Data Privacy Policy
1. Introduction
A. About Us
myTiro is developed and operated by Yappx Labs Inc, a Delaware corporation. "we," "us,"
"our," and "myTiro" are used interchangeably in this document and refer to Yappx Labs Inc.
By using myTiro.ai, you are agreeing to the collection of your personal information to provide you with our services. We reserve the right to review and change this policy periodically. We will notify users of material changes via email and/or a public announcement.
B. Terminology In this privacy policy, these terms have the following meanings:
By using myTiro.ai, you are agreeing to the collection of your personal information to provide you with our services. We reserve the right to review and change this policy periodically. We will notify users of material changes via email and/or a public announcement.
B. Terminology In this privacy policy, these terms have the following meanings:
- "User" means an individual or a company who has signed up on myTiro to avail of the services of the platform
- "Agent" refers to the myTiro software/apps/extensions/plugins/integrations installed by the user on devices, within applications, browsers, and any third-party software
- "Cloud" refers to the infrastructure used to host the services provided by myTiro.
2. Information we collect
We collect information in the following ways:
- Email, name, timezone, and other personal information provided by you when you sign-up for a myTiro account or request access to myTiro Beta.
- Device data like name, OS, IP, browsers, screen size, time zone, applications, active application, active file, notifications, shutdown/logoff/suspend/lock events and from computers where myTiro agent is installed.
- Browser information like browsing history (URLs only), tabs, bookmarks, web activity and other extensions for browsers where the myTiro extension is installed.
- Plugin information like file name, path, timestamps, and attributes (branch names, folders, editor, versions, names, languages, line content, user action) from installed myTiro plugins. Integration information like names, channels, timestamps, activity, titles, and events from third-party software where myTiro has been authorized by the user.
- Mobile information like the installed app, app usage, screen time, lock/unlock/usage events, call logs and list of SMSs.
- Usage data when you access, use or interact with myTiro and any of myTiro features through our website, agents, extensions, plugins or emails. Third parties, including but not limited to Google Analytics, may also use cookies to track your return visits to the website.
- We do not read, capture or store OTP, 2FA, passwords or any sensitive data. We do not access webcams or mics. We do not record screen activity or keystrokes. We do not capture or store any content (within files, URLs, and any other sources).
3. How the information is used
We will never sell, rent or share your personal information. No other user can see any of
your personal information. The information is used to provide, maintain, improve, and protect
services to our users, improve user experience, create/offer new services, and generate
aggregate statistics/benchmarks & reports with anonymized data.
The information is used to fulfill payments owed to us, meet legal requirements, and communicate with you.
We will ask for your consent before using any of your information for a purpose other than set out in this Privacy Policy.
The information is used to fulfill payments owed to us, meet legal requirements, and communicate with you.
We will ask for your consent before using any of your information for a purpose other than set out in this Privacy Policy.
4. How is the information protected
All data captured and processed by us is done on the cloud while ensuring maximum
security using administrative, technical and physical safeguards to protect the information.
The following principles are adhered to at all times:
Principle of least privilege
All services and users are granted minimal permissions that are required to perform their required tasks. Ensuring no entity has permission to access any data outside their scope. Employees have access to only necessary parts of the infrastructure to perform their job.
Encryption at rest and in transit
All data on the network is encrypted using TLS. All our services are hosted on Amazon Web Services, using their existing infrastructure security to encrypt data at rest. Confidential and/or sensitive data may be encrypted at the application level using enterprise-grade encryption provided by AWS KMS as an added layer of security.
Minimize Attack Surface
No internal server is exposed to the internet. All information is maintained in private networks. Services exposed to the public internet do not contain any personal information.
Automatic Updates
All systems, including but not limited to laptops, servers, and containers, are set to auto- update where possible or periodically updated manually to the latest version when available to incorporate the latest security updates and patches.
Security Boundaries
All environments (production, staging, development, etc.) are maintained separately. Navigating from one to another requires additional authorization controlled by AWS Identity and Access Management.
Infrastructure Security
All our infrastructure is hosted on Amazon Web Services (AWS). It is covered by, but not limited to, ISO/IEC 27001:2013 and SOC 3 certifications. The data centers adhere to world-class security standards as described here.
Principle of least privilege
All services and users are granted minimal permissions that are required to perform their required tasks. Ensuring no entity has permission to access any data outside their scope. Employees have access to only necessary parts of the infrastructure to perform their job.
Encryption at rest and in transit
All data on the network is encrypted using TLS. All our services are hosted on Amazon Web Services, using their existing infrastructure security to encrypt data at rest. Confidential and/or sensitive data may be encrypted at the application level using enterprise-grade encryption provided by AWS KMS as an added layer of security.
Minimize Attack Surface
No internal server is exposed to the internet. All information is maintained in private networks. Services exposed to the public internet do not contain any personal information.
Automatic Updates
All systems, including but not limited to laptops, servers, and containers, are set to auto- update where possible or periodically updated manually to the latest version when available to incorporate the latest security updates and patches.
Security Boundaries
All environments (production, staging, development, etc.) are maintained separately. Navigating from one to another requires additional authorization controlled by AWS Identity and Access Management.
Infrastructure Security
All our infrastructure is hosted on Amazon Web Services (AWS). It is covered by, but not limited to, ISO/IEC 27001:2013 and SOC 3 certifications. The data centers adhere to world-class security standards as described here.