🔒 The short version: your business data never leaves your browser. Analysis runs locally in JavaScript. We are a small, transparent team — this page explains exactly what touches your data and what doesn't.
The following six steps describe the complete lifecycle of your data when you use YieldSentinel. Steps marked Local never leave your device. Steps marked Third-party involve an external service, with details below.
These are the only external services YieldSentinel uses. We do not use advertising networks, CRMs, or any analytics that tracks individual users.
| Service | Purpose | What they receive | Policy |
|---|---|---|---|
| Netlify | Website hosting | Standard server request logs (IP address, page URL, timestamp). No business data. | netlify.com/privacy |
| Lemon Squeezy | Payment processing & subscriptions | Email address, payment details, plan status. No CSV data or analysis results. | lemonsqueezy.com/privacy |
| Google Fonts | Font delivery (DM Sans, Cormorant Garamond) | Standard CDN request (IP address, browser type). No personal or business data. | Google Fonts privacy FAQ |
| Anthropic | Optional AI-powered insights | Short derived analysis summaries only (e.g. aggregated metrics). Never raw CSV. Only active when you enter your own API key and enable the feature. | anthropic.com/legal/privacy |
| Data | Where it lives | Who can see it |
|---|---|---|
| Your CSV files | Your browser (memory only, cleared on tab close) | You only |
| Analysis results & saved analyses | Your browser's localStorage | You only |
| Exported PDFs and CSVs | Your device's Downloads folder | You only |
| Anthropic API key (if entered) | Your browser's localStorage | You only — never transmitted to YieldSentinel |
| Email address | Lemon Squeezy (if subscribed) + our internal records | YieldSentinel and Lemon Squeezy |
| Plan status & trial dates | Your browser's localStorage | You only |
| Payment details | Lemon Squeezy only | Lemon Squeezy only — YieldSentinel never sees card details |
We do not currently offer a formal DPA because YieldSentinel does not process your business data — it never leaves your device. If your organization requires a DPA for the limited personal data we handle (email address), contact us at pchartre@yieldsentinel.com.
No. We are a small, bootstrapped product and have not pursued SOC 2 certification. We believe our architecture — which keeps business data entirely local — is more meaningful than a compliance checkbox. We will be transparent about this limitation if your organization requires SOC 2.
No. Anthropic's API usage policies explicitly state that API inputs are not used for model training. Additionally, we only ever send short derived summaries to the API — not raw CSV data.
Not currently. YieldSentinel uses email-based authentication via Lemon Squeezy. SAML/SSO is not available at this time. Contact us if this is a requirement for your organization.
Your analysis results are stored in your browser's localStorage. We do not back up this data — it is your responsibility to export results you want to keep. We recommend using the Profit Recovery Brief™ export feature to create a permanent record of key findings.
We cannot access your business data because we don't have it — it never leaves your browser. In the unlikely event of a legal request, we could only provide email addresses and subscription records held by Lemon Squeezy.
We believe in being direct about what we are and aren't. Here's what YieldSentinel does not currently offer:
If any of these limits are blockers for your use case, please email pchartre@yieldsentinel.com — we'll give you a straight answer on whether YieldSentinel is the right fit.
Security concerns, trust questions, or DPA requests: pchartre@yieldsentinel.com. We respond personally, usually within 24 hours.