Privacy Policy

Yoonle (the “Service”, “we”, “us”, “our”) is operated by Yoonle AI. This Privacy Policy describes how we handle personal data when you visit yoonle.com, use the application at app.yoonle.com, or use the Yoonle mobile appfor iOS or Android. Unless a section says otherwise, everything in this policy applies equally to the web and mobile apps — they are clients of the same service and the same account.

For privacy questions, contact us at support@yoonle.com. For data-protection requests specifically, you may also write to privacy@yoonle.com.

We collect data in three categories.

2.1 Data you give us directly

• Account data— email address, display name, username, locale preference, color theme + color mode preferences, and (if you sign up via Google or Apple) the public profile fields the provider returns: name, profile picture URL (Google only), and the provider’s account ID. Apple lets you hide your real email address; in that case we only receive the private relay address Apple generates.
• Onboarding preferences— the interests you pick during onboarding (used to personalise suggestions) and the motivation you select (career / school / hobby / curious). Both can be updated or cleared at any time in Settings.
• Trail content— the topics you ask the AI to teach you, the audience and duration you specify, your goals, and (on the Pro plan) the files you upload as study materials.
• Quiz and duel content— the topics, difficulty, and question count you choose for standalone quizzes; your answers and scores on each attempt; your duel opponent pairings and per-question scoring transcripts.
• Flash card decks— the topics, level, and card count you choose; the generated card fronts, backs, hints, and tags; your study sessions (which cards you flipped and how you rated them).
• AI Tutor conversations— the prompts you send to the in- context tutor (inside trails, inside quiz attempts, and inside flash card decks) and the tutor’s replies. Conversations are scoped to the trail, quiz, or deck they belong to so you can scroll back through them.
• Public profile customisation (Pro)— your bio, the cover image you upload or the preset gradient you pick, and the list of featured trails you choose to highlight.
• Follow graph— the list of Explorers you follow and the list of Explorers following you. Used to power Friends-mode duels and the community feed.
• Progress data— modules you complete, quiz answers, exercise submissions, duel results, XP earned, current streak, streak-freeze state (Pro), achievements unlocked.
• Billing data (Pro plan only)— we do not store your payment card. On the web, card data is handled by our payment processor Stripe. In the mobile app, purchases are processed by Apple (App Store) or Google (Google Play) and relayed to us by our subscription-management processor RevenueCat. In every case we receive only a subscription identifier, plan tier, billing cycle, store of purchase, and current status — never your payment instrument.
• Support correspondence— the content of any emails you send us.

2.2 Data we collect automatically

• Authentication tokens stored in HTTP-only cookies on.yoonle.comso we can keep you signed in. The mobile app does not use cookies; it stores your session encrypted on your device (AES, with the key held in the operating system’s secure keystore).
• Push notification tokens (mobile, opt-in)— if you grant notification permission in the mobile app, we store the push token issued for your device along with a device label (brand + model, e.g. “Google Pixel 9”), the platform (iOS / Android), and the app version, so we can deliver notifications and let you manage per-device delivery. Tokens are deactivated when you sign out and deleted with your account. If you never grant permission, no token exists.
• Telemetry essential to the product: which paywalls you saw, which trails you created, anonymous error reports. We do not use third-party ad-tracking or behavioural-advertising cookies.
• Server logs retained for up to 30 days containing IP address, user-agent, and request path. Used for security investigations and debugging.

2.3 Image uploads — avatar & cover (Pro plan only)

Pro subscribers can upload two kinds of profile images: a custom avatar (square headshot) and a custom cover image (banner on the public profile). Both uploads run through the same automated content-safety pipeline; the only material difference is the output size (avatar normalised to 256×256, cover to a wider banner aspect).

