Privacy Policy

Effective Date: January 13, 2026

1. Introduction and Scope

This Privacy Policy describes how YESS ("we," "our," or "us"), operator of Mia, collects, uses, processes, and discloses your personal information when you use our AI-native sales intelligence platform (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other U.S. state privacy laws.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Data Controller Information

YESS is the data controller responsible for your personal information collected through the Service. If you have questions about this Privacy Policy or our data practices, you may contact us at:

Email: support@yess.io

3. Information We Collect

3.1 Information You Provide to Us

We collect personal information that you voluntarily provide when you:

  • Register for our waitlist or create an account
  • Use our Service or request customer support
  • Communicate with us via email, forms, or other channels
  • Participate in surveys or provide feedback

The types of personal information we collect include:

  • Contact Information: Work email address, full name
  • Professional Information: Company name, job title, sales team size
  • Technical Preferences: Current CRM platform (optional)
  • Account Credentials: Authentication information when you create an account

Note: We do not collect sensitive personal information as defined under applicable U.S. state privacy laws, including Social Security numbers, driver's license numbers, financial account credentials, precise geolocation, health information, racial or ethnic origin, religious beliefs, sexual orientation, or biometric data for identification purposes.

3.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type and version, unique device identifiers
  • Log and Usage Data: IP address, access times, pages viewed, referring/exit pages, click data, and other usage statistics
  • Location Information: Approximate geographic location derived from IP address
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities (see Section 10 for details)

3.3 Business Data (When Using the Service)

When you actively use Mia's sales intelligence features, we process:

  • Sales-related data you upload or import from integrated systems
  • CRM integration data and synchronization information
  • Customer and prospect information you input
  • Deal pipelines, stages, and transaction data
  • Communication records and interaction history
  • Any other business information you choose to input into the Service

3.4 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Authentication service providers (e.g., single sign-on providers)
  • CRM platforms and business tools you integrate with our Service
  • Analytics providers and advertising partners (subject to your consent where required)
  • Publicly available sources for business contact verification

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal information only when we have a legal basis to do so:

  • Contract Performance: Processing necessary to provide the Service you requested or to take steps prior to entering into a contract
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, security, and fraud prevention, unless overridden by your rights
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations
  • Consent: Where required by law, we will obtain your explicit consent before processing certain personal information (e.g., marketing communications, non-essential cookies)

5. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: To provide, maintain, and improve our AI-native sales intelligence platform, including processing your data to generate insights and recommendations
  • Account Management: To create and manage your account, process waitlist registrations, and authenticate your access
  • Communication: To send you service-related notifications, respond to inquiries, provide customer support, and communicate important updates
  • Personalization: To customize your experience and provide tailored features, content, and recommendations
  • Analytics and Improvement: To analyze usage patterns, conduct research, and improve our Service's functionality and performance
  • AI Model Training: To train, test, and improve our AI and machine learning models using aggregated and de-identified data (see Section 6)
  • Security and Fraud Prevention: To detect, prevent, and address security incidents, fraudulent activities, and violations of our Terms of Service
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Marketing (with consent): To send promotional communications about new features, offers, and events (you may opt out at any time)

6. AI and Machine Learning Practices

Mia uses artificial intelligence and machine learning technologies to provide intelligent sales insights and recommendations. Here is how we handle your data in relation to AI:

  • AI-Powered Processing: Your business data is processed by our AI models to generate personalized insights, predictions, and recommendations for your sales activities
  • Model Training: We may use aggregated, anonymized, and de-identified data to train and improve our AI models. We implement technical safeguards to ensure individual users cannot be re-identified
  • Data Isolation: Your identifiable business data is not shared with other users or used to train models that benefit competitors
  • Third-Party AI: We do not provide your personal or business data to third-party AI training services without your explicit consent
  • Transparency: AI-generated insights are clearly labeled as such within the Service

You have the right to object to AI-based automated decision-making that produces legal or similarly significant effects. Please contact us to exercise this right.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

7.1 Service Providers and Processors

We engage trusted third-party service providers to perform functions on our behalf, such as:

  • Cloud hosting and infrastructure (e.g., AWS, Google Cloud)
  • Analytics and monitoring services
  • Customer support and communication tools
  • Payment processing (if applicable)
  • Security and fraud detection services

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information and use it solely for the purposes we specify.

7.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

7.3 Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

  • Comply with legal obligations, court orders, or governmental requests
  • Enforce our Terms of Service and other agreements
  • Protect and defend our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

7.4 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as when you integrate third-party services with Mia.

7.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent)
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Secure data storage and backup procedures
  • Employee training on data protection and security
  • Incident response and breach notification procedures

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our retention criteria include:

  • Active Accounts: Information is retained while your account is active and you use our Service
  • Deleted Accounts: Upon account deletion request, we will delete or anonymize your personal information within 30 days, except where retention is required for legal, tax, audit, or security purposes
  • Legal Compliance: We may retain certain information to comply with legal obligations (e.g., financial records, tax documentation)
  • Aggregated Data: De-identified and aggregated data may be retained indefinitely for analytics and research purposes

You may request deletion of your account and personal information at any time by contacting us at support@yess.io.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Service.

Types of Cookies We Use:

  • Essential Cookies: Necessary for the Service to function properly (e.g., session management, security)
  • Analytics Cookies: Help us understand how users interact with our Service to improve functionality
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used to deliver relevant advertisements (only with your consent where required)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service. For more information on managing cookies, visit your browser's help documentation.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

11.1 Rights for All Users

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal information
  • Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Opt-Out: Opt out of marketing communications at any time via unsubscribe links or account settings

11.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

  • Right to Data Portability: Receive your personal information in a structured, commonly used, machine-readable format
  • Right to Restriction: Request restriction of processing under certain circumstances
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

11.3 Additional Rights for U.S. State Residents

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, or other U.S. states with comprehensive privacy laws, you may have additional rights including:

  • Right to Know: Know what personal information we collect, use, and share
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising purposes
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to necessary purposes
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@yess.io. We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR and 45 days for CCPA).

We may require verification of your identity before processing your request to protect your personal information. You may designate an authorized agent to make requests on your behalf, subject to verification requirements.

Right to Appeal

If we decline to take action on your privacy request, we will inform you of the reasons for our decision. You have the right to appeal by contacting us at support@yess.io within 30 days of receiving our decision.

We will respond to your appeal within 60 days (or as required by applicable state law). If we deny your appeal, residents of certain states may contact their state's Attorney General to submit a complaint.

12. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.

When we transfer personal information from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection levels
  • Other legally recognized transfer mechanisms

You may request a copy of the safeguards we have implemented by contacting us at support@yess.io.

13. Children's Privacy

Our Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately at support@yess.io.

14. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or integrations (such as CRM platforms). This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

When we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Notify you via email or through a prominent notice on our Service
  • Obtain your consent where required by applicable law

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Do Not Track and Global Privacy Control

Our Service honors Global Privacy Control (GPC) signals as a valid opt-out request for the sale or sharing of personal information under applicable state laws, including California's CCPA/CPRA.

We do not currently respond to other "Do Not Track" browser signals, as there is no common standard for interpreting such signals.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@yess.io

Website: https://withmia.ai

← Back to Home