01

Introduction

This Privacy Policy explains how Cat and box LLP ("we," "us," "our," or "Company"), a Limited Liability Partnership established in London, United Kingdom, collects, uses, processes, and protects your personal information when you use YetOnePro ("Service"), our Digital Asset Management (DAM) Software as a Service platform.

This policy applies to all users of YetOnePro, including both registered members and guest users, regardless of your location. We are committed to protecting your privacy and being transparent about our data practices.

Compliance Framework

Cat and box LLP is committed to complying with:

  • UK GDPR (United Kingdom General Data Protection Regulation)
  • EU GDPR (European Union General Data Protection Regulation)
  • CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act)
  • Other applicable privacy laws globally

We extend strong privacy protections to all users, regardless of location.

Contact Information

  • Company: Cat and box LLP
  • Service: YetOnePro
  • Jurisdiction: United Kingdom, London
  • Email: legal@yetone.pro
  • Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Data Protection Officer: We have not appointed a Data Protection Officer as we do not process personal data on a large scale that would require one under GDPR Article 37
02

Information We Collect

2.1 Personal Information We Collect Directly

Account Registration:

  • Full name
  • Email address
  • IP address (collected to prevent login/signup attacks and for security purposes)

Guest Users:

  • Session identifier (stored in secure cookies)
  • IP address (for security and fraud prevention)

2.2 Information You Upload (User Content)

File Content:

  • Any files, documents, images, videos, audio, or other digital assets you upload to YetOnePro
  • Metadata from your files (including geodata, creation dates, author information, technical specifications)
  • Comments, annotations, and collaboration data you add to assets
  • Folder and collection organization structures
Important: We act as a Data Processor for your uploaded content. You retain ownership and control of your files and content.

2.3 Information We Collect Automatically

Usage Information:

  • Pages visited and features used within YetOnePro
  • Time spent on different sections
  • Actions performed (uploads, downloads, shares, comments)
  • Browser type and version
  • Operating system
  • Device information
  • Referral sources

Cookies and Tracking Technologies:

We use cookies and similar technologies as detailed in our Cookie Policy. This includes:

  • Essential session cookies (for functionality)
  • Analytics cookies (Google Analytics, Microsoft Clarity)
  • Marketing cookies (Facebook Pixel)
2.4

Data Provision Requirements

Mandatory Information (Contractual Requirement)

To create and use a YetOnePro account, you must provide the following information:

  • Full name: Required to identify you within the service and for collaboration features
  • Email address: Required for account authentication, service communications, and password recovery
  • Password: Required for account security
Consequence of not providing: Without this mandatory information, we cannot create your account or provide you with access to YetOnePro services. This is a contractual requirement necessary to perform our service agreement with you.

Optional Information

  • Profile information: Additional profile details, avatar images, or preferences
  • Billing information: Only required if you upgrade to a paid plan (processed by [Payment Processor])
  • File content: You can use YetOnePro without uploading files, though this limits the service's functionality

Not providing optional information will not prevent you from using the core YetOnePro service, but may limit certain features or personalization options.

Automatically Collected Information

  • IP Address: Automatically collected for security, fraud prevention, and rate limiting (legitimate interest)
  • Usage Data: Automatically collected to improve service performance and user experience (legitimate interest)
  • Cookies: Some cookies are essential for service functionality, while others require your consent (see our Cookie Policy)

You cannot prevent the collection of essential technical information (IP address, essential cookies) if you wish to use the service, as this is necessary for security and basic functionality.

03

How We Use Your Information

3.1 Service Provision and Functionality

  • Create and manage your YetOnePro account
  • Enable file upload, organization, and management features
  • Process and optimize your uploaded files (re-encoding, thumbnail generation)
  • Facilitate collaboration and sharing features
  • Provide search and discovery capabilities
  • Enable portal creation and management
  • Send transactional emails related to your account and service usage

3.2 File Processing and Enhancement

  • Antivirus Scanning: All uploaded files are scanned for malware and security threats
  • Metadata Extraction: We automatically extract metadata from files for better organization and searchability
  • Image Optimization: Convert images to modern formats (AVIF, WebP) for better performance
  • Automatic Tagging: Small copies of images are sent to Amazon Rekognition for automatic tagging
  • Color Detection: Our algorithms detect main colors in images
  • Thumbnail Generation: Create thumbnails in various formats for improved performance
  • Audio/Video Processing: Re-encode and segment files for streaming optimization

3.3 Security and Fraud Prevention

  • Detect and prevent unauthorized access
  • Monitor for suspicious activity
  • Protect against spam and abuse
  • Maintain service security and integrity

3.4 Service Improvement and Analytics

  • Analyze usage patterns to improve YetOnePro features
  • Conduct research and development
  • Monitor service performance and reliability
  • Generate anonymized analytics and insights

3.5 Communication

  • Send important service updates and announcements
  • Respond to your support requests and inquiries
  • Provide customer service assistance
  • Send transactional emails via Amazon SES

