Menu
HomePricing
Get Started Free

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Yander Labs, Inc. ("Yander," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our remote team intelligence platform and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and password when you create an account.
  • Payment Information: Billing address and payment details processed through our secure payment provider.
  • Communications: Information you provide when contacting our support team or participating in surveys.

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, including features used and time spent.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP address, access times, and referring URLs.

2.3 Workplace Integration Data

When you connect workplace tools (such as Slack, Google Workspace, Microsoft 365, Zoom, Notion, ClickUp, or Monday.com), we collect and process data from those tools to power our AI-driven team intelligence features. This includes:

  • Email data: Subject lines, message bodies, sender and recipient information, and timestamps.
  • Messaging data: Message text, channel information, and timestamps from connected Slack channels, including public channels, private channels, and direct messages.
  • Calendar data: Event titles, descriptions, attendee lists, times, and locations.
  • Meeting transcripts: Speaker-attributed transcription text from recorded meetings (via integrations such as Recall.ai, Fathom, or Fireflies).
  • Document data: Page text and comments from connected tools such as Notion.

This data is processed by AI models (via our sub-processor OpenRouter) to extract facts, relationship patterns, collaboration insights, and engagement scores. We do not:

  • Display raw communication content in the dashboard — only AI-extracted insights and summaries are shown
  • Allow Yander employees to review your raw communication content except as necessary for technical support with your explicit consent
  • Capture screenshots or record keystrokes
  • Track personal activities outside of connected work tools
  • Use your content for training AI models
  • Sell or share your content with third parties beyond our listed sub-processors

2.4 Google API Data

When you connect Google Workspace services (such as Gmail, Google Calendar, or Google Meet), we access data through Google APIs to provide our Service. This includes email content (subject lines, bodies, sender and recipient information, timestamps) and calendar event details (titles, descriptions, attendees, times, locations). This data is processed by AI models to extract team engagement insights — such as collaboration patterns, response time trends, and relationship mapping. Raw communication content is not displayed to users; only AI-generated insights and summaries are surfaced in the dashboard.

Google API Services User Data Policy Compliance: Yander's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure: In accordance with Google's Limited Use requirements:

  • We only use Google user data to provide and improve the user-facing features of our Service that are prominent in our application's user interface
  • We do not transfer Google user data to third parties unless necessary to provide or improve user-facing features, you provide affirmative consent, or it is required for security or legal compliance
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising
  • We do not allow humans to read Google user data unless you have provided affirmative consent, it is necessary for security purposes, or it is required to comply with applicable law

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Generate engagement insights and team health analytics
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends to enhance user experience
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Your Organization: Aggregated team insights are shared with authorized administrators within your organization.
  • Service Providers (Sub-processors): Third-party vendors who assist in operating our Service, bound by confidentiality agreements and data processing agreements. See our current sub-processor list in Section 15 below.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users.
  • With Your Consent: When you have given explicit permission to share.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Actively pursuing SOC 2 Type II certification
  • Encryption for data at rest (AES-256 via infrastructure provider) and in transit (TLS 1.3 via edge proxy)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Secure data centers with physical security measures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your data at any time. We will delete or anonymize your information within 30 days of a verified request, unless retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing activities
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, contact us at jordan@yanderlabs.com.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant authorities, to protect your data during international transfers.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content. You can manage cookie preferences through your browser settings. Note that disabling cookies may affect Service functionality.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR. To exercise this option, please visit https://www.rb2b.com/rb2b-gdpr-opt-out.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any information.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. California Privacy Rights

If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to request access to, deletion of, and information about the categories of personal information we collect. We do not sell personal information. To exercise your rights, contact us at jordan@yanderlabs.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Performance of a Contract: Processing necessary to provide the Service you have subscribed to, including account management, workspace analytics, and support.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Service, ensuring security, and preventing fraud, where those interests are not overridden by your data protection rights.
  • Consent: Where you have given explicit consent, such as opting in to marketing communications or connecting optional workplace integrations.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

Where processing is based on consent, you may withdraw consent at any time by contacting us at jordan@yanderlabs.com.

15. Sub-processors

We use the following sub-processors to deliver our Service. Each sub-processor is bound by a data processing agreement and processes data only as necessary for the stated purpose.

Sub-processorPurposeLocation
RailwayCloud infrastructure, hosting, PostgreSQL database, and RedisUnited States
ClerkAuthentication and user managementUnited States
NangoOAuth integration proxyUnited States
StripePayment processingUnited States
OpenRouterLLM inference (AI processing)United States
SentryError monitoring and performanceUnited States
PostHogProduct analyticsUnited States

We will notify customers of any changes to this sub-processor list at least 30 days in advance. For enterprise customers with a Data Processing Agreement, objection rights are detailed in the DPA.

16. Data Processing Agreement

If your organization requires a Data Processing Agreement under GDPR Article 28 or similar legislation, our standard DPA is available at yander.io/dpa. The DPA is incorporated by reference into our Terms of Service for all customers processing personal data subject to applicable data protection laws.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Yander Labs, Inc.

2261 Market Street STE 46212

San Francisco, CA 94114

Email: jordan@yanderlabs.com