, DNS, edge compute, and Cloudflare Web Analytics. Processes request metadata (IP, user-agent). Cloudflare Web Analytics is configured to operate without cookies and without storing your IP address in identifiable form.
  • Resend, Inc. (United States) — transactional email delivery. Receives your email address to send magic-link and notification emails.

Trial registration and license data (the account and consent metadata in section 4) are processed by Yig's own account service at account.yigcore.com, which runs on the Cloudflare infrastructure described above. The contents of your workbooks and your LLM provider API keys are not sent to this service or to any other Yig system — they stay inside the Office add-in session on your device.

We do not sell personal data, share it with third-party advertisers, use it for profiling, or use it to train any AI model.

6. International transfers

Cloudflare and Resend group entities may process data outside the European Economic Area. Transfers of personal data from the European Economic Area to those recipients occur under the European Commission's Standard Contractual Clauses (Decision 2021/914) as published by each provider, plus any supplementary measures each provider has documented (encryption in transit and at rest, access controls, audit logging). If you require a copy of the SCCs in force for a specific data flow, write to [email protected].

The Yig product software itself runs in your own environment (local, your VPC, or a single-tenant managed instance you control) and does not transfer customer financial data to Yig infrastructure. See /security and /docs/security-and-data-handling.

7. Retention

  • Waitlist record (email + role + qualification fields): retained until you request deletion or withdraw via the status portal. On withdrawal, the record is soft-archived and excluded from outreach; you may request permanent deletion by email.
  • Trial/license account record: retained while your trial or license remains active and then for the period needed to handle support, fraud prevention, and legal claims.
  • Consent record: retained for as long as needed to evidence the terms/privacy version accepted for your trial or license.
  • Free-text pain description / feedback: retained for 18 months after submission to inform product direction, then aggregated and anonymised.
  • Source-page metadata: retained for 18 months.
  • Vote dedup cookie: 6 months.
  • Magic-link token: until you log out or until expiry (typically 30 days).

8. Your rights

Under GDPR Articles 15–22 and Loi Informatique et Libertés, you have the following rights regarding your personal data. To exercise any of them, email [email protected]. We will respond within one month (extendable by two months for complex requests, with notice).

  • Access (Art. 15) — receive a copy of the data we hold about you.
  • Rectification (Art. 16) — correct inaccurate or incomplete data. You can also self-update name / role / company via your status portal.
  • Erasure / "right to be forgotten" (Art. 17).
  • Restriction of processing (Art. 18).
  • Portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
  • Object (Art. 21) — object to processing based on legitimate interests, including pilot-routing.
  • Withdraw consent (Art. 7(3)) — for any processing based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
  • Define guidance on the fate of your data after death (Loi Informatique et Libertés Art. 84-85) — applicable to data subjects resident in France.

You also have the right to lodge a complaint with a supervisory authority. If you are in France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL): 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France, or via cnil.fr.

9. Source of data

We obtain all data described here directly from you when you interact with the Site. We do not enrich your record from third-party data brokers, public records, or social platforms.

10. Security

Technical and organisational measures are documented in /security and /docs/security-and-data-handling. Transport encryption (TLS) is enforced end-to-end. Access to the waitlist data store is limited to the founder. The Yig product software is architected to read customer data from customer systems at runtime and not retain a copy.

11. Children

The Site is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has submitted data, contact us and we will delete it.

12. Changes to this policy

We will update this page when our practices change and note the effective date above. Material changes (new processors, new processing purposes, retention extensions) will be notified by email to waitlist members at least 15 days before taking effect.

13. Contact

Privacy questions, rights requests, breach reports: [email protected].