✨ Yoyatta
Privacy Policy
Last updated: —

Privacy Policy — Yoyatta

Company: Smart Soft K.K. (“we”, “us”, “our”) Product: Yoyatta iOS app, App Clip, booking pages, and related web services (“Yoyatta”) Contact: contact@smartsofuto.co.jp

Registered office: 3-4-27 Takeshima, Takeshima Plaza 302, Nishiyodogawa-ku, Osaka City, Osaka Prefecture, Japan

Last updated: September 12, 2025

1) Overview

This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, and your choices. Yoyatta helps Hosts publish availability and lets Bookers reserve time and automatically create online meetings (e.g., Zoom, Google Meet, Microsoft Teams, Cisco Webex). We do not access or store meeting audio, video, or chat content.

2) Scope

This Policy applies to:

  • The Yoyatta iOS app and App Clip,
  • Booking pages and related web experiences,
  • Our APIs and notifications,
  • Transactional communications we send (e.g., email).

3) Roles

  • Host: creates and manages calendars.
  • Booker: reserves a time slot on a Host’s calendar.

4) Data We Collect

4.1 Information you provide

Hosts

  • Email address, display name, profile image (or avatar you choose to provide),
  • Calendar settings (e.g., name, description, rules),
  • Integrations you connect (e.g., Zoom/Google/Teams/Webex),
  • Optional destinations you connect for notifications (e.g., Slack webhook).

Bookers

  • Email address (or a sign-in via Apple, Google, Microsoft, Slack, GitHub, LINE),
  • Name and avatar if provided by you or your chosen sign-in provider,
  • Selected time slot, timezone, and any note/title you add to a booking.

4.2 From services you connect (Hosts)

If you connect third-party services (e.g., Zoom/Google/Teams/Webex), we receive and store only the information needed to create/update/cancel meetings (such as meeting IDs and join links) and, where required, tokens to perform those actions on your behalf. We never access meeting content.

4.3 Collected automatically

  • Log data: IP address, device/browser type, timestamps, and basic diagnostic information for security, fraud prevention, and reliability.
  • Push delivery: device push token (for Host notifications only).

4.4 Cookies, tags & local storage (web)

  • Strictly necessary cookies to operate booking pages and remember verified viewers.
  • Measurement/analytics tags may load on booking pages (see §6). These can place first-party or third-party cookies solely for measurement and diagnostics. We do not run third-party advertising cookies.

5) How We Use Data

  • Scheduling: create, update, and cancel bookings; send calendar invitations and updates (.ics).
  • Integrations: create/update/delete meetings on your connected services when you ask us to.
  • Security & abuse prevention: protect accounts and calendars, detect fraud/spam, and enforce calendar rules.
  • Communications & notifications: send booking confirmations/updates/cancellations; deliver Host push notifications; post to connected channels (e.g., Slack) if you enable them.
  • Product improvement & analytics: understand which features are used and improve performance and reliability.
  • Compliance: comply with law, enforce our Terms, and protect rights and safety.

6) Analytics, Tags & Diagnostics

6.1 Platform analytics (first-party)

We measure feature usage (e.g., “booking created,” “integration connected/failed”) to improve Yoyatta. We do not collect meeting content, and we do not use analytics for third-party ad targeting.

6.2 Error/crash monitoring (Sentry)

We use Sentry to capture app errors and crashes. To correlate events without directly identifying you, we may send a hashed user ID. Crash reports can include device/OS information and stack traces. This data is used solely to diagnose and fix issues.

6.3 Microsoft Clarity (booking pages)

We operate Microsoft Clarity on booking pages for session analytics (e.g., click/scroll heatmaps, performance metrics). We configure Clarity to mask sensitive fields by default. Clarity may set cookies for measurement. We use this data to improve page usability and reliability; we do not use it for ad targeting.

6.4 Host-activated Google tags (GA4 / GTM)

Hosts can optionally enable Google Analytics 4 (GA4) or Google Tag Manager (GTM) for their booking pages by supplying an ID in the Host settings. When enabled:

  • Controller responsibility: The Host is the independent controller for those analytics. We act as a service provider to place the tag, and we do not receive your GA/GTM reporting data from Google.
  • Behavior: If both GA4 and GTM are set, the page loads GTM only (the Host can then manage all tags inside GTM).
  • Cookies: Google may set cookies for measurement.
  • Consent: See §6.5 for EEA/UK/CH guidance.

