Yanyja

Privacy Policy

Last Updated: 2 June 2026

Yanyja (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our platform (yanyja.com), whether you are a Customer making a booking, a Provider running your business, or a Resource (staff member).

1. Information We Collect

A. Information You Provide to Us

  • Account Information: When you register, we collect your email address. Yanyja uses a passwordless One-Time Password (OTP) system, meaning we do not collect or store passwords.
  • Profile Information: Display name, preferred timezone, and optional phone number.
  • Business Information (Providers): Business name, location address, operating hours, and service details.
  • Verification Data (Providers): Business-identity documents or information submitted (by email) for the “Verified by Yanyja” verification process. In V1 these documents are reviewed but not stored on our platform — we retain only the verification decision and its timestamp.
  • Booking Data: Information related to the appointments you book, including dates, times, and selected services.
  • Communications: Messages sent via the 3-way Booking Feed between Customers, Providers, and Resources.

B. Information Automatically Collected

  • Location Data: If you are a Provider setting up a location, we use a third-party mapping service to resolve the address into geographic coordinates.
  • Security Data: To protect our platform from bots, we use a bot-protection service, which may analyse network and device characteristics during the OTP request phase.

2. How We Use Your Information

We use the information we collect primarily to provide, maintain, and improve the Yanyja platform:

  • To facilitate and manage appointment bookings.
  • To send transactional notifications (e.g., booking confirmations, cancellations, reminders, and OTPs) via email and in-app notifications.
  • To operate the 3-way Booking Feed.
  • To verify Provider businesses to maintain platform trust.
  • To maintain the security of our platform and prevent fraud.

3. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

  • Between Users: When a Customer books an appointment, relevant details (name, booking time, feed messages) are shared with the specific Provider and assigned Resource.
  • Service Providers: We share data with trusted third-party vendors who help us operate the platform, each limited to the data it needs for its function:
    • Infrastructure & security: Cloud hosting, secure database storage, edge caching, and bot protection for the platform.
    • Email delivