Yuki
yuki
Trust Center

Your data, your rules.

Yuki only works because you connect your inbox — so being careful with it is the whole job. Here’s exactly what Yuki accesses, what it never does, how your data is protected, and how to remove it, in plain language. For the formal detail, see the Security & Audit Center and Privacy Policy.

Our promises

No human reads your email

People on our team do not read your emails. Automated systems process email text only to build the features you turn on — trips, receipts, deliveries, subscriptions.

Feature delivery only

Data from Google APIs is used only for the Yuki features you enable — never for advertising, market research or unrelated profiling. This follows the Google API Services User Data Policy, including its Limited Use requirements.

We never sell your data

We do not sell, rent or trade your Gmail data or any insights derived from Google API data. Full stop.

Read-only by default

Yuki reads your inbox only to extract the useful bits. It sends email only when you explicitly trigger a quick reply — never on its own.

How your data is protected

Token isolation

Your Google tokens are never logged and are stored encrypted at rest. Disconnecting Gmail revokes our stored authorization path.

Raw-email minimization

Yuki extracts structured facts and stores those derived insights, rather than keeping your raw email bodies as a permanent database.

Scoped access

Your data is protected by row-level security patterns, so access stays scoped to your authenticated account. Data is encrypted at rest and in transit (TLS).

EU-first infrastructure

Primary infrastructure is deployed in European regions where practical, including GCP europe-west1 and EU-hosted observability where supported.

Yuki completed an independent CASA Tier 2 security assessment (Cloud Application Security Assessment) covering OAuth, storage, transmission, authentication, input validation, logging, vulnerability management and incident response.

You’re in control

Disconnect Gmail

Revoke Yuki’s access from the app settings at any time.

Revoke at Google

Remove Yuki directly at myaccount.google.com/permissions.

Delete your account

Remove your account and associated data in the app’s Privacy & Data settings.

Export your data

Request a copy of your account data from the app or from support.

Privacy FAQ

Is it safe to connect my email to Yuki?

Yuki completed an independent CASA Tier 2 security assessment for the Gmail access it uses, stores your tokens encrypted, never lets humans read your email, and never sells your data. You can disconnect or delete everything at any time. See the Security & Audit Center for the full assessment.

What does Yuki actually read?

Yuki reads only actionable messages — bookings, receipts, bills and invites — to turn them into trips, expenses, calendar events and tasks. It is designed to surface what matters, not to make you read more email, and it does not use your data for advertising or profiling.

Does Yuki connect to my bank?

No. Yuki tracks expenses and subscriptions by reading receipt and billing emails in your inbox. It never asks for or connects to your bank login.

How do I remove my data?

You can disconnect Gmail from the app, revoke Yuki at myaccount.google.com/permissions, and delete your account and associated data in the app’s Privacy & Data settings. You can also request a full export.

Questions about privacy or security?

Email support@yukihq.com. Public-safe attestation materials can be shared with partners or reviewers on request.