← Back to home

Privacy Policy

Last updated: April 11, 2026

1. Who we are

yitsight (“we”, “us”, “the service”) is an AI-powered study assistant operated as an independent project. The service is available at yitsight.com. Contact: yitlicious@gmail.com.

2. Scope

This policy covers the yitsight web application. It does not cover third-party services you connect (Google, etc.) — those are governed by their own privacy policies.

3. What we collect

3.1 Account data

  • Email address (for sign-in)
  • Profile preferences you enter during onboarding: study style, pet type, subjects, motivations
  • Authentication metadata from Supabase (user ID, timestamps)

3.2 Study content you create

  • PDF documents you upload, and text extracted from them
  • Chat messages exchanged with the AI assistant (stored so you can see history across sessions)
  • Quiz results, flashcards, summaries, and workspaces you create
  • Pomodoro session logs, XP history, achievements, and study heatmap data

3.3 Google user data (if you connect a Google account)

If you choose to connect Google, we request read-only access to:

  • Gmail (gmail.readonly) — to fetch a small number of recent email subjects and senders for your daily summary and to let you ask questions like “what emails do I have?” in chat. We do not read email bodies beyond what the AI needs to answer your immediate question, and we do not store full email contents.
  • Google Calendar (calendar.readonly) — to fetch upcoming events for your daily summary and to answer questions like “what's on my calendar this week?” We do not store event contents beyond the duration of a single request, except for titles and times shown on your dashboard.

We never: modify, delete, send, or share your Gmail or Calendar content; use your Google data for advertising; sell it; or transfer it to anyone else.

Use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.4 Technical data

  • Standard web server logs (IP address, user agent, request timestamps) retained for up to 30 days for security and debugging
  • Usage counters (number of chats, quizzes, etc.) per day, used to enforce fair-use limits during beta

4. How we use your data

  • To provide the study features you requested (summaries, flashcards, quizzes, chat, etc.)
  • To send AI prompts and retrieve responses from OpenAI
  • To fetch your email/calendar data from Google when you use those features
  • To track your progress (XP, streaks, achievements)
  • To enforce per-user daily usage limits during beta
  • To debug errors and improve reliability

We do not use your personal data to train AI models, and we do not use it for advertising.

5. Third-party services (sub-processors)

To operate yitsight, we send data to the following services:

  • Supabase — authentication, database, file storage. Data is stored on Supabase infrastructure.
  • OpenAI — we send chat messages, uploaded PDF text, and study content to OpenAI's API to generate responses. Per OpenAI's API data policy, API data is not used to train their models.
  • Google APIs — if you connect Google, we fetch your Gmail/Calendar data directly from Google's servers using the access token you authorized.
  • Hetzner Cloud — server hosting provider (Germany/ Finland).
  • Cloudflare — DNS provider.
  • Let's Encrypt — TLS certificate authority.

6. Data retention

  • Account + study content: retained until you delete your account or individual items
  • Google access tokens: encrypted at rest; automatically deleted when Google expires the refresh token (currently weekly, during beta), or when you disconnect in Settings
  • Server logs: up to 30 days
  • Usage counters: aggregated daily; individual records kept for 90 days

7. Security

  • All traffic encrypted in transit via HTTPS/TLS 1.2+
  • Google OAuth tokens encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256)
  • Row-Level Security enforced on Supabase tables
  • Access gated by short-lived JWTs from Supabase Auth
  • Invite-only during beta

No system is perfectly secure. If you believe you've found a vulnerability, please email yitlicious@gmail.com.

8. Your rights

You can at any time:

  • Access your data — use the app to view your chats, uploads, quizzes, etc.
  • Disconnect Google — Settings → Google → Disconnect (revokes tokens immediately)
  • Delete individual items — PDF uploads, chats, workspaces
  • Delete your entire account — email yitlicious@gmail.com. We will delete all your data within 7 days.

You can also revoke yitsight's Google access directly at myaccount.google.com/permissions.

9. Children

yitsight is intended for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, email yitlicious@gmail.com and we will delete the account.

10. International transfers

yitsight is hosted in the EU (Hetzner, Germany/Finland). Sub-processors (OpenAI, Google, Supabase) may process data in the United States and other jurisdictions.

11. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced in-app or via email. The “Last updated” date at the top reflects the most recent revision.

12. Contact

Questions, requests, or complaints: yitlicious@gmail.com

Terms of Service·Home