3.6 Marketing and Advertising (With Consent)

  • Show relevant advertisements through third-party platforms
  • Measure advertising campaign effectiveness
  • Conduct session recordings for user experience improvement (Microsoft Clarity)
  • Track conversion and engagement metrics
3.7

Automated Decision-Making and Profiling

No Automated Decisions Affecting You

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing. We confirm that:

  • No automated decisions are made about your account status, access rights, or service availability
  • All decisions that affect your rights or service access are made by human review
  • We do not use profiling for decisions that would produce legal or similarly significant effects

Automated Processing for Service Enhancement

While we do not make automated decisions about you, we do use automated processing to enhance your experience:

Amazon Rekognition - Automatic Image Tagging:

  • Purpose: Analyze your uploaded images to suggest relevant tags automatically
  • How it works: Small copies of your images are sent to Amazon Rekognition, which returns suggested tags based on image content
  • Your control: Suggested tags are recommendations only—you can accept, modify, or reject them
  • Not used for profiling: This feature does not create profiles about you or make decisions affecting your rights
  • Data retention: Amazon does not store your images; they are processed in real-time and discarded

Other Automated Processing:

  • Color Detection: Our algorithms automatically detect dominant colors in images for organizational purposes
  • Metadata Extraction: Technical metadata (file type, creation date, dimensions, camera settings, etc.) is automatically extracted from uploaded files for improved organization and searchability
  • File Optimization: Images and videos are automatically processed to create optimized versions for better performance and faster loading
  • Security Scanning: All uploaded files are automatically scanned for malware and security threats to protect you and other users

Important: All of these automated processes are technical enhancements to improve service functionality and security. None of them make decisions about you, your access rights, or produce legal effects concerning you.

Your Rights: If we ever introduce automated decision-making that affects you, we will:
  • Notify you in advance and update this Privacy Policy
  • Provide you with the right to obtain human intervention
  • Allow you to express your point of view and contest the decision
  • Explain the logic involved and the significance of such processing
04

Legal Basis for Processing (GDPR)

For users in the European Union and United Kingdom, we process your personal information based on the following legal grounds under GDPR Article 6:

Consent

  • Analytics and marketing cookies
  • Non-essential processing activities
  • Email marketing (if you opt-in)

Contractual Necessity

  • Account creation and management
  • Service provision and core functionality
  • Payment processing through [Payment Processor]
  • File processing and storage

Legitimate Interest

  • Security and fraud prevention
  • Service improvement and development
  • Essential website functionality
  • Customer support

Legal Obligation

  • Compliance with applicable laws
  • Tax and financial record-keeping requirements
05

Data Sharing and Third-Party Services

5.1 We Do Not Sell Personal Information

We do not sell your personal information to third parties for money. However, some of our practices may constitute "sharing" under certain privacy laws (like California's CCPA).

5.2 Service Providers and Partners

Payment Processing:

[Payment Processor]: Acts as Merchant of Record, handles all payments, billing, and tax compliance

Purpose: Process subscriptions and handle financial transactions

Data Shared: Billing information, transaction details

File Storage and Delivery:

CDN Provider: SOC 2 Type II certified content delivery network for file storage and delivery

Purpose: Store and deliver your files securely and efficiently

Data Shared: Your uploaded files and associated metadata

File Processing:

Amazon Rekognition: For automatic image tagging

Purpose: Analyze images to generate automatic tags

Data Shared: Small copies of images only (not stored by Amazon)

Communications:

Amazon SES: For transactional email delivery

Purpose: Send service-related emails

Data Shared: Email addresses, email content

Analytics and Marketing:

  • Google Analytics: Website and service usage analytics
  • Microsoft Clarity: Session recordings and user behavior analysis
  • Facebook Pixel: Advertising and conversion tracking

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect our rights, property, or safety, or that of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

06

Data Controller vs. Data Processor Roles

We Are the Data Controller For:

  • Your account information (name, email, IP address)
  • Usage analytics and service interaction data
  • Support communications
  • Billing and payment information (processed by [Payment Processor])

We Are the Data Processor For:

  • Your uploaded files and content
  • File metadata and organization structures
  • Comments, annotations, and collaboration data
  • Any personal information contained within your uploaded files

Your Role as Data Controller

When you upload files containing personal information about others (e.g., photos of people, documents with personal data), you are the Data Controller responsible for:

  • Obtaining necessary consents
  • Ensuring legal basis for processing
  • Respecting individuals' privacy rights
  • Complying with applicable privacy laws
07

Data Retention

7.1 Account Information

  • Active accounts: Retained while your account is active and for up to 12 months after account closure
  • Billing records: Retained as required by tax and legal obligations (typically 7 years)

7.2 User Content and Files

  • Files are retained while your account is active
  • After account termination: Files are deleted within 30 days
  • Trash bin: Deleted files can be restored for 30 days before permanent deletion

7.3 Analytics and Marketing Data

  • Analytics data: Retained for up to 26 months (Google Analytics default)
  • Marketing cookies: 30 days or as specified in our Cookie Policy
  • Session recordings: Retained according to Microsoft Clarity's retention policies

7.4 Legal Obligations

Some information may be retained longer if required by legal, regulatory, or contractual obligations.

