Last updated: May 2026
|
Applicable Law Yasi One is a global service, accessible to users worldwide. This Privacy Notice is primarily governed by the General Data Protection Regulation (EU) 2016/679 (GDPR), which applies because My Aion Inc. offers its services to users located in the European Economic Area and monitors their behaviour. Compliance with the GDPR constitutes the baseline standard for all users globally. Depending on your country or state of residence, additional data protection rights or disclosure requirements may apply under applicable local law. The relevant provisions are set out in the Appendix to this Notice. In particular: • Users in the UAE and Gulf region: the ADGM Data Protection Regulations 2021 (DPR) and, where applicable, local privacy frameworks apply in addition to this Notice. The ADGM DPR and the GDPR are substantively aligned; this Notice satisfies the transparency requirements of both frameworks. • Users in the United Kingdom: the UK GDPR and the Data Protection Act 2018 apply. Users in the UK may lodge complaints with the Information Commissioner’s Office (ICO) at ico.org.uk. • Users in the United States: there is no single federal privacy law of general application in the United States. My Aion applies the GDPR as its global baseline standard, which provides a level of protection consistent with or exceeding applicable US state privacy laws. To the extent that specific US state privacy laws apply, My Aion will comply with those requirements. For enquiries, contact privacy@aionai.io indicating your state of residence. • Users in other jurisdictions may have additional rights under applicable local law. For jurisdiction-specific enquiries, contact us at privacy@aionai.io indicating your country of residence. |
This Privacy Notice is issued by My Aion Inc. (“My Aion”, “we”, “us”, “our”), a company incorporated under the laws of the State of Delaware, United States of America.
My Aion is the Data Controller of your personal data within the meaning of Article 4(7) GDPR. This means we are responsible for deciding how and why your personal data is processed and for ensuring that it is handled in accordance with applicable data protection law.
|
Data Controller |
My Aion Inc. |
|
Registered address |
257 Old Churchmans Road, 19720, Delaware (DE), United States of America |
|
EIN |
92-3279708 |
|
Data Protection Officer |
Appointed. Contact: dpo@aionai.io |
|
Privacy contact |
privacy@aionai.io |
|
Website |
Yasi One |
|
Last updated |
May 2026 |
For questions or requests regarding your personal data, or to exercise any of the rights described in Section 9, please contact us at privacy@aionai.io.
This Privacy Notice applies to all users who access the Yasi One application or visit the website https://yasi.one, regardless of their country or state of residence. Depending on your jurisdiction, additional rights or disclosure requirements may apply under applicable local law, as set out in the Appendix.
This Notice applies to:
• Users who register for and use the Yasi One application, available as a web app and as a mobile application for iOS and Android devices;
• Visitors to the institutional website https://yasi.one, including individuals who submit enquiries through the contact form.
This Notice does not apply to third-party websites or services accessible via external links from Yasi One. We encourage you to read the privacy policies of any third-party services you access.
Use of Yasi One is reserved exclusively for adults who have reached the age of majority under the law applicable to them and who have the legal capacity to enter into binding contracts. If we become aware that an Account is being used by a minor, we may suspend or deactivate it.
The following sections describe the categories of personal data we collect, the purposes for which we use it, the legal basis for processing under the GDPR, and the applicable retention approach.
Depending on how you interact with Yasi One, we process the following categories of personal data:
• Account and identity data: full name, email address, username, password (hashed), country of residence, date of birth, gender, language preferences, and — where applicable for invoicing purposes — billing address and tax identification details.
• Authentication and security data: IP address, device type and identifier, operating system version, session token, and access logs generated during login and use of the platform.
• Search queries and conversation history: text queries submitted to the AI search, voice inputs (converted to text and retained for the duration of the Account), geolocation data (only where explicitly enabled), search history and blacklisted sources.
