Privacy Policy

1. Introduction

Yak ("we", "us", or "our") is a desktop voice-to-text application that uses AI-powered transcription. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Yak desktop application, our website (getyak.app), and our cloud services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

Account Information

• Email address
• Password (stored as a cryptographic hash, never in plain text)
• Display name (if provided)
• OAuth provider identifiers (if you sign in with Google or GitHub)

Device Information

• Device identifier (used for license activation and device management)
• Operating system type and version

Subscription & Payment

• Subscription type and status
• Payment transaction records
• We do not store your credit card numbers or full payment details — these are handled entirely by our payment processor

Usage Data

• Transcription usage (minutes consumed per week)
• Feature usage statistics (aggregated and anonymized)

Website Data

• Cookies for authentication and preferences
• Access logs (IP address, browser type, pages visited)

3. Audio & AI Data Processing

This is the most important section of our privacy policy. Yak processes audio data to provide transcription services. Here is exactly how your audio data is handled:

Yak Cloud mode (default):

• Data flow: Microphone → Yak application → Yak Cloud server → Vertex AI → transcription text returned through Yak Cloud → your local device.
• Audio is not stored: Our cloud server forwards your audio to Vertex AI for processing and does not store, cache, or log any audio data.
• Transcription text is not stored: The resulting transcription text passes through our cloud server in transit but is not persisted or logged. Only usage metadata (duration, timestamps) is recorded for billing purposes.

BYOK mode (Bring Your Own Key):

• Data flow: Microphone → Yak application → AI service provider → transcription text returned directly to your local device.
• Yak does not intermediate: Audio data flows directly between your device and the AI service provider using your own API key. Yak's servers are not involved.

Common to both modes:

• Transcription results stay local: The final transcription text is stored only on your local device and is never persisted on Yak's servers.
• Vertex AI zero data retention: Vertex AI operates under a zero data retention policy — your audio is processed and immediately discarded. It is never stored, never used for model training, and never reviewed by humans.

4. Proxy Relay Service

Yak offers an optional proxy relay service (relay.getyak.app) that routes API requests for users who experience network connectivity issues.

• The relay only forwards requests — it does not store, log, or inspect any audio or transcription content.
• IP addresses are temporarily recorded for rate limiting purposes only and are not associated with your account.

5. How We Use Your Data

We use the data we collect to:

• Provide, maintain, and improve the Service
• Process subscriptions and payments
• Manage device activations and license enforcement
• Send service-related notifications (e.g., subscription renewal, security alerts)
• Improve the product through aggregated, anonymized usage statistics

We will never sell your personal data to third parties.

6. Third-Party Services

We use the following third-party services to operate Yak:

• Vertex AI — audio transcription processing. Vertex AI holds compliance certifications including SOC 2, ISO 27001, and HIPAA.
• Payment processor — subscription and payment handling. We do not have direct access to your full payment details.
• OAuth providers (Google, GitHub) — used solely for authentication when you choose to sign in with these services.

7. Data Security

• Authentication tokens are stored using your operating system's secure credential storage.
• All network communication uses HTTPS/TLS encryption.
• Passwords are stored using industry-standard cryptographic hashing algorithms.
• Two-factor authentication (2FA) is available via authenticator apps or email codes.

8. Data Retention

• Account data: Retained until you delete your account.
• Audio data: Not retained. Processed in real time and immediately discarded.
• Transcription results: Stored only on your local device, managed entirely by you.
• Usage statistics: Retained in aggregated, anonymized form for product improvement.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your account and associated data.
• Right to restrict processing — request that we limit how we process your data.
• Right to data portability — request your data in a commonly used format.
• Right to object — object to specific data processing activities.

California residents (CCPA): You have the right to know what personal information is collected, request deletion, and opt out of any sale of personal information. We do not sell personal information.

To exercise any of these rights, please contact us at [email protected].

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the Service. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].