Privacy Policy

v1.0 — we keep this policy honest and current. If we change what data we collect or how we use it, this page updates first and we email account holders before the change takes effect. Material changes are reviewed by qualified legal counsel.

What we collect

When you use Yorvana, we collect: your email, business name, business address (including state for compliance-rule analysis), the processing statements you upload, and standard server logs.

If you use our free Statement Audit tool at /audit (no account required), we collect the statement you upload, the analysis we generate from it, and — if you choose to unlock the full report — your name, email, and optional phone number so we can send you the PDF and follow up with a consultation.

What we don't collect

We never see or store your credit card information — payment processing is handled through an authorize.net hosted form. We never store passwords — we use magic-link authentication. We never sell your data, and we never share it with any third party. To deliver the service, we rely on the vetted service providers listed below, who process your data only on our behalf, under contract — never for their own use.

How we use it

Your processing statements are read by AI to extract the data needed to audit them. They are never sent to consumer-tier AI services or used to train any model. Statements are encrypted at rest and retained for 24 months by default; you can request earlier deletion at any time.

For Statement Audit submissions (the public tool), we retain the statement + analysis findings + your contact info so we can (a) email you the report, (b) follow up with a personal consultation, and (c) improve our analysis quality over time via anonymized aggregate benchmarks. We never sell, share, or transfer your statement contents to third parties, and we never use them for advertising.

Sub-processors

To run the service, we rely on the following vetted service providers, who process your data only on our behalf — they are not third parties we sell or share your data to. Each operates under a data processing agreement and confidentiality terms equivalent to or stricter than this policy:

• Anthropic — AI extraction + content generation (United States)
• Supabase — Postgres database, file storage, and authentication (United States)
• Vercel — application hosting and edge delivery (United States)
• Postmark — transactional email + inbound parsing (United States)
• HubSpot — customer-relationship management for lead follow-up (United States) — applies when you submit a contact form, request a consultation, or unlock a full audit report
• Cloudflare — bot-mitigation challenge (Turnstile) on public forms (United States) — applies when you submit a public form

Full DPA links and current sub-processor changes available on request at hello@yorvana.com. We do not sell or rent your data to anyone, and we do not share it with parties outside this list.

Contact

Questions about your data, requests for deletion, or anything else — email hello@yorvana.com.

TOP LLC dba Yorvana — placeholder pending incorporation.