• User-uploaded content: files and documents (PDF, DOCX, PPTX, XLSX, TXT, code files), images, and audio files uploaded to My Files or submitted for processing via Quick Actions (Summarise, Translate, Transcribe, Describe). Quick Actions may be activated on: (a) content directly uploaded by the User within Yasi One — this content is stored within the User’s account; and (b) content shared from third-party applications (such as voice messages from WhatsApp or Telegram) directly into Yasi One via the device’s native sharing functionality — this content is processed solely to generate the requested output and is not stored within the User’s account. Also includes text prompts and reference images submitted for Image Mode, and prompts and style inputs submitted for Music Mode.
• Generated outputs: AI-generated search summaries, Quick Action outputs (transcriptions, translations, summaries, image descriptions), images stored in My Gallery, and musical compositions stored in My Music.
• Payment and transaction data: subscription plan, Yasi Credits balance, transaction history, transaction date and amount. Payment card data is processed exclusively by Stripe, our payment service provider, acting as data processor. Payment collection is managed on My Aion’s behalf by Synapsia S.r.l. (Italy). Payment card data is not stored by My Aion.
• Support and communications data: email address, name and content of support requests, and communication preferences (marketing opt-in/opt-out).
• Website contact form data: name, email address and message content submitted through the contact form on https://yasi.one
• Usage and technical metadata: session duration, type of service used, volume of requests, error logs and operational metrics generated by normal use of the platform.
Yasi One is a general-purpose AI tool. We do not intentionally collect special categories of personal data (such as health information, religious or political beliefs, racial or ethnic origin, or sexual orientation). However, because some features involve user-generated content, such data could appear incidentally in content you enter or upload. Where this occurs, we process it solely to provide the service you have requested and do not use it for any other purpose.
You are expressly prohibited from uploading or sharing criminal conviction data or judicial data relating to identified or identifiable third parties.
Note on voice and audio data: voice inputs submitted for AI search are processed on our servers and converted to text by our AI processing infrastructure. Both the original audio recording and the resulting text transcript are retained for the duration of the Account, unless deleted earlier by the User.
The table below sets out the purposes for which we process personal data, the legal basis under the GDPR, and the applicable retention approach.
|
Purpose |
Legal Basis (GDPR) |
Retention |
|
Account creation, authentication and subscription management |
Art. 6(1)(b) GDPR — performance of contract. |
Duration of Account + 3 years after termination. Accounting records retained as required by applicable law. |
|
Providing AI-powered search, Quick Actions, Image Mode, Music Mode, My Files — core service delivery |
Art. 6(1)(b) GDPR — performance of contract. For special categories processed incidentally: Art. 9(2)(a) GDPR — explicit consent, where required. |
Duration of Account. Content uploaded directly to Yasi One (My Files, Quick Actions): retained until deleted by the User or Account closure. Content shared from third-party applications via Quick Actions (e.g. WhatsApp/Telegram voice messages): processed solely to generate the output, not stored. Generated outputs retained until Account closure. |
|
Geolocation for search result relevance |
Art. 6(1)(a) GDPR — consent. Enabled only where explicitly activated by the user; can be disabled at any time. |
Duration of the active session or until consent is withdrawn. |
|
Payment processing and Yasi Credits management |
Art. 6(1)(b) GDPR — performance of contract. Art. 6(1)(c) GDPR — legal obligation (accounting/tax). |
Transaction records and Credits ledger retained for the period required by applicable accounting and tax law. |
|
Customer support |
Art. 6(1)(b) GDPR — performance of contract. |
For the period necessary to resolve the request and manage follow-up, subject to applicable legal requirements. |
|
Responding to website contact form enquiries |
Art. 6(1)(f) GDPR — legitimate interests (responding to inbound enquiries). |
Up to 24 months from receipt, unless an ongoing relationship develops. |
|
Transactional service communications (account notifications, subscription status) |
Art. 6(1)(b) GDPR — performance of contract. |
Duration of Account. |
|
Marketing and promotional communications |
Art. 6(1)(a) GDPR — consent. You can withdraw consent at any time via the unsubscribe link or by contacting privacy@aionai.io. |
Until consent is withdrawn. |
|
Platform security, fraud prevention, abuse detection and integrity monitoring |
Art. 6(1)(f) GDPR — legitimate interests (ensuring platform security and protecting users). Art. 6(1)(c) GDPR — legal obligation, where applicable. |
Access and security logs: minimum period necessary to detect and investigate incidents. Usage metadata: duration of Account. |
|
Technical support, service quality improvement and operational monitoring (by authorised team members) |
Art. 6(1)(f) GDPR — legitimate interests (maintaining a secure, reliable and compliant service). |