6.5 Consent & regional controls (EEA/UK/CH)

If you serve users in regions that require consent for analytics cookies (e.g., EEA/UK/CH), consent may be required before firing GA4/GTM.

  • Yoyatta supports Consent Mode / consent gating for Host-activated tags via GTM/GA configuration.
  • Hosts enabling GA/GTM are responsible for obtaining and recording consent where required and for configuring their tags accordingly (e.g., via GTM Consent Mode).
  • Platform-operated measurement (e.g., Clarity) is used for product improvement; where local law requires consent, we will provide or honor a consent mechanism or equivalent regional controls.

You never need to paste scripts into your page. If you enable GA/GTM, only the ID is needed; Yoyatta injects the loader securely with CSP nonces.

7) Sharing & Service Providers

We do not sell personal data. We share personal data only with:

  • Cloud infrastructure and email delivery providers (to host and send necessary communications),
  • Error/crash monitoring provider (Sentry) as described in §6.2,
  • Analytics vendors used on booking pages (Microsoft Clarity; Google when a Host activates GA/GTM),
  • Third-party services you connect (e.g., Zoom/Google/Teams/Webex, Slack) strictly to perform the actions you request.

We may disclose information to comply with legal obligations or to protect people, property, and our services.

8) Legal Bases (where applicable, e.g., EEA/UK)

  • Contract: to provide the service you request,
  • Legitimate interests: security, fraud prevention, reliability, and product improvement,
  • Consent: where required (e.g., certain analytics/cookies or when connecting integrations),
  • Legal obligation: compliance with law.

9) Data Retention

  • Bookings and related records: kept as needed to provide the service and for legitimate business purposes (e.g., security, audit), then deleted or de-identified.
  • Tokens for integrations: kept only while a connection is active or until they expire/are revoked.
  • Logs/diagnostics: retained for a limited period and then deleted or aggregated.
  • Host-activated analytics (GA/GTM): retention is governed by the Host’s settings in Google products; we do not control those vendor systems.
  • Clarity: retained per Microsoft Clarity’s standard retention; we use aggregated insights for UX and reliability.

10) Security

We use technical and organizational measures appropriate to the risk to protect personal data in transit and at rest. No system is perfectly secure; please protect your devices and avoid reusing sensitive passwords as calendar passcodes.

11) International Transfers

We may process and store data in countries outside your own. Where required, we use appropriate safeguards consistent with applicable law. Analytics vendors (e.g., Microsoft, Google) may process data in multiple regions; see their privacy documentation for details.

12) Your Choices

  • Disconnect integrations: you can remove connected services at any time.
  • Manage bookings: cancel via the links we provide; we’ll send updated calendar invites.
  • Diagnostics/analytics: you may limit certain diagnostics in OS settings; for web, you can manage cookies via your browser and, where available, consent banners. For Host-activated GA/GTM, follow the Host’s consent controls or contact the Host.
  • Email preferences: booking-related emails are necessary to operate Yoyatta; we don’t send marketing emails without consent.

13) Your Rights

Depending on your location (e.g., EEA/UK, Japan APPI, certain U.S. states), you may have rights to access, correct, delete, export, or object to/restrict certain processing. To exercise rights, email contact@smartsofuto.co.jp. We may need to verify your identity and identify the relevant booking(s) or account.

14) Notice to Invitees (Bookers who aren’t Yoyatta customers)

If you book time with a Yoyatta Host, we process your email, selected time, timezone, and share the meeting join link with you and the Host. We do not access meeting content. For data requests, email contact@smartsofuto.co.jp with the booking details (date/time and Host).

15) Children’s Privacy

Yoyatta is not directed to children. Do not use the service if you are under 13 (or the minimum age in your jurisdiction).

16) Changes

We may update this Policy from time to time. We will revise the “Last updated” date and, where required, provide notice in-app or by email. Your continued use means you accept the changes.

17) Contact

Smart Soft K.K. 3-4-27 Takeshima, Takeshima Plaza 302, Nishiyodogawa-ku, Osaka City, Osaka Prefecture, Japan Email: contact@smartsofuto.co.jp