• What is sent for moderation. Before we store your image, we send a copy to Microsoft Azure AI Content Safety for automated screening against four categories (hate, self-harm, sexual, violence). Azure returns category severity scores; uploads at or above our severity threshold are rejected and the image bytes are discarded immediately (only the rejection metadata is retained).
• What is stored.Accepted uploads are normalised server-side (avatars resized to 256×256, covers center-cropped to 1600×400 (4:1), re-encoded as WebP at quality 80, EXIF metadata stripped — including any GPS coordinates) and stored encrypted at rest in Microsoft Azure Blob Storage in the EU region. For avatar uploads we also persist the file’s SHA-256 hash, byte size, content type, and the four Azure severity scores in an internal audit table (avatar_uploads) so that we can detect duplicate uploads, enforce the daily cap, restore the previous upload after a Pro→Free downgrade, and respond to abuse reports. For coveruploads we only persist the final image URL on your profile row plus an in-process daily counter (no forensic table), because there is no “restore previous cover” flow on resubscription.
• Cover-image alternative. Instead of uploading, Pro subscribers can pick from a small library of six preset gradient covers (sunrise, forest, ocean, coral, aurora, dusk). Preset choices are stored as a short identifier on your profile row; no image bytes are involved. Choosing a preset clears any previously uploaded cover from your displayed banner; the previously uploaded image bytes are deleted from Azure Blob Storage as part of that swap (the cover pipeline does not retain “restore later” copies).
• What is NOT stored.We do not retain the original uploaded bytes, the original filename, or any EXIF metadata. We do not store the bytes of rejected uploads — only the rejection metadata (timestamp, reason, severity scores).
• Retention. Your stored avatar is retained until you replace it, delete your account, or ask us to delete it. If your Pro subscription ends, we keep the most recently verified avatar upload on your account (but do not display it on the Free plan) so that you can restore it if you resubscribe. The cover image, by contrast, is removed from Azure Blob Storage at the moment you pick a preset or upload a replacement (no resubscription restore flow). You may ask us to delete any stored upload at any time by emailing privacy@yoonle.com.
• Rate limit. Pro users may upload up to 10 distinct avatars per UTC day and a separate cap of 5 cover images per UTC day. Re-uploading the same image (same SHA-256) does not count against the avatar limit.

2.4 AI Tutor conversations

The AI Tutor (available inside trails and quiz attempts) is a chat surface backed by the same Azure-hosted Large Language Model used for trail generation (see § 4).

• What is stored. Every turn you send to the tutor and every reply the tutor returns is stored on our database, scoped to the trail or quiz the conversation belongs to. You can scroll back through the history at any time.
• No model training on your conversations.Per our Azure agreement, your tutor prompts and the tutor’s replies are not used by Microsoft, OpenAI, or any third party to train or improve models.
• Rate accounting. The number of tutor turns you spend per day is tracked on your account to enforce the per-plan cap. The counter resets daily; it does not contain conversation content.
• Retention. Tutor conversations are deleted when you delete the associated trail / quiz, or when you delete your account.

2.5 Publicly visible profile data

Every Explorer has a public profile at app.yoonle.com/u/<username>. The following fields are visible to anyone with the link (and surface on the community leaderboard, podium, duel result screens, and any other place your identity appears).

• Display name, @username, avatar, member-since date, followers / following counts, Founding Explorer number (if applicable).
• Your top 3 XP categories with the XP total and per-category global rank pill (computed from the all-time leaderboard).
• Your recently unlocked achievements (up to 8 surfaced on the overview, full list on /u/<username>/achievements).
• Your public trails and quizzes— the lists, counts, and the detail pages for any trail / quiz you have marked as public. Pro subscribers may pin up to 6 of those public trails as “featured”, which surface in a dedicated strip on the profile.
• Total XP appears on the public leaderboard at /community/leaderboard for users with non-zero XP. Profile pages themselves surface XP only per category (above).
• Streak milestones may appear as one-off “reached a {N}-day streak” events in the activity feed at /community/activity, but your current streak count and streak-freeze state are not displayed on the public profile page.
• Pro customisation fields if set: cover image (or preset-gradient identifier), bio. These are stored even on the Free plan (so a Pro→Free downgrade does not lose the data) but are only displayed publiclywhile the owner’s tier is Pro.

