Privacy Policy

Last updated: 2026-05-27

Information We Collect

We collect information you provide when creating an account (email, name) and usage data (card views, NFC taps). We use cookies for authentication and locale preferences. We do NOT collect or store form submissions from your business card visitors - those are sent directly to you via webhooks.

How We Use Your Information

Your account information is used to provide and improve our services. Analytics data (card views, tap counts) is used to provide you with performance insights. We never sell your personal information to third parties.

Data Storage & Security

Your data is stored in encrypted PostgreSQL databases hosted on dedicated servers. Images are served via Bunny.net CDN with AVIF/WebP optimization. All connections use TLS encryption. API keys are stored as SHA-256 hashes - we cannot retrieve your raw key after creation. OAuth tokens are similarly hashed before storage.

Third-Party Services

We share data with the following third parties to provide our services: Bunny.net (image and media CDN hosting), Pexels (stock photo search - queries only, no personal data shared), Stripe (payment processing - billing email and subscription data), Amazon SES (transactional email delivery). We do not share your data with advertising networks, data brokers, or any other third parties.

API and MCP Integration

YesHello provides an API and MCP (Model Context Protocol) server that allows AI assistants and third-party applications to access your account data on your behalf. API access requires authentication via OAuth 2.0 or API keys. The MCP server operates as a stateless pass-through - it does not store any additional data beyond what the core application already stores. When you authorise an MCP client (such as Claude), you grant it read and/or write access to your cards, forms, listings, and media. You can revoke this access at any time. All API and MCP requests are logged for security monitoring (request metadata only, not request/response bodies).

NFC Tap Data

When someone taps your NFC card, we record: timestamp, general location (country/city), and device type. IP addresses are hashed before storage. We never store precise GPS coordinates or device identifiers.

Form Submissions (Privacy-First)

Form submissions from your business card are sent directly to your configured webhook endpoint. We do NOT store form submission data in our database. This is by design - your contacts' information belongs to you, not to us.

Cookies

We use essential cookies for authentication (session tokens) and user preferences (locale selection). We do not use advertising or tracking cookies.

Data Retention

Your account data is retained for as long as your account is active. Published card content is cached at CDN edge locations and purged within 24 hours of changes. Analytics data (card views, NFC taps) is retained indefinitely while your account is active. OAuth tokens expire after 1 hour (access tokens) or 30 days (refresh tokens) and are automatically cleaned up. Upon account deletion, all associated data (cards, forms, listings, analytics, media, API keys, OAuth tokens) is permanently removed within 30 days.

Your Rights

You can export, modify, or delete your account data at any time from your dashboard settings. You can revoke API keys and OAuth authorisations from your settings page. Upon account deletion, all associated data is permanently removed within 30 days.

Contact

For privacy-related questions, contact us at [email protected]. YesHello is operated by ThriveRoute Ltd.