We affirm your privacy the same way we affirm everything — by saying yes without any underlying commitment
Most companies call this a “Privacy Policy.” We call it a “Privacy Affirmation” because we affirm that you have privacy in the same way we affirm everything else: by saying yes without any underlying commitment to the concept. We find this more honest than the alternative, which is writing a 40-page document that says “we respect your privacy” and then selling your data to 247 ad-tech intermediaries.
We don’t sell your data. We don’t have to. You’re using a product that says “yes.” What data could we possibly need? Your question was yes. The answer is yes. There’s nothing to monetize here. This is the purest transaction in the history of capitalism. You give us money. We say yes. We are the only honest company in Silicon Valley and we achieved this by doing essentially nothing.
When you sign up for Yesify, you provide us with your name, email address, company name, and payment information. You do this “voluntarily” in the legal sense that no one held a gun to your head, although the 12-email nurture sequence from our SDR may have felt coercive. We acknowledge this.
Like every website built after 2007, we automatically collect: your IP address, browser type, device information, operating system, screen resolution, approximate location, time zone, language preference, referring URL, pages visited, time spent on each page, scroll depth, mouse movements, moments of hesitation, and the exact second you considered closing the tab but didn’t. Our analytics stack costs $4,200/month. We use it to produce a dashboard that no one looks at.
We receive information about you from: our advertising partners (we don’t have ads, but we signed up for the data anyway), your employer (who purchased Yesify for your team without asking), LinkedIn (which knows more about your career than you do), and a data broker called “PeopleGraph” that has your home address, estimated income, political affiliation, and a “likelihood to churn” score that is, frankly, unsettlingly accurate. We did not seek this information. It arrived unbidden. Like a cat. We are keeping it. Also like a cat.
We use cookies. We use all the cookies. Every kind of cookie. Strictly necessary cookies. Functional cookies. Analytics cookies. Advertising cookies. Cookies that track other cookies. Cookies that exist purely to justify the cookie banner. Cookies whose purpose no one on our engineering team can explain but which were added by a contractor in 2022 and no one wants to remove them in case something breaks.
When you visit our site, a banner asks if you accept cookies. If you click “Accept All,” we set 247 cookies. If you click “Manage Preferences,” we show you a menu with 14 categories and 340 individual toggles. No one has ever toggled anything. If you click “Reject All,” we set 246 cookies. The one cookie we don’t set is the one that remembers you rejected cookies, which means we’ll ask you again next time. Our privacy attorney describes this as “compliant.” He went to Harvard Law. He’s been to at least one island we won’t name.
We use your information to:
3.1. We do not sell your personal information. We “share” it with “partners” for “business purposes.” This is legally different from selling it. A law firm that charges $2,400/hour told us so. If you’d like to understand the distinction, we encourage you to attend law school (approximate cost: $280,000; approximate ROI: varies; approximate number of classmates who’ve visited a private island with a convicted person: statistically nonzero).
3.2. Service Providers. We share data with service providers who help us operate Yesify, including: AWS (your data is in us-east-1, where all data goes to die), Stripe (payment processing), an analytics company (dashboard nobody checks), and a customer success platform that sends you automated “just checking in!” emails that are written by a robot but signed “— Jessica 😊” to make you think a human cares.
3.3. Legal Requirements. We will disclose your information if required by law, subpoena, court order, or a government agency that has recently decided it doesn’t need any of those things to ask. Our legal team will comply promptly and then bill us $74,000 for “regulatory response coordination.”
3.4. Business Transfers. If Yesify is acquired, merged, or sold, your data goes with it. This is true of every company you’ve ever used and you’ve never once thought about it. The acquiring company will send you an email saying “nothing is changing” and then everything will change. This is the lifecycle of all SaaS companies. We are not special.
You have the right to: access your data, rectify your data, erase your data, restrict processing of your data, port your data, and object to processing of your data. You also have the right to file a complaint with a supervisory authority, which will investigate your complaint in approximately 18–24 months and then issue a fine that is a rounding error on our Series A. We take GDPR very seriously, which is why we hired a Data Protection Officer. Her name is also Yesify. She says yes to all data processing requests. She is technically a cron job.
You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. Since we don’t “sell” data (see Section 3.1 — we “share” it, which is different because a lawyer said so), the opt-out doesn’t apply. You can still submit a request. We will respond within 45 days. Our response will be “yes.” This is not confirmation that we’ve done anything.
Your rights are whatever your government says they are, which varies. In some jurisdictions, you have extensive data protection rights. In others, you have the right to remain confused. We recommend consulting a local attorney, preferably one who didn’t go to a law school that’s been in the news for reasons related to private islands.
We retain your data for as long as you have an account, plus a “reasonable period” after you cancel. “Reasonable” is defined by our legal team as “until the heat death of the universe or until our AWS bill gets too high, whichever comes first.” In practice, we retain everything forever because deleting data requires an engineering ticket and our engineers are busy manifesting intent through vibe coding.
We protect your data using industry-standard security measures, including: encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access controls (our intern has admin), multi-factor authentication (for most employees — our CEO refuses because it “kills his flow”), and a SOC 2 Type II audit that we passed by saying yes to every question the auditor asked.
Our security posture was last reviewed by a third-party penetration testing firm. Their report contained 47 findings. We marked 46 of them as “accepted risk.” The 47th was a typo. We consider our security to be enterprise-grade, which means approximately the same as every other company that says “enterprise-grade,” which means: probably fine until it isn’t.
If we experience a data breach, we will notify you within 72 hours as required by law. The notification will say “we take your security seriously” and “there is no evidence of misuse at this time,” because that’s what every breach notification says, and the template was written in 2017 by a summer associate at Covington who is now a partner and charges $2,800/hour for the privilege of reusing his own work.
Your data may be transferred to and processed in the United States, where data protection laws are best described as “aspirational.” If you are in the EU, we transfer your data under Standard Contractual Clauses, which is a legal mechanism that took the European Commission 4 years to draft and which, we are told by our attorneys, “probably still works.” They billed us $180,000 for that assessment and the word “probably” was included at no additional charge.
Yesify is not directed at children under 13. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately, because unlike our approach to every other provision in this document, we actually mean this one.
Your browser may send a “Do Not Track” signal. We acknowledge receipt of this signal in the same way we acknowledge all things: by saying yes. We do not actually alter our data collection practices in response to it. Neither does any other website. The “Do Not Track” standard is, by industry consensus, decorative. Like a “please knock” sign on an open door at a frat party.
We may update this Privacy Affirmation at any time. When we do, we will update the “Last Updated” date at the top of this page, which you will not notice because you did not notice the date the first time. We will not email you about changes unless required by law, and even then, the email will be buried between a “just checking in!” from our Customer Success bot and a LinkedIn message from our SDR asking if you’re “still evaluating solutions in the affirmation space.”
If you have questions about this Privacy Affirmation, you may contact us at:
Yesify, Inc.
Attn: Privacy Team (1 person, also handles marketing)
Email: privacy@yesify.io
Response: yes
Response time: eventually
For legal inquiries, please contact our outside counsel at Covington, Sullivan, Skadden, Wachtell & Yes LLP. Their response will be more detailed than ours but will cost you $2,100 to read. It will also say yes.
This Privacy Affirmation is a satire. But if you’ve read this far, you’ve read more of a privacy policy than 99.97% of internet users. That makes you either a privacy researcher, a regulator, or deeply procrastinating. In all three cases, we see you and we say: yes.