Privacy Policy

This Privacy Policy explains how Bloxico Software Solutions, registered at Veljka Dugoševića 54, 11050 Belgrade-Zvezdara, Serbia, company number 21404454 ("Yieldy", "we", "us", "our") collects, uses, and protects information about visitors to yieldy.io and its sub-domains (the "Site").

We act as the data controller for personal data we collect through the Site. If you have questions about this policy or how we handle your data, contact us at [email protected].

This policy covers personal data we collect when you:

1. visit the Site;
2. join our waitlist;
3. subscribe to our newsletter; or
4. contact us by email or another channel.

It does not cover any future Yieldy product, application, widget, or agent. When those launch, a separate privacy notice will apply, and you will see it before any product use.

We collect the following categories of data.

Information you give us directly. Your email address when you join the waitlist or subscribe to our newsletter. If you arrived at the Site through a referral link, the referral code from the ?ref= URL parameter, and a signup source tag from ?source= or ?utm_source=. Any other information you choose to send us (for example, in an email).

Information we generate about you. When you join the waitlist, we assign you a unique referral code so you can invite others, and we record which existing waitlist member referred you (if any), your signup source, your subscription status (pending, confirmed, unsubscribed, or bounced), and the timestamps for each.

Information collected automatically when you visit the Site. Your IP address, approximate location (country and region), device and browser type, operating system, referring URL, pages viewed, time spent on pages, and click events. This data is collected through Google Analytics, Google Tag Manager, and standard web server logs. We run Google Analytics in a cookieless mode (see Section 6), so it measures aggregate traffic without storing analytics cookies on your device or identifying you across visits.

Information from cookies and similar technologies. See Section 6.

We do not collect special categories of personal data (such as health, biometric, or political data), and we do not knowingly collect data from children under 16.

We process personal data for the following purposes and on the following legal bases.

If we ever rely on consent, you can withdraw it by emailing us at [email protected] or, for newsletters, using the unsubscribe link in any email.

We share personal data with the following categories of recipients.

Service providers (sub-processors). We use third parties to operate the Site. They process data on our behalf and only as instructed by us. Our current sub-processors are:

• Vercel Inc. (United States): hosting and content delivery for the Site. Privacy policy: vercel.com/legal/privacy-policy
• Cloudflare, Inc. (United States): DNS, content delivery, and bot and security protection for the Site. Privacy policy: cloudflare.com/privacypolicy
• MailerLite Limited (Ireland): waitlist and newsletter email management. Privacy policy: mailerlite.com/legal/privacy-policy
• Supabase Inc. (United States): database hosting for waitlist subscriber records and referral attribution. Privacy policy: supabase.com/privacy
• Google LLC (United States): Google Analytics and Google Tag Manager for Site traffic analytics, and Google Sheets for an internal export of waitlist subscriber data used for operations and reporting. Privacy policy: policies.google.com/privacy

Legal and regulatory recipients. We may disclose data when required by law, court order, or other legal process, or to protect our rights or the rights of others.

Successors. If we are acquired, merge with another company, or reorganize our business, we may transfer data to the successor, subject to this policy.

We do not sell personal data, and we do not share it for cross-context behavioral advertising.

Several of our sub-processors are based in the United States, which means your personal data may be transferred there for processing. EU, UK, and Serbian data protection law require us to put recognized legal safeguards in place for those transfers. Depending on the sub-processor, we rely on one or more of the following:

1. the EU-US Data Privacy Framework (and its UK and Swiss extensions), where the sub-processor is certified;
2. Standard Contractual Clauses (SCCs) approved by the European Commission and the equivalent UK addendum approved by the UK Information Commissioner's Office; or
3. European Commission adequacy decisions where they apply.

In short, these mechanisms are standard agreements and certifications that legally bind US providers to protect your data at the same level required inside the EU and UK. You can request a copy of the safeguards we rely on for any specific sub-processor by emailing us at [email protected].

The Site uses a small number of cookies, mainly to keep the Site secure and to operate our sign-up forms. We measure traffic using Google Analytics in a cookieless mode, so Google Analytics does not set analytics cookies (_ga, _ga_*, _gid) on your device and does not identify you across visits. This is done through Google Consent Mode, with analytics storage denied by default, so Google Analytics measures aggregate traffic without cookie-based identifiers.

The cookies and similar technologies we currently use are:

Most browsers let you control cookies through their settings. Blocking these cookies will not affect your ability to read the Site, though blocking the form cookies may interfere with sign-up.

We do not use cookies for advertising or cross-site tracking, and our analytics setup does not store analytics cookies on your device.

We keep personal data only for as long as we need it for the purposes described in this policy, unless a longer period is required by law.

When data is no longer needed, we delete or anonymize it.

Subject to applicable law (including the EU GDPR, the UK GDPR, and the Serbian Law on Personal Data Protection), you have the right to:

1. access the personal data we hold about you;
2. correct inaccurate or incomplete data;
3. delete your data in certain circumstances;
4. object to or restrict our processing of your data;
5. withdraw consent at any time, where we rely on consent;
6. receive a portable copy of data you provided to us, in a structured, commonly used, machine-readable format; and
7. lodge a complaint with your local supervisory authority. In Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs).

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before acting on a request.

We use reasonable technical and organizational measures to protect personal data against accidental loss, unauthorized access, alteration, or disclosure. These include encryption in transit (TLS), restricted access to systems holding personal data, and contractual security commitments from our sub-processors.

No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.

The Site is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. If the changes are material, we will notify you by email (where we have your address) or by a notice on the Site before the changes take effect. Your continued use of the Site after the updated policy takes effect constitutes acceptance of the updated policy.

For privacy questions, requests, or complaints, contact: