Legal

Privacy Policy

Last updated: May 2026 · GDPR compliant

Note: This is a working draft. Have it reviewed by a GDPR-qualified legal professional before going live.

1. Who We Are

The data controller is [YEWW LEGAL ENTITY NAME], SIRET [SIREN/SIRET], [FULL ADDRESS], France.

Contact for privacy matters: [PRIVACY EMAIL]

2. What Data We Collect and Why

We collect only what is necessary to operate the platform.

DataPurposeLegal basisRetention
Name, email addressAccount creation, communicationsContractDuration of account + 3 years
Booking details, session historyBooking management, dispute resolutionContract5 years (legal obligation)
Payment status (no card data)Transaction recordsLegal obligation10 years (accounting)
Reviews and ratingsPlatform quality and transparencyLegitimate interestDuration of account
IP address, browser infoSecurity and fraud preventionLegitimate interest90 days

3. Third Parties We Share Data With

We use a small number of trusted third-party services to operate the platform. We do not sell your data to anyone.

Stripe, Inc.

Payment processing. Card details are handled directly by Stripe and never stored by Yeww.

Privacy policy →
Supabase, Inc.

Database and authentication hosting. Data is stored on servers located in the EU (Frankfurt).

Privacy policy →
Resend, Inc.

Transactional email delivery (booking confirmations, notifications).

Privacy policy →

4. Your Rights Under GDPR

As a data subject in the EU you have the right to:

AccessRequest a copy of the personal data we hold about you.
RectificationAsk us to correct inaccurate or incomplete data.
ErasureAsk us to delete your data, subject to legal retention obligations.
PortabilityReceive your data in a structured, machine-readable format.
ObjectionObject to processing based on legitimate interests.
RestrictionAsk us to restrict processing in certain circumstances.

To exercise any of these rights, email [PRIVACY EMAIL]. We will respond within 30 days. You also have the right to lodge a complaint with the French data protection authority (CNIL) at cnil.fr.

5. Cookies

We use a small number of essential cookies to keep you signed in and to secure the platform. See our Cookie Policy for details.

6. Data Transfers Outside the EU

Our primary data storage (Supabase) is in the EU. Some third-party processors (Stripe, Resend) are US-based companies and transfer data under standard contractual clauses (SCCs) approved by the European Commission.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email to registered users. The date at the top of this page reflects the most recent revision.