← Back to Yohaanei

Privacy Policy

Last updated: 16 May 2026

The short version

  • → Your brain dump and conversation text is processed by AI and immediately discarded. We never store what you type.
  • → We collect your email only if you choose to join the waitlist or create an account.
  • → We store anonymous usage statistics (session counts, not content).
  • → We do not use cookies. Analytics use browser localStorage only — no cookie consent banner is required.
  • → Our analytics provider (PostHog) processes data exclusively in the EU.
  • → We do not sell your data. Ever.
  • → You can delete your account yourself — one button in the menu. We process it within 30 days.

1. Who we are

Yohaanei is a digital sanctuary built to help people untangle their mental load. It is operated by Nilabh Ranjan, based in Bengaluru, India. For privacy enquiries, contact nilabh@yohaanei.com.

2. What we collect and why

Brain dump / conversation textSent to AI for processing. Never stored anywhere.To provide Un-Do List and /talk responses
Email addressStored in our database (Supabase, India)Account and waitlist — only if you choose to join
Feedback ratingThumbs up / down / neutral + source pageProduct improvement
IP addressRate limiting — stored temporarily for abuse preventionPrevent abuse
Usage metadataSession counts, AI provider, model, safety signal flags (no content)Product analytics, quality monitoring, safeguarding
Referral dataYour personal invite slug, referral relationships, Residence reward expiry dateReferral programme — only created when you use or share an invite link
Behavioural analyticsPages visited, session duration — via PostHog EU Cloud (localStorage, no cookies). No form content captured.Understand how people use Yohaanei

3. What we do NOT collect

  • → The content of what you type — in brain dumps, /talk conversations, or anywhere else — is never stored in our database.
  • → We do not use cookies. Our analytics tool (PostHog) uses browser localStorage only — no cookie consent banner needed.
  • → We do not use session recording. Behavioural analytics is limited to pageviews and navigation — not interactions or content.
  • → We do not build advertising profiles.
  • → We do not run ads.

4. How AI processes your content

Every brain dump and /talk message is sent to Anthropic's API for AI processing. This is the most sensitive data flow in the product — here is exactly what happens:

  • → Processed in the US. Anthropic operates from the United States. Your input text is transmitted to their servers to generate a response.
  • → Not stored by us. We receive the AI response and immediately discard your input. It is never written to our database.
  • → Not trained on by Anthropic. Anthropic does not use API customer data to train its models by default.
  • → Safety signals only. We log whether a session contained a crisis, distress, or child safety signal — a boolean flag, never the content itself. This exists solely to monitor product safety.

The legal basis for this transfer is contract performance — processing your input is the service you are using.

5. Third-party processors

We use the following services to operate Yohaanei. Each acts as a data processor under our instructions:

SupabaseDatabase — email, feedback, usage stats. Hosted in India (Mumbai).supabase.com/privacy
AnthropicAI processing — input text processed transiently in the US, never stored by usanthropic.com/privacy
VercelHosting + edge functions. US-based.vercel.com/legal/privacy-policy
PostHogProduct analytics — pageviews and navigation only, no content. EU Cloud (Frankfurt). All inputs masked.posthog.com/privacy
ResendTransactional email delivery. US-based.resend.com/privacy
Kit (ConvertKit)Email marketing — waitlist only. US-based.kit.com/privacy
Cloudflare TurnstileBot protection — no personal data storedcloudflare.com/privacypolicy

We are formalising signed Data Processing Agreements (DPAs) with all processors that handle personal data. Cross-border transfers to US-based processors rely on Standard Contractual Clauses (SCCs) as the legal mechanism under GDPR.

6. Legal basis (GDPR — EEA and UK users)

For users in the European Economic Area (EEA) and UK, we process data under the following legal bases:

  • → Legitimate interests — rate limiting, abuse prevention, safety signal logging, and anonymous usage analytics.
  • → Contract performance — processing your input to return AI results, and managing your account.
  • → Consent — email capture (you opt in voluntarily).

Our database (Supabase) is hosted in India (Mumbai). Vercel, Resend, and Kit are US-based. PostHog processes analytics exclusively in the EU. Cross-border transfers to non-EU countries are covered by Standard Contractual Clauses (SCCs).

6a. Legal basis (India — DPDP Act 2023)

For users in India, we comply with the Digital Personal Data Protection Act, 2023. We collect and process personal data only for the purposes described in this policy. You have the right to:

  • → Access — request information about personal data we hold.
  • → Correction — ask us to correct inaccurate data.
  • → Erasure — request deletion of your personal data.
  • → Grievance redressal — contact our designated grievance officer, Nilabh Ranjan, at nilabh@yohaanei.com. We respond within 30 days.

7. Your rights

Under GDPR and applicable law, you have the right to:

  • → Access — request a copy of data we hold about you.
  • → Deletion — ask us to erase your data. See below.
  • → Portability — receive your data in a machine-readable format.
  • → Correction — ask us to fix inaccurate data.
  • → Withdraw consent — unsubscribe from the waitlist or marketing emails at any time.
  • → Object — object to processing based on legitimate interests (e.g. analytics). We will stop unless we have compelling grounds.
  • → Restrict processing — ask us to pause processing your data while a dispute is resolved.

To exercise any right, email nilabh@yohaanei.com. We respond within 30 days.

7a. Deleting your account

One button. No friction. No waiting on hold.

If you have a Yohaanei account, you can request deletion directly from the menu — no email to send, no form to fill. Open the menu, scroll to Delete account, type the confirmation phrase, and submit. We process it within 30 days.

What gets deleted: your email address, subscription record, usage history, referral data, and your account entirely. What does not exist to be deleted: your conversation content and brain dumps — we never stored them.

8. Data retention

Email addressUntil you request deletion or delete your account
Feedback ratings12 months, then anonymised
IP addressesTemporarily, for abuse prevention. Automated purge in progress.
Usage metadata12 months, then aggregated
Referral dataUntil you delete your account
Residence expiry dateUntil you delete your account or it naturally expires
Deletion request recordRemoved when your account is deleted (within 30 days of request)

9. Data breach notification

If a data breach occurs that affects your personal data, we will notify you by email within 72 hours of becoming aware of it. The notification will describe what happened, what data was affected, and what steps we are taking. Where required by law, we will also notify the relevant supervisory authority (e.g. the ICO for UK users, the relevant EU DPA for EEA users).

10. Children

Yohaanei is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has submitted personal data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy. Material changes will be communicated to account holders and waitlist subscribers by email before they take effect. The "Last updated" date at the top will always reflect the current version.

Terms of ServiceBack to Yohaanei