As per the underlying data category (search history, conversation data, usage metadata). |
|
Compliance with legal obligations and handling of lawful authority requests |
Art. 6(1)(c) GDPR — legal obligation. |
For the period required by the applicable legal obligation. |
|
Handling notices, reports, complaints and moderation or enforcement actions |
Art. 6(1)(f) GDPR — legitimate interests. Art. 6(1)(c) GDPR — legal obligation, where applicable. |
For the period necessary to assess and manage the notice or complaint. Thereafter, for the period necessary to comply with applicable legal obligations and/or establish, exercise or defend legal claims. |
|
Communication of personal data to third-party partner controllers (where consent has been given) |
Art. 6(1)(a) GDPR — consent. Collected separately at registration. May be withdrawn at any time without affecting access to the Service. |
Until consent is withdrawn. Upon withdrawal, no further communication takes place; data already transferred to third-party controllers is subject to their own retention policies. |
|
Establishing, exercising or defending legal claims |
Art. 6(1)(f) GDPR — legitimate interests. |
Duration of the relevant claim or dispute and applicable statutory limitation period. |
Automated decision-making
You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you (Art. 22 GDPR). My Aion does not make decisions of this nature. The automated mechanisms used by Yasi One (algorithmic source selection, content filtering, speech-to-text transcription) are functional processes necessary for service delivery and do not produce such effects.
When your Account is closed, we apply a structured deletion process: immediate pseudonymisation of directly identifying fields upon account closure request; permanent deletion of all data without a legal retention basis within 30 days; and elimination of residual backup copies within 65 days. You can delete specific content (search history, files in My Files) at any time from within the application; deleted content is permanently removed and cannot be recovered.
My Aion does not use your personal data, your queries, your files or any other content you generate within Yasi One to train, fine-tune or improve AI models — whether our own or those of our technology providers.
The AI model providers we work with process your data solely to generate responses to your requests, on our instruction. For information on how specific providers handle data operationally — including any temporary logging for platform security and abuse prevention purposes — see Section 5.2.
AI-generated outputs are produced by AI systems and may not be accurate, complete or representative of the original content or source material. My Aion does not guarantee the accuracy, reliability or uniqueness of any AI-generated output. You are responsible for verifying information before relying on it.
Access to personal data within My Aion is restricted on a need-to-know basis. We apply role-based access controls and log access to sensitive data.
Some members of our team, and authorised personnel of Synapsia S.r.l. (our Italian R&D and operations partner, acting as data processor on our behalf), may access data relating to how the platform is used, in the performance of functions relating to technical support, service quality improvement, abuse prevention and platform security.
In both cases, access is subject to internal authorisation controls, is logged, and is limited to what is necessary for the specific purpose. It is based on our legitimate interest in maintaining a secure, reliable and compliant service (Art. 6(1)(f) GDPR).
We share your personal data with third-party providers who process it on our behalf and on our instruction, solely for the purposes described in this Notice. These providers are contractually bound to process your data only as we direct, to maintain appropriate security measures, and not to use it for their own purposes.
|
Category |
Purpose |
Location |
|
Cloud infrastructure and AI processing |
Hosting, storage, AI model inference (text, voice, image generation) |
United Arab Emirates (primary) |
|
AI processing (web search and embeddings) |
Web search results and content retrieval |
European Union |
|
AI processing (music generation) |
Musical composition generation (Music Mode) |
Singapore |
|
Content delivery and network security (CDN/WAF) |
Traffic routing, DDoS protection, web application firewall |
Global (EU SCC in place) |
|
Payment processing |
Subscription and Yasi Credits transactions. Payment collection is managed on My Aion’s behalf by Synapsia S.r.l. (Italy). |
European Union / United States |
|
Email and communications platform |
Transactional and marketing email delivery |
European Union |
|
CRM and helpdesk |
Support ticket management, account administration |
European Union / United States |
|
Web hosting |
Hosting of the institutional website https://yasi.one |
European Union (Lithuania) |
|
Application development and maintenance |
Technical development and support of the Yasi One platform |
Italy (EU) — Synapsia S.r.l., acting as data processor |
Where you have given your specific consent at registration, your name, email address and registration data may also be communicated to partner companies that promote or contribute to the distribution of Yasi One, acting as independent data controllers for their own managerial and promotional purposes. This communication is optional and does not condition access to the Service. You may withdraw consent at any time via privacy@aionai.io.
