Privacy Policy
This Privacy Policy describes how Kilikia LLC ("YesCrow", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use the YesCrow mobile application and related services (the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described below.
Contents
1. Scope
This policy applies to the YesCrow mobile app (iOS and Android), our website at yescrow.online, and our backend API. It does not apply to third-party services we integrate with (Stripe, Apple, Google, etc.), which have their own privacy policies. Where we link to such services, your data is also subject to their respective terms.
2. Information we collect
Information you give us
- Account data: email address, name, username, password (hashed), phone number (optional), and profile photo (optional).
- Deal & transaction data: details you enter when creating a deal — title, amount, contract terms, counterparty, conditions, and dispute reasons.
- Communications: messages and comments you exchange with other YesCrow users on the platform.
- Evidence files: documents or images you upload to support a dispute (held in secure object storage).
- Identity verification: if you choose to verify your identity, we collect and process the data required (e.g., government ID, selfie). This is optional unless required by law or Stripe risk policies.
Information we collect automatically
- Device & usage data: device model, OS version, app version, language preference, IP address, user agent, crash logs, and approximate location (country level).
- Authentication events: login timestamps, session identifiers, and the device/IP used (for security alerts on new device logins).
- Push notification tokens: if you allow notifications, we store the APNS or FCM token assigned to your device.
Information from third parties
- OAuth providers (Google, Apple): if you sign in with Google or Apple, we receive your email, name, and a unique provider identifier. We never receive your password.
- Stripe: tokenized payment-method data (last four digits, card brand, country) and transaction status. We never see or store full card numbers.
3. How we use your information
- Operate the Service: authenticate you, create and process deals, hold funds via Stripe, release funds when conditions are met, and handle disputes.
- Send transactional emails: welcome, email verification, password reset, deal events (signed, funded, delivered, released, refunded), and dispute notifications. We use Resend as our email delivery provider.
- Maintain security: detect fraud, prevent abuse, enforce rate limits, and alert you to suspicious logins.
- Improve the Service: anonymized analytics on which features are used most.
- Comply with legal obligations: respond to lawful requests from authorities, tax reporting, anti-money-laundering checks.
We do not use your data for advertising, sell it to data brokers, or share it for any purpose not described here.
4. Sharing & third parties
We share your data only with these recipients, and only as needed:
- Stripe, Inc. — payment processing, fraud prevention, and payouts. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
- Resend — transactional email delivery on our behalf.
- Hosting providers — Hostinger (server hosting) and Amazon Web Services (Stripe's email infrastructure). Both are bound by Data Processing Agreements.
- Counterparties on YesCrow — when you enter a deal, the other party sees your username, name, profile photo, trust score, and the deal details. They do not see your email unless you explicitly share it.
- Legal authorities — only when required by law (subpoena, court order) or to protect the rights, safety, or property of users.
We do not sell or rent your personal information.
5. Payments & financial data
All payments on YesCrow are processed by Stripe, Inc. Card data is collected and stored directly by Stripe — Kilikia LLC never sees, transmits, or stores raw card numbers, CVV codes, or full account numbers. We retain transaction metadata (amount, status, timestamps, Stripe IDs) for accounting, tax compliance, and dispute resolution as required by law (typically 7 years for US-based businesses).
6. Data retention & deletion
We keep your information only as long as needed:
- Active account: for as long as your account exists.
- Deleted account: within 30 days of your deletion request, we anonymize your personal data. We retain transaction records (with PII removed) for 7 years to comply with US tax and financial regulations.
- Stripe disputes & chargebacks: retained for the statutory period required by Stripe and applicable law.
You can request deletion at any time inside the app (Settings → Delete account) or by emailing support@yescrow.online.
7. Security
We implement multiple layers of protection:
- TLS 1.3 encryption for all data in transit (Let's Encrypt certificates).
- Argon2id hashing for passwords (industry standard, slow-to-crack).
- JWT access tokens with short expiration and refresh-token rotation.
- Database encryption at rest, isolated Docker containers, firewalled VPS.
- Stripe PaymentSheet — card data never touches our servers.
- Audit logging of admin actions and money movements.
- Optional 2FA (coming soon) and email alerts for new device logins.
No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours where required by GDPR or applicable US state laws.
8. Your rights
For users in California (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, and share about you.
- Access a copy of your personal information.
- Delete your personal information (with limited statutory exceptions).
- Correct inaccurate information.
- Opt out of "selling" or "sharing" — we do not sell or share, so this is already the default.
- Limit use of sensitive personal information — we already limit sensitive info to what's strictly necessary.
- Non-discrimination — we will not deny service or charge a different price for exercising your rights.
To exercise these rights, email support@yescrow.online from the email address on your account, or use the in-app deletion flow. We verify identity before responding.
For users in the European Union / UK (GDPR / UK GDPR)
You have the right to:
- Access, correct, delete (right to erasure), and port your data.
- Object to processing or restrict it.
- Withdraw consent at any time.
- Lodge a complaint with your supervisory authority (e.g., Data Protection Commission in Ireland).
Our legal basis for processing is performance of the contract (the deal you create on YesCrow), our legitimate interests (security, fraud prevention), and your consent (push notifications, marketing emails where applicable).
9. Children's privacy
YesCrow is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal information, please contact us and we will delete it promptly.
10. International transfers
YesCrow is operated from the United States. Your data may be transferred to and processed in the US and other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) for EU/UK transfers and follow industry best practices for cross- border data movement.
11. Cookies & analytics
The YesCrow mobile app does not use cookies. The website uses essential cookies only (to maintain session and remember consent). We may add anonymized analytics (Sentry for crash reporting, optional product analytics) — when we do, we will update this policy and provide in-app opt-out.
12. Changes to this policy
We may update this policy from time to time. Material changes (e.g., new categories of data, new third-party sharing) will be announced in-app and via email at least 30 days before they take effect. Minor edits will simply update the "Last updated" date above.
13. Contact us
If you have any questions, requests, or concerns about this policy or your data, please email us:
Privacy & Data Protection
support@yescrow.online
Kilikia LLC, USA
Website: https://yescrow.online
If you live in California and prefer to submit a CCPA/CPRA request in writing, mail us at the address listed above with the subject line "California Privacy Request".