08

Data Security

We implement comprehensive security measures to protect your information:

Data Storage Locations

Your files and data are stored using a globally distributed content delivery network:

  • Primary Storage: United Kingdom
  • Backup/Replicas: Global regions outside UK/EU for redundancy and performance

Purpose: Multi-region replication ensures data durability (protection against data loss) and optimal global content delivery performance. All storage locations use SOC 2 Type II certified infrastructure with encryption at rest.

Safeguards: All international data transfers are protected by Standard Contractual Clauses (SCCs) and our CDN provider's SOC 2 Type II certification ensures appropriate security measures are in place globally.

Technical Safeguards

  • SOC 2 Type II certified infrastructure
  • Encryption in transit and at rest
  • Secure cookie implementation (HTTP-only, Secure, SameSite)
  • Regular security monitoring and updates
  • Antivirus scanning of all uploaded files

Operational Safeguards

  • Access controls and authentication
  • Regular security training for personnel
  • Incident response procedures
  • Regular security assessments

Physical Safeguards

  • Secure data centers with our service providers
  • Physical access controls
  • Environmental monitoring
09

International Data Transfers

YetOnePro is operated from the United Kingdom, but we use service providers globally. Your information may be transferred to and processed in countries outside your residence, including:

United States:

Google (Analytics), Microsoft (Clarity), Meta (Facebook), Amazon (SES, Rekognition)

Various Locations:

CDN global network, [Payment Processor]'s global infrastructure

All international transfers are conducted with appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Service provider certifications (Privacy Shield successors, SOC 2, etc.)
10

Your Privacy Rights

10.1 All Users

Access and Control:

  • View and update your account information
  • Manage your uploaded files and content
  • Control sharing and privacy settings
  • Delete files and folders (with 30-day recovery period)

Communication Preferences:

  • Opt-out of non-essential communications
  • Manage notification settings

10.2 EU/UK Residents (GDPR Rights)

Right to Access (Article 15): Request a copy of your personal information
Right to Rectification (Article 16): Correct inaccurate or incomplete information
Right to Erasure (Article 17): Request deletion of your information (right to be forgotten)
Right to Restrict Processing (Article 18): Limit how we process your information
Right to Data Portability (Article 20): Receive your information in a structured, machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interest
Right to Withdraw Consent (Article 7(3)): Revoke consent for processing (where consent is the legal basis)

10.3 California Residents (CCPA/CPRA Rights)

Know: What personal information we collect and how it's used
Access: Request access to your personal information
Delete: Request deletion of your personal information
Correct: Request correction of inaccurate information
Opt-Out: Opt-out of "sale" or "sharing" of personal information (see our Do Not Sell or Share My Personal Information page)
Non-Discrimination: Not receive discriminatory treatment for exercising your rights

10.4 How to Exercise Your Rights

  • Online: Through your YetOnePro account settings
  • Email: legal@yetone.pro
  • CCPA Opt-Out: Complete our opt-out form
  • Response Time: We respond to requests within 30 days (GDPR) or 45 days (CCPA)
11

Children's Privacy

YetOnePro is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly. Parents or guardians who believe their child has provided information to us should contact us immediately.

12

Cookie Policy

Our use of cookies and similar tracking technologies is detailed in our separate Cookie Policy. By using YetOnePro, you consent to our cookie practices as described in that policy.

Key points:

  • Essential cookies for functionality (cannot be disabled)
  • Analytics cookies for service improvement (can be disabled)
  • Marketing cookies for advertising (can be disabled)
  • 30-day retention period for most cookies
13

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

Minor Changes:

Updated "Last Updated" date

Material Changes:

  • Email notification to registered users
  • Prominent notice on our website
  • 30-day notice period before changes take effect (where required by law)

We encourage you to review this policy regularly to stay informed about our privacy practices.

14

Complaints and Regulatory Contact

If you have concerns about our privacy practices, please contact us first at legal@yetone.pro. We are committed to resolving privacy issues promptly.

For EU/UK Residents:

If you're unsatisfied with our response, you can file a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO) - https://ico.org.uk/
  • EU: Your national data protection authority

For California Residents:

California Attorney General's Office: https://oag.ca.gov/privacy/ccpa

15

Contact Us

For privacy-related questions, requests, or concerns:

Cat and box LLP
Email: legal@yetone.pro
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
For general support or service questions, visit our support center or contact our customer service team.
This Privacy Policy is effective as of the date listed above and governs your use of YetOnePro. By using our Service, you acknowledge that you have read and understood this policy.
ICO Registration: Cat and box LLP (trading as yetone.pro) is registered with the Information Commissioner's Office under registration number C1791113.