Privacy Policy
Last updated: July 15, 2026
Introduction
Yellaro is a managed email-list service operated from Belgium. This policy covers personal data we collect about Yellaro customers (account holders) and visitors to yellaro.com.
It does notcover the data your subscribers provide to you. That’s between you and them. You are the data controller, and we act as the processor on your behalf.
What we collect
For account holders
- Email address, name, and billing details (collected at signup).
- Payment data, handled by Stripe. We don’t store card numbers.
- Usage data: logins, settings changes, support requests.
- Sending metadata such as volume, bounce rates, and complaint rates, used to operate the service.
For visitors to yellaro.com
- Standard server logs (IP address, user agent), retained for 30 days for security purposes.
- If you join the waitlist while signups are closed, the email address you submit. We use it solely to notify you when signups reopen. It is not used for any other marketing, and you can ask us to remove it at any time by emailing hello@yellaro.com.
What we don’t collect
- We don’t use third-party advertising trackers.
- We don’t sell or share your data with marketers.
- We don’t track your behavior across other websites.
How we use your data
- To provide and operate the service.
- To bill you and prevent fraud.
- To respond to support requests.
- To notify you of important service changes.
- To comply with legal obligations.
Accessing your account
We do not monitor or track your activity inside your dashboard or hosted instance in the ordinary course. The one exception is where we have cause to investigate suspected abuse or a violation of our Acceptable Use Policy, as described in that policy, in which case we may access your account and content to the extent necessary for that investigation.
Subprocessors
We use the following services to operate Yellaro:
- Hetzner: hosting (EU region).
- Stripe: payment processing.
- Cloudflare: DNS and CDN.
- Umami: cookieless analytics, self-hosted on Yellaro infrastructure in Helsinki. Records page URL, referrer, user agent, and country with a daily-rotating hashed IP; no cross-site tracking. Used on public marketing pages only, not on the customer dashboard or admin.
Your rights (GDPR)
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (the “right to be forgotten”).
- Export your data in a portable format.
- Object to processing or restrict it.
- Lodge a complaint with your data protection authority.
To exercise any of these, email hello@yellaro.com. We respond within 30 days.
Data retention
- Account data is retained while your account is active and for 30 days after cancellation.
- Billing records are retained for 7 years (legal requirement).
- Server logs are retained for 30 days.
Cookies
yellaro.com uses essential cookies only, for session management. We use privacy-respecting cookieless analytics on our public marketing pages to understand which content is useful, and we don’t use advertising cookies.
Changes
We may update this policy. Material changes will be communicated via email to active account holders.
Contact
Data protection questions: hello@yellaro.com or use our contact form.