Legal

Security Overview

Last updated: 22 May 2026 · HUBLAUNCH TECHNOLOGIES (PTY) LTD

Yield is built for operators who depend on their data. This page summarises the security and data-protection measures in place. Questions? Email xavier@yieldapp.co.

01

Data ownership

Your organisation owns its underlying business data. Yield processes that data only to provide, secure, support, and operate the service. We do not sell your data, and we do not use your data to train third-party AI models.

Yield may retain limited structural ingestion signals — such as column or header patterns — to improve import reliability. We do not treat your private operational history as third-party model-training data.

02

Access control

Access to all app data is restricted by authentication, organisation scope, and role boundaries. At the database layer, tenant isolation is enforced through row-level security. Every operational write path is designed to be auditable.

03

Internal access

Authorised Yield personnel may access limited customer data only where reasonably necessary to operate the service, respond to support requests, investigate incidents, maintain backups and recovery, prevent abuse, or comply with legal obligations.

04

Encryption and infrastructure

All data is transmitted over encrypted connections (TLS). Data at rest is encrypted at the provider layer. Yield uses EU-hosted managed infrastructure through Supabase and AWS.

05

Retention and recovery

Structured operational records are retained while your workspace is active. Invoice source PDFs may be retained while your workspace is active where needed for verification and audit support. Other raw uploads are subject to shorter retention windows — successfully processed files are purged after 30 days.

Backups are maintained for a limited recovery window to support continuity in the event of an incident.

06

Monitoring

Yield maintains real-time error monitoring, incident-response procedures, and restore procedures intended to support service continuity. Anomalous access patterns are flagged for review.

07

AI providers

Where AI-backed features are enabled, only the limited content required for the specific workflow is sent to the configured provider. Anthropic is used for assistant and extraction workflows, and OpenAI is used for voice or transcription workflows where enabled. Yield does not use customer data to train third-party foundation models.

08

Privacy rights and requests

Customers may request data export or deletion through the owner privacy settings flow inside the app, or by emailing xavier@yieldapp.co. See our full Privacy Policy for POPIA rights and procedures.

09

Contact

Security contact: Xavier Muvuti, HUBLAUNCH TECHNOLOGIES (PTY) LTD
1 Both Road, Claremont, Cape Town, Western Cape, 7708, South Africa
Email: xavier@yieldapp.co

Privacy PolicyTerms of ServiceRefund PolicySign in