Y O E F I

Privacy Policy

Last Updated: 10 June 2025

This Privacy Policy explains how YOEFI Limited ("YOEFI", "we", "us", "our", or "Company") uses and protects your personal data. It describes what data we collect, why we collect it, and your rights regarding your data.

At YOEFI Limited ("YOEFI", "we", "us", "our", or "Company"), we're committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website (www.yoefi.com) and our digital assistant services, including our will creation tool and other features that may utilise Large Language Models (LLMs).

We adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

1. Who We Are

YOEFI Limited is a limited company registered in England and Wales with registered number 15134353.

Our Contact Details:

  • Name: YOEFI Limited
  • Address: 86-90 Paul Street, London, England, EC2A 4NE
  • Email: info@yoefi.com

If you have any questions about this Privacy Policy or our data protection practices, please contact us at the details above.

2. The Personal Information We Collect

We currently collect and process the following categories of personal information:

  • Identity Data: Your name, date of birth.
  • Contact Data: Your email address, postal address, telephone numbers.
  • Account Data: Your user identification code.
  • Financial Data: Payment details (processed securely via third-party payment processors – we do not store full payment card details on our servers).
  • Usage Data: Information about how you use our website and services, including your IP address, device information, browser type, operating system, pages visited, time spent on pages, and referring URLs.
  • Content Data: Any information, text, documents, or data you input, upload, or generate using our services, including details provided for legal documents (e.g., will creation, asset information).
  • Technical Data: Information about your device and internet connection, including IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Cookie Data: Information collected via cookies and similar tracking technologies (please refer to our Cookie Policy for more details).

3. How We Get Your Personal Information and Why We Collect It

Most of the personal information we process comes directly from you, for one of the following reasons:

  • When you register for an account on our website.
  • When you use our digital assistant features, including providing information to generate legal documents or interacting with LLM-powered tools.
  • When you communicate with us via email, phone, or support channels for inquiries, support, or feedback.
  • When you subscribe to our services or make a purchase.
  • Through your interaction with our website, collected automatically via cookies and analytics tools.

We use the information you've given us to:

  • Provide, operate, and maintain our website and services.
  • Create and manage your account.
  • Process your subscriptions and payments.
  • Deliver the services you've requested, including assisting in the generation of legal documents via LLMs.
  • Communicate with you regarding your account, updates, and customer support.
  • Improve, personalize, and expand our website and services.
  • Understand and analyze how you use our website and services.
  • Detect and prevent fraud and other malicious activity.
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Process Your Information, Including LLM Interaction

We process your personal information for various purposes, depending on how you interact with our services.

Data Abstraction for LLM Interaction (Privacy by Design):

When you use features that involve Large Language Models (LLMs), such as the will creation tool, we employ a robust **data abstraction and anonymization process**. This means that identifiable personal data (like your name or specific contact details) is removed or transformed before being sent to the LLM. This process ensures that the LLM cannot associate the data used to produce legal documents with you or your personal identity.

5. Lawful Bases for Processing Your Personal Information

Under the UK GDPR, we rely on the following lawful bases for processing your information:

  • (a) Your Consent: You've given us clear consent to process your personal data for a specific purpose (e.g., for sending marketing communications). You can withdraw your consent at any time by contacting us at info@yoefi.com or using the unsubscribe link in our emails.
  • (b) Performance of a Contract: The processing is necessary for a contract we have with you, or because you've asked us to take specific steps before entering into a contract (e.g., processing account data to provide our services).
  • (c) Legal Obligation: The processing is necessary for us to comply with the law (e.g., for tax and accounting purposes).
  • (f) Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests don't override your fundamental rights and freedoms (e.g., improving our services, ensuring network security, preventing fraud, analytics for business improvement). We conduct a Legitimate Interests Assessment where appropriate.

6. When and With Whom We Share Your Personal Information

We may share your personal information with:

  • Service Providers: Third-party companies that provide services on our behalf, such as payment processing, hosting, analytics, customer support, and email delivery. These providers are bound by strict contractual obligations to keep your data secure and to use it only for the purposes for which we disclose it to them.
  • Large Language Model (LLM) Providers: As explained in Section 4, we abstract and anonymize your data before sending it to LLM providers. We strive to partner with LLM providers who commit not to use your abstracted input data to train or improve their general models. However, you acknowledge that the LLM's output may be similar to content generated for other users, and its copyrightability is still subject to ongoing legal interpretation.
  • Professional Advisors: Lawyers, accountants, auditors, and insurers who provide professional services to us.
  • Government Authorities / Law Enforcement: If required by law, court order, or to protect our rights, property, or safety, or the rights, property, or safety of our users or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
  • Affiliates: With other companies within our corporate group, solely for the purposes described in this Privacy Policy.

We do not sell or rent your personal information to third parties for their marketing purposes.

7. International Data Transfers

We store your information securely within the UK. However, some of our service providers, including LLM providers, may process data outside the UK or the European Economic Area (EEA).

Whenever your personal data is transferred outside the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
  • Where we use certain service providers, we may use specific contracts approved by the UK government which give personal data the same protection it has in the UK (e.g., Standard Contractual Clauses, International Data Transfer Agreements/Addendums).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.

8. How We Store Your Personal Information

Your information is securely stored on our servers and those of our reputable third-party service providers. We implement appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures include encryption, access controls, and regular security audits.

We keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

Upon the expiration of the retention period, we will securely dispose of your information by deleting electronic records, shredding physical documents.

9. Your Data Protection Rights

Under data protection law, you have important rights regarding your personal information. These include:

  • Your right of access: You have the right to ask us for copies of your personal information.
  • Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Right to withdraw consent: Where we process your data based on your consent, you have the right to withdraw that consent at any time.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@yoefi.com if you wish to make a request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

10. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

  • Email: info@yoefi.com
  • Address: 86-90 Paul Street, London, England, EC2A 4NE

You can also complain to the ICO (Information Commissioner’s Office) if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

ICO Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically.

YOEFI Limited is a limited company registered in England and Wales with registered number 15134353.

© Copyright 2025 YOEFI Limited

All Rights Reserved.