What is NOT public: your current learner level, your raw streak count, your streak-freeze inventory, your in-progress trails, quiz attempt details, individual quiz answers, duel transcripts, AI tutor chats, your interests, your learning motivation, your email, your billing data, and anything in your Settings. Trails you mark as private never surface on your public profile or in search; trails you mark as public can be linked to but their detail page only shows the outline, not your personal progress through them.

You can change your username at any time in Settings. Changing it does not automatically redirect old profile URLs — treat the username URL as a public identifier and update any places you have shared it.

2.6 Data we do NOT collect

• We do not collect or store payment-card details.
• We do not use third-party advertising or analytics SDKs that profile you across the web (no Google Analytics, no Facebook Pixel, no LinkedIn Insight Tag). The mobile app does not read or use the device advertising identifier (IDFA / Android Advertising ID).
• We do not collect your location. Your language preference comes from your explicit choice or your device’s locale setting, not from where you are.
• We do not access your contacts, calendar, microphone, or camera. The mobile app only reads your photo library or files when you explicitly pick an image (avatar, cover) or a document (study materials) — and only the item you picked.

We use your data only for the purposes listed below, and only when we have a lawful basis.

We do not use your trail content, materials, or progress data to market other products to you. We do not profile you for behavioural advertising.

Several Yoonle features are powered by a Large Language Model (“LLM”) running on Microsoft Azure AI Foundry in EU data centres. The same infrastructure handles all of them.

• Trail generation— we send the topic, audience, duration, your goal, and any materials you upload (Pro).
• Quiz generation— we send the topic, difficulty, question count, and (when used inside a trail) the surrounding trail context so that questions stay on-curriculum.
• Flash card deck generation— we send the topic, level, card count, your goals, and any materials you upload (Pro) so the model can draft the fronts, backs, hints, and tags.
• AI Tutor conversations— we send each new chat turn along with the surrounding context the tutor needs to answer (e.g. the trail module you are reading, the quiz question you are stuck on, or the flash card you just flipped). Chat history is replayed on every turn but is not used for any other purpose.
• Practice grading & explanations— we send your answer/submission to be scored and to produce a short explanation.

The following guarantees apply to every AI feature above.

• No model training on your data. Per our Azure agreement, your inputs and outputs are not used by Microsoft, OpenAI, or any third party to train or improve models.
• Transient processing. Azure may briefly retain your prompts for abuse monitoring (up to 30 days, EU region). After that, content is discarded by Azure. We retain the generated trail / quiz / tutor reply in our database so you can resume learning.
• Your prompts and materials are tied to your account. Other users cannot see your trail content, quiz attempts, uploaded materials, or tutor conversations.
• Quality evaluation. We may sample anonymised, aggregated metadata about generation runs (token counts, latency, error rates) to improve quality. We do not read your trail content, quiz answers, or tutor conversations for this purpose.

We use the following sub-processors. Each is contractually bound to handle your data only on our behalf and to apply security safeguards equivalent to ours.

Where a sub-processor operates outside the EEA, transfers are protected by Standard Contractual Clauses (SCCs) and supplementary measures consistent with the EDPB’s post-Schrems II guidance. The current sub-processor list will be kept up to date on this page.

