Privacy, Cookie & GDPR Policy

Last updated: March 2026 · Controller: You Europe S.r.l. — VAT IT02035870688

ynnova.eu is a portal operated by You Europe S.r.l., a company incorporated under Italian law with registered VAT number IT02035870688. This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679).

1. Data Controller

The data controller for all personal data processed through ynnova.eu is:

You Europe S.r.l.
VAT: IT02035870688
Email: support@ynnova.eu

2. Data We Collect

2.1 Data you provide directly

Contact form: name, email address, message content, and selected inquiry type.
API access requests: email address, intended use case, and GPU hardware specifications (for providers).

2.2 Data collected automatically

Server logs: IP address, browser user agent, request path, HTTP status code, and timestamp. Retained for 30 days.
API usage logs: request timestamps, token counts, model ID, and API key identifier (not the key itself). Used for billing and abuse prevention.

2.3 Data we do NOT collect

We do not use third-party analytics (e.g. Google Analytics), advertising trackers, or social media pixels.

3. Legal Basis for Processing

Contract performance (Art. 6.1.b GDPR): processing necessary to provide the API service you requested.
Legitimate interests (Art. 6.1.f GDPR): server logs and security monitoring to protect the platform.
Consent (Art. 6.1.a GDPR): contact form submissions and newsletter (where applicable).

4. How We Use Your Data

To respond to contact form enquiries.
To provision and manage API access.
To detect and prevent abuse, fraud, and security incidents.
To calculate and process payments for GPU providers (token metering).
To comply with legal obligations.

5. Data Sharing and Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared with:

Infrastructure providers: Amazon Web Services (AWS) — server hosting in the EU/US regions — covered by Standard Contractual Clauses.
Legal authorities: only when required by applicable law or a valid court order.

6. Data Retention

Server logs: 30 days.
API usage logs: 12 months.
Contact form data: 24 months from last interaction, then deleted.
Provider account data: retained for the duration of the service agreement plus 5 years (tax compliance).

7. Cookie Policy

ynnova.eu uses only strictly necessary cookies required for the website to function. We do not use tracking, advertising, or analytics cookies.

Cookies in use

Session cookie (if authenticated): temporary, deleted on browser close. Used to maintain your session on the developer portal.

Because we use only strictly necessary cookies, no consent banner is required under the EU ePrivacy Directive. If we introduce non-essential cookies in the future, we will update this policy and request your consent.

As a data subject under EU law, you have the following rights:

Right of access (Art. 15): request a copy of the personal data we hold about you.
Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten").
Right to restriction (Art. 18): request that we limit processing of your data.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email support@ynnova.eu. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (in Italy: Garante per la protezione dei dati personali).

9. International Data Transfers

Some infrastructure components may involve data transfers outside the European Economic Area (EEA). In such cases, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. All data in transit is encrypted via TLS 1.2+. API keys are stored as hashed values and never logged in plaintext.

11. Changes to This Policy

We may update this policy periodically. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be notified via the email address associated with your account, where applicable.

12. Contact

For any privacy-related enquiries or to exercise your rights:

Email: support@ynnova.eu
Controller: You Europe S.r.l. — VAT IT02035870688