This Privacy Policy explains how YOSA handles your data, including collection, usage, and protection practices.
Last updated: 30.03.2026
The data controller is Top Online Sp. z o.o., headquartered in the EU at: Millennium Towers, 6th floor, rooms 6.02, 6.26, 6.27, Strzegomska 42AB, 53-611 Wrocław, Poland ("Top Online", "We", "Us", "Our").
Questions or requests? Email us at [email protected]. Any information you provide when contacting us is used solely to answer your inquiry.
Your privacy matters to us. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it when you visit yosa.ai or use the YOSA platform.
By using our platform, you consent to the data practices described here — subject to the rights and controls described below.
This Policy applies to personal data collected when you visit yosa.ai (including any sub-pages) and/or when you use the YOSA platform.
We may update this Policy from time to time, but we will never do so in a way that undermines our commitment to your privacy. Where appropriate, changes will be communicated by email. Continued use of the platform constitutes acceptance of the updated Policy.
All capitalised terms used here have the same meaning as in the Terms of Service and applicable law.
Term | Meaning |
User | Any entity visiting yosa.ai (including sub-pages) and/or using our platform |
Customer | Any registered entity that has created an account on and/or uses our platform |
The personal data we collect depends on whether you are a visitor to the YOSA website or a registered Customer/User of the platform.
In general, we process personal data for the following purposes: account creation, provision of services, handling complaints or claims, analytics, marketing, service improvement, security monitoring and abuse prevention, and compliance with legal obligations.
When you visit yosa.ai or any of our sub-sites or sub-domains, we may temporarily collect: the name of your internet service provider, your IP address, the website you came from, the pages you visited on our site, the date and duration of your visit, and device information (e.g. device type, operating system, screen resolution, language, country, browser type).
We use this data to analyse, develop, improve, secure, and optimise our site, and to ensure we are reaching the right audience.
Where possible, we use this data in aggregated and/or anonymised form.
Legal basis: Article 6(1)(a) and Article 6(1)(f) GDPR (depending on context).
When you create an account, contact our support team, or subscribe to our content or offers, we may ask for personal data such as your name, email address, and details about you or your organisation.
Legal basis for account data: Article 6(1)(b) GDPR.
We temporarily store IP addresses of platform Customers and Users to monitor performance metrics and track application errors. We will never access these IP addresses without an operational or security need.
Legal basis for IP data: Article 6(1)(f) GDPR.
We may use technical data (e.g. timestamps) to analyse, develop, improve, and optimise the platform.
You can delete your YOSA account at any time. After deletion, we may retain some personal data (in part or in full) to meet regulatory and reporting requirements and to handle any outstanding customer service issues, for the timeframes required by law.
We may use personal data and other data about our Customers and Users (including demographic and location information, and device data) to create anonymised, aggregated analytics where possible.
Legal basis: Article 6(1)(f) GDPR.
As part of the Service, the YOSA platform may crawl your website to build a knowledge base for a given Project. This process may incidentally collect personal data publicly visible on your website pages — such as names, email addresses, or other identifying information present in the crawled content.
Such data is processed solely for the purpose of building and maintaining the Project knowledge base and is not used for any other purpose.
As the data controller for your website, you are responsible for ensuring you have an appropriate legal basis for making that data available to us through the crawling process. This obligation is set out in the Personal Data Processing Agreement (Appendix No. 1 to the Terms of Service).
Legal basis on our part: Article 6(1)(b) GDPR. All data collected through website crawling is stored exclusively in the EU.
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to site owners.
We use the following categories of cookies on yosa.ai:
Cookie type | Purpose | Provider |
Strictly necessary | Enable core functionality (e.g. session management, authentication). The platform cannot function properly without these. | Top Online / Auth0 |
Analytics | Help us understand how visitors interact with our website — which pages are visited most, how long users stay, and where they come from. We use Google Analytics 4 (GA4) for this purpose. Data is collected in aggregated, pseudonymised form. | Google Analytics |
Functional | Remember your preferences and settings to improve your experience. | Top Online |
We do not use advertising or tracking cookies.
Legal basis: Article 6(1)(a) GDPR (consent) for analytics and functional cookies; Article 6(1)(f) GDPR (legitimate interest) for strictly necessary cookies.
When you first visit yosa.ai, a cookie consent banner (powered by Usercentrics) allows you to accept or decline non-essential cookies. You can review and change your preferences at any time by clicking the "Privacy Settings" link in the footer of our website.
You may also manage or delete cookies directly in your browser settings:
To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-out Browser Add-on.
Please note that disabling non-essential cookies may affect certain features of our website or platform.
We retain personal data for as long as necessary to deliver our Services or to meet our legal obligations. Anonymous or aggregated data may be retained indefinitely for analytics purposes.
We do not sell your personal data.
We may share personal data only in the following circumstances:
We use sub-processors to deliver parts of our service infrastructure. These include:
All sub-processors are contractually bound to ensure data protection compliance, including Standard Contractual Clauses where applicable.
Privacy policies of our main sub-processors:
Sub-processor | Privacy Policy |
Auth0 | |
Stripe | |
Google (partner sites) | |
Google Analytics | |
Google (general) | |
Hetzner | |
Resend | |
OpenAI | |
Anthropic | |
Perplexity | |
DataForSEO | |
SEMSTORM | |
Agent Monitor | |
Usercentrics |
Our Services are not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it. If you become aware of this, please contact us at [email protected].
If we hold personal data about you, you have the right to:
Withdrawing consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Please note that withdrawing consent may affect the quality of our site or platform. Where data was processed solely on the basis of consent, we may delete it upon withdrawal - meaning it will no longer be accessible or recoverable by you.
Complaints: You have the right to lodge a complaint with your national data protection authority.
Verification: To protect your privacy, we will verify your identity before fulfilling any request. We can identify you by email address and can only act on your request if we hold personal data about you through your direct contact with us or your use of our platform.
This section applies only to our processing of personal data as a "business" under the CCPA.
If you are a California resident and wish to exercise your rights under the CCPA, contact us at [email protected]. We will process your request in accordance with applicable law.
We do not "sell" personal data, and we do not have actual knowledge of any sale of personal data of minors under 16 years of age.
Only you, or someone legally authorised to act on your behalf, may make a verifiable consumer request under the CCPA. You may also make a request on behalf of your minor child where applicable.
This section applies only to our processing of personal data under the Brazilian LGPD.
If you are a Brazilian resident, or were in Brazil when your personal data was collected, and wish to exercise your rights under the LGPD, contact us at [email protected]. We will process your request in accordance with applicable law.