We may disclose personal data to competent authorities, regulatory bodies or courts where required to do so by applicable law, by a binding court order, or by a lawful request from a public authority. In such cases, we will disclose only what is strictly required and, where permitted by law, we will notify the affected user.
My Aion is incorporated in the United States (Delaware). The primary processing of your personal data takes place on infrastructure located in the United Arab Emirates.
Where personal data is transferred to a country outside the European Economic Area that has not been recognised as adequate by the European Commission, we put in place appropriate safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses (EU SCC 2021). Transfers to EEA Member States require no additional mechanism.
The main transfer scenarios are:
• EEA → UAE (cloud infrastructure): EU SCC 2021 + Transfer Impact Assessment in place.
• EEA → US (certain processors, including payment and CRM): EU SCC 2021 or EU-US Data Privacy Framework adequacy decision, as applicable.
• UAE → EEA: no additional mechanism required (EEA countries are recognised as adequate under ADGM DPR for the benefit of Gulf-region users).
For further information on the safeguards adopted for international transfers, please contact us at privacy@aionai.io.
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required or permitted by applicable law. When you close your Account, we apply a structured deletion process:
• Immediate pseudonymisation of directly identifying fields upon account closure request.
• Permanent deletion of all data without a legal retention basis within 30 days.
• Elimination of residual backup copies within 65 days of the deletion date.
Certain data is retained beyond the period of active Account use where required by applicable law — for example, financial and accounting records, records required for legal proceedings, and the Yasi Credits transaction ledger. In these cases, the data is retained for the minimum period required and access is restricted to those with a legitimate need.
You can delete specific content (such as your search history or files in My Files) at any time from within the application. Deleted content is permanently removed and cannot be recovered.
We apply technical and organisational security measures appropriate to the nature of the data we process. These include:
• Encryption of data in transit and at rest on our primary cloud infrastructure.
• Role-based access controls and multi-factor authentication for all personnel with access to production systems.
• Separation of production and development environments.
• Monitoring of system activity through our internal observability stack.
• Regular penetration testing by an independent external provider.
• A structured data breach detection and response procedure (see Section 10)..
Under the GDPR, and where applicable under other local data protection laws, you have the following rights in relation to your personal data:
|
Right |
What this means |
|
Access (Art. 15) |
You may request a copy of the personal data we hold about you. |
|
Rectification (Art. 16) |
You may ask us to correct or update personal data that is inaccurate or incomplete. |
|
Erasure (Art. 17) |
You may ask us to delete your personal data where it is no longer necessary for the purpose for which it was collected, subject to any overriding legal retention obligations. |
|
Restriction (Art. 18) |
You may ask us to pause or limit the processing of your personal data in certain circumstances. |
|
Objection (Art. 21) |
You may object to processing based on our legitimate interests or for direct marketing purposes. |
|
Data portability (Art. 20) |
You may request to receive your personal data in a structured, machine-readable format or to have it transmitted to another controller. |
|
Withdraw consent (Art. 7(3)) |
Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. |
|
Lodge a complaint (Art. 77) |
You have the right to lodge a complaint with the supervisory authority of your country of residence or place of work within the EU, or with the ADGM Commissioner for Data Protection if you are located in the UAE. |
To exercise any of these rights, please contact us at privacy@aionai.io. We may need to verify your identity before processing your request. We will respond within the timeframe required by applicable law (generally within one calendar month under the GDPR). We do not charge a fee for requests unless they are manifestly unfounded or excessive.
