Privacy Policy

• We do not store your raw prompts. When your AI tool calls our MCP endpoint, the user message is held in memory only long enough to compute a topic classification. The message text is not written to our database, our logs, or any backup.
• We do not store the assistant's responses. Whatever ChatGPT or Claude says back to you stays between you and them.
• Phase 2 intelligence extraction is opt-in per person. Concept extraction only runs against sessions belonging to users who have explicitly granted consent.
• Behavioral signals only by default. We measure effectiveness from copy/share/iteration patterns and session metadata — not content.
• You can export or delete your data at any time. Delete is real (rows removed), not a soft-flag.

Account data

Email (stored as a one-way SHA-256 hash, not in plaintext), display name, role, department, job title, and the authentication password (Argon2 hash). We use this to authenticate you and route requests to your workspace.

Session metadata

Each AI session your team has via the MCP integration writes a row containing:

• A SHA-256 hash of the topic (one-way; cannot be reversed)
• A fixed-vocabulary topic category (e.g. process_gap.reporting) — derived in-memory from your message and never reflects the message itself beyond the bucket it falls into.
• A short (up to 120 characters) topic snippet that has been passed through our PII-redaction pipeline (emails, phone numbers, URLs, IPs, API keys, and title-prefixed names are masked). This snippet is used only by the workspace-admin "Ask Yore" analysis page so that report can read meaningful theme groupings; it is never returned to other dashboards or re-injected into AI prompts beyond the analysis polarity classifier and the embedding model.
• Timestamps and the AI platform identifier (chatgpt or claude).
• Iteration count and behavioral flags (was the response copied, was it shared).

We do not store the original full message. The combination of the hash, category, and 120-character redacted snippet is the minimum footprint we found necessary to power the dashboard features described on the marketing site.

Knowledge graph (Phase 2, opt-in)

With your individual consent, we extract concepts from your session topics through a three-pass anonymization pipeline (PII redaction → consent-level filtering → differential privacy noise) and store the resulting concepts as nodes in your workspace's knowledge graph. The pipeline runs on text derived from your sessions only — it never touches a non-consenting teammate's data.

Billing data

We use Stripe to process subscriptions. Stripe stores card details under their PCI-DSS Level 1 certification; we store only the Stripe customer ID and subscription ID. Refer to Stripe's privacy policy for their data handling.

Operational logs

Web server logs (IP address, user agent, request path) are kept for 30 days for security and rate-limiting. Sentry error reports are configured to redact passwords, tokens, cookies, and API keys before they leave the process.

• The text of your prompts to ChatGPT or Claude.
• The text of the AI's responses.
• The contents of files you share with the AI in your regular conversations.
• Cross-workspace data — every workspace is isolated; we cannot read across them and the codebase enforces this via per-workspace authorization on every request.

We use the following sub-processors under contract:

• Stripe — payments. Card data only.
• Anthropic — Claude Haiku for Phase 2 concept extraction (only against opt-in users' anonymized data) and for intent classification of session categories.
• OpenAI — embedding model for vector similarity search (text-embedding-3-small).
• Pinecone (production) / pgvector (development) — vector storage for memory blocks.
• Railway — application + database hosting.
• Sentry — error monitoring (PII scrubbed).
• PostHog — product analytics on the marketing site and dashboard funnel events.
• Cloudflare — DNS and (when enabled) Turnstile CAPTCHA on signup.

We do not sell or rent your data. We do not use it to train third-party models.

Under GDPR / CCPA / equivalent regimes, you have the right to:

• Access — see what we have on you.
• Correct — fix anything that's wrong.
• Delete — remove your data; the dashboard's privacy page exposes a one-click "Delete my extracted knowledge" action that removes only your contributions and leaves teammates' data intact.
• Export — get your data in a machine-readable format.
• Withdraw consent — turn off Phase 2 extraction at any time. New sessions stop being eligible immediately; existing extracted concepts can be deleted with the action above.

Email privacy@getyore.com for any of these. We respond within 30 days.

• Session metadata: kept until you delete the workspace, then hard-deleted.
• OAuth tokens: revoked tokens are zeroed at 7 days and hard-deleted at 90 days.
• Skill score history: rolled up monthly; per-day rows are purged after 365 days.
• Login attempt records: 30-minute rolling window.
• Operational logs: 30 days.
• Privacy audit log (consent grants, revocations, deletions): retained for the lifetime of the workspace.

All traffic is HTTPS. Database is encrypted at rest. OAuth tokens are encrypted with AES-256-GCM before persistence. Passwords are hashed with Argon2 (memory-hard, adaptive parameters). JWTs are short-lived (1 hour) with revocation via a Redis blocklist; refresh tokens last 14 days. The production deploy refuses to start with placeholder secrets or test-mode billing keys.

We don't claim "zero-knowledge" because some metadata necessarily flows through our systems. We claim privacy by architecture: the smallest possible footprint, opt-in for anything that touches an LLM, anonymization for everything that does, and the code's privacy guarantees are continuously verified by the test suite.

Yore is a B2B service and not intended for users under 16. We do not knowingly collect data from children.

We'll update this page (and the "Last updated" date at the top) when our practices change. Material changes will also be communicated via email to workspace admins.

Yore AI, Inc. — privacy questions: privacy@getyore.com