Privacy Policy

Last updated: May 20, 2026

Yomlet ("we", "the app") lets you save short-form videos and turns them into structured cards you can actually find and use. This policy describes every category of information we touch, why we touch it, and what we do not do with it. We have tried to keep it specific and short.

What we collect

All of the following data is linked to your user identity in our database. None of it is used to track you across other companies' apps or websites. None of it is shared with advertising networks or data brokers.

  • Email address. You provide this at signup, or it arrives via Apple or Google when you use social sign-in (including Apple's relay address if you choose Hide My Email). We use it to identify your account, send password reset emails, and contact you when material things change.
  • Display name. Captured at signup, or from the Apple or Google response on first sign-in. Shown to you inside the app; never shared outside.
  • User identifier. A persistent ID assigned by our authentication provider when you create an account. We use it to scope every database read and write to your account so other users cannot see your library.
  • Your content. The video URLs you submit, the captions and transcripts extracted from those videos, the structured cards we produce from them (ingredients, steps, exercises, places, books, etc.), the folders you create, and the way you organise your library.

What we don't collect

We do not collect your precise or coarse location, your contacts, your photos, your microphone or camera input, your health or fitness data, your financial information, or your browsing or search history outside of the app. The app does not embed any third-party advertising or analytics SDKs that profile you. We do not use cross-app tracking; we do not show an Apple App Tracking Transparency prompt because there is no tracking to ask permission for.

How we use what we collect

Every category of data above exists to power the product. Specifically:

  • Account management. Signing you in, sending password resets, contacting you about your account.
  • Running the app. Showing your saved videos, the cards we extracted from them, your folder organisation. Scoping each query to your account.
  • Processing submissions. When you submit a video URL, we scrape its public caption and transcript, send those to a language model for extraction, and store the structured result alongside the original URL.

We do not use your data to personalise advertising, train third-party models, or build a profile of you. Your content is not sold.

Who receives your personal data

We use the following service providers as data processors. They handle data on our behalf, under written agreements that restrict their use of it to running our service. They are not themselves "collecting" your data in any commercial sense.

  • Supabase — authentication and database hosting. Stores your email, name, user ID, and content.
  • OpenAI and Google (Gemini) — language model extraction. When you submit a video, we send its captions, transcripts, and visual frames to these models to produce structured cards. We do not include your personal account information in those requests.
  • Resend — transactional email delivery (password resets, account confirmation). Receives your email address only.
  • Vercel — website hosting. Standard web access logs (IP address, user-agent, request paths) for serving the app and basic security.

All of these providers operate in jurisdictions with established data-protection regimes. Most data is hosted on US infrastructure.

How we keep it secure

All traffic between the app and our backend is encrypted in transit via HTTPS. On iOS, your authentication tokens are stored in the system Keychain. Our database enforces row-level security so a query from one user's account cannot read another user's data. We use only standard, system-provided encryption — we do not implement our own cryptographic algorithms.

Your choices and rights

  • Access and export. You can request a copy of the data we hold about your account by emailing hello@yomlet.com. We will reply within 30 days.
  • Account deletion. You can delete your account from within the app via the menu → Profile → Delete account. If you no longer have access to the app, email hello@yomlet.com and we will delete your account within 30 days. Deletion is permanent.
  • Corrections. You can edit your display name in-app. For other corrections, email us.
  • Opt-out of communications. Transactional emails (password reset, account confirmation) are required to operate the app. We do not send marketing emails today; if that changes, you will be able to opt out from any such email.

Children

Yomlet is not directed to children under 13, and we do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete the account.

Changes to this policy

When this policy changes in a material way, we will update the "Last updated" date at the top of this page and, where the change affects how we handle existing user data, notify you by email. Non-material changes (wording, formatting, clarifications that do not change practice) may be made without notice.

Contact

Questions, requests, or concerns about this policy or how we handle your data: hello@yomlet.com.