In addition to the rights above, you can manage your data directly within the application, including deleting your search history, deleting files from My Files, and requesting Account closure.
We have in place procedures to detect, investigate and respond to personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and in any case within 72 hours of becoming aware of it (Art. 33 GDPR). Where the breach is likely to result in a high risk, we will also notify affected individuals directly (Art. 34 GDPR).
The Yasi One web application and the website https://yasi.one use cookies and similar technologies. A separate Cookie Policy, available at https://yasi.one/policies/ provides full details of the cookies used, their purpose, and how to manage your preferences.
Strictly necessary cookies are used to enable the core functionality of the application, including authentication and session management. They are set without requiring your consent. Other cookies are only set with your consent, which you can withdraw at any time through the cookie preference centre.
We may update this Privacy Notice from time to time to reflect changes in our practices, in the services we offer, or in applicable law. Where changes are material, we will notify you in advance through the application or by email to the address associated with your Account, in accordance with the General Terms and Conditions.
The date of the last update is shown at the top of this Notice. We encourage you to review it periodically.
For any questions or concerns regarding this Privacy Notice, or to exercise your data subject rights, please contact us:
|
|
privacy@aionai.io |
|
Post |
My Aion Inc., 257 Old Churchmans Road, 19720, Delaware (DE), United States of America |
|
DPO |
Appointed. Contact: dpo@aionai.io |
You also have the right to lodge a complaint with the supervisory authority of your country of residence or place of work within the EU at any time. A list of EU supervisory authorities is available on the European Data Protection Board website at edpb.europa.eu.
If you are located in the UAE, you may also lodge a complaint with the ADGM Commissioner for Data Protection. Information on how to do so is available on the ADGM website.
Appendix — Jurisdiction-Specific Provisions
Additional rights and disclosures applicable in specific regions
Where Yasi One is accessed by users located in the UAE or other Gulf Cooperation Council (GCC) countries, the ADGM Data Protection Regulations 2021 apply in addition to the GDPR standard set out in this Notice. The ADGM DPR and the GDPR are substantively aligned and this Notice satisfies the transparency requirements of both frameworks simultaneously.
Users in the UAE may lodge complaints with the ADGM Commissioner for Data Protection. Information on how to do so is available on the ADGM website.
International transfers from the ADGM to EEA Member States are covered by the adequacy recognition between the ADGM and the EU. Transfers to other countries outside the ADGM are governed by Part V of the DPR and the safeguards described in Section 6 of this Notice.
Where Yasi One is accessed by users located in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply. The rights and obligations described in this Notice apply equally to UK users, with references to the GDPR to be read as references to the UK GDPR where the context requires.
Users in the UK may lodge complaints with the Information Commissioner’s Office (ICO) at ico.org.uk.
International transfers from the UK to the UAE are subject to UK adequacy regulations or International Data Transfer Agreements (IDTAs), as applicable.
There is currently no single federal privacy law of general application in the United States. Privacy rights for US residents are governed at the state level and vary depending on the state of residence. Certain states — including California, Virginia, Colorado, Connecticut, and Texas — have enacted comprehensive privacy laws that may grant residents additional rights with respect to their personal data, such as the right to know, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal data, and the right to non-discrimination for exercising privacy rights.
My Aion applies the GDPR as its global baseline standard, which provides a level of protection consistent with or exceeding the requirements of applicable US state privacy laws for all users, regardless of their state of residence. To the extent that specific US state privacy laws apply to My Aion’s processing activities, My Aion will comply with those requirements. Users located in the United States who wish to exercise rights under applicable state law, or who have questions about how their data is handled, may contact us at privacy@aionai.io indicating their state of residence.
Users in other jurisdictions may have additional rights under applicable local law. For jurisdiction-specific enquiries, please contact us at privacy@aionai.io indicating your country of residence. We will assess applicable requirements and respond accordingly.
Technology provider: My Aion Inc.
My Aion inc. 257 Old Churchmans Rd, New Castle, DE 19720, USA EIN: 92-3279708
© 2026 My Aion Inc. All rights reserved.
UAE Strategic Partnership