Privacy Policy
Last updated: 9 June 2026
1. Introduction
Yogen is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contact: michael@yogen.uk
2. Data We Collect
Account information:
- Email address and bcrypt-hashed password (we never store plain-text passwords)
- Subscription plan and simulation count
Simulation data:
- Ideas, questions, and decisions you submit for simulation
- Documents you upload as context
- Prediction reports generated from your submissions
Payment data:
- We use Stripe to process payments. We do not store your card details.
- We retain your Stripe customer ID and subscription status.
Technical data:
- Session authentication token (stored in your browser)
- Usage logs (simulation counts, dates) — retained for 12 months
We do not use tracking cookies, analytics, or advertising pixels.
3. How We Use Your Data
- To run simulations — your submitted idea is sent to the Anthropic Claude API, which powers our AI agents
- To manage your account — authentication, plan tracking, simulation history
- To process payments — via Stripe for subscription billing
- To enforce usage limits — tracking simulations used per billing period
- To prevent fraud and maintain security — usage log analysis
- To comply with legal obligations — HMRC tax record-keeping
We do not use your simulation content to train AI models.
4. Legal Basis for Processing
- Contract — account management, running simulations, processing payments, storing reports
- Legitimate interests — security, fraud prevention, usage logging
- Legal obligation — financial records (7-year retention under HMRC rules)
5. Third-Party Services
We share data with the following processors, each bound by a Data Processing Agreement:
| Processor | Purpose | Location |
|---|
| Anthropic | AI processing of your simulation inputs | USA |
| Stripe | Payment processing | USA |
| Hosting provider | Infrastructure | TBC |
Important about Anthropic: your simulation inputs (the ideas you submit) are sent to Anthropic's API. We have confirmed via our agreement with Anthropic that API inputs are not used to train their models. Transfers to the US are protected under Standard Contractual Clauses (UK IDTA).
We do not sell your data to third parties.
6. Data Retention
- Account data — retained while your account is active, deleted within 30 days of account closure
- Simulation inputs and reports — retained in your account until you delete them or close your account
- Payment records — 7 years (HMRC legal requirement)
- Usage logs — 12 months
7. Security
- HTTPS/TLS encryption for all traffic
- Bcrypt-hashed passwords — never stored in plain text
- Session-based authentication
- Stripe's PCI-DSS Level 1 infrastructure for payment data
- Access to production data limited to authorised personnel
In the event of a personal data breach, we will notify affected users and the ICO within 72 hours as required by UK GDPR.
8. Your Rights Under UK GDPR
You have the right to:
- Access — request a copy of your personal data
- Rectify — correct inaccurate data
- Erase — delete your account and associated data
- Restrict — pause processing in certain circumstances
- Portability — receive your data in a structured format
- Object — to processing based on legitimate interests
To exercise any of these rights, email michael@yogen.uk. We respond within 30 days.
You also have the right to complain to the UK Information Commissioner's Office: ico.org.uk · 0303 123 1113.
9. Cookies
We use a strictly necessary session token to keep you logged in. It is stored in your browser and is not shared with third parties. We do not use tracking or advertising cookies.
10. Children's Privacy
Yogen is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.
11. Special Category Data
Please do not submit sensitive personal information (health data, financial account details, identity documents) through the simulation interface. Yogen is not designed to process it and we have no legal basis to do so.
12. Changes to This Policy
We will notify you of material changes by email at least 14 days before they take effect.
13. Contact
Email: michael@yogen.uk
Subject line: "Privacy Request"