• Account data(including onboarding interests and motivation, username, color theme / color mode preferences) — for as long as your account is active. After account deletion, we permanently erase it within 30 days (with a 90-day backup-rotation grace period).
• Trails & progress(modules, exercises, quiz attempts inside a trail, achievements, XP, streak history) — same as account data; deleted with the account.
• Standalone quizzes & duels(quiz attempts, duel pairings, per-question transcripts, scores) — deleted when you delete the quiz, the duel, or your account.
• Flash card decks & study sessions(card fronts, backs, hints, tags, your per-card ratings, and session timestamps) — deleted when you delete the deck or your account.
• AI Tutor conversations— deleted when you delete the associated trail, quiz, or flash card deck, or when you delete your account.
• Public profile customisation (Pro)(bio, featured-trail picks, preset-cover choice) — deleted with the account; you can clear or change any field at any time in Settings.
• Follow graph— the lists of who you follow and who follows you are deleted with your account. Unfollowing someone removes the edge immediately.
• Avatar & cover-image uploads (Pro)— until you replace the image, delete your account, or ask us to delete it. After a Pro→Free downgrade we keep the most recently verified upload on your account so you can restore it on resubscription; you can request earlier deletion via privacy@yoonle.com. Rejected upload bytes are discarded immediately; rejection metadata (timestamp, reason, severity scores) is retained for 90 days for abuse-prevention.
• Generated exports (Pro)— PDF and Markdown exports of your trails / quizzes are generated on demand and streamed back to your browser. We do not retain a server-side copy after the response is sent.
• Push notification tokens (mobile)— deactivated when you sign out on that device, and deleted with your account. You can also withdraw notification permission at any time in your device settings, after which the token stops working.
• Billing records— retained for 7 years to comply with tax law. Records held by Apple or Google about purchases you made through their stores are governed by their own retention policies.
• Server logs— up to 30 days, then auto-deleted.
• Support emails— up to 2 years, then auto-deleted.

If you live in the EEA, the UK, or Switzerland, GDPR gives you the following rights. Even outside those regions, we honour these rights for all users as a matter of policy.

• Access— ask for a copy of the data we hold about you.
• Rectification— correct inaccurate data.
• Erasure (“right to be forgotten”)— delete your account and associated data yourself from Settings → Account on the web or in the mobile app, or ask us to do it. See the account deletion guide for exactly what is removed.
• Portability— receive your trail, quiz, and flash card deck data in a structured, machine-readable format (JSON). Pro subscribers can also generate Markdown or PDF copies of any completed trail or quiz, and Markdown or Anki-TSV copies of any completed flash card deck, directly from the app (see the “Sharing and exporting” guide).
• Restriction & objection— ask us to pause certain processing or object to processing based on legitimate interest.
• Withdraw consent— where processing relies on consent, you can withdraw it at any time without affecting prior processing.
• Lodge a complaint with your local supervisory authority. EU users can find theirs at the EDPB members page.

How to exercise your rights: email privacy@yoonle.com from the address on your account. We respond within 30 days as required by GDPR Art. 12(3).

California residents (CCPA/CPRA):you have rights to know what we collect, to delete it, to correct it, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioural advertising. Submit requests to the same address above.

We use a small number of cookies and browser-storage entries, all strictly necessary or functional. Under the EU ePrivacy Directive (Article 5(3)), localStorage and cookies are treated the same way; both are listed below for transparency.

We do not use any third-party advertising or analytics cookies. Because all cookies we set are strictly necessary or functional, no consent banner is shown under EU ePrivacy rules.

The mobile app does not use cookies. It keeps the equivalent functional state (your session, language, and display preferences) in encrypted on-device storage, which never leaves your device except for the session token sent with each API request.

Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database access is restricted by Postgres Row Level Security so each user can only read their own rows. We use OAuth and one-time email codes for authentication; we never store passwords. Internal access to production data is limited to a small number of employees, audit-logged, and used only to investigate user-reported issues with the user’s consent.

No system is perfectly secure. If you notice anything suspicious about your account or believe there has been a security incident, please email security@yoonle.com immediately. We commit to notifying affected users within 72 hours of becoming aware of a personal-data breach, in line with GDPR Art. 33.

Yoonle is intended for users aged 13 and over. If you live in a country where the law sets a higher minimum age for consenting to the processing of personal data (for example, certain EEA countries set it between 14 and 16 under GDPR Art. 8), that higher age applies to you. We do not knowingly collect personal data from anyone below the applicable minimum age. If you become aware that a child below that age has provided us personal data without parental consent, please contact us so we can delete it.

We may update this Privacy Policy from time to time. When we do, we update the “Last updated” date at the top of the page. For material changes that affect your rights, we will notify you by email at least 30 days before they take effect.

For any questions about this policy or our handling of your data, contact us at privacy@yoonle.com. For general support, use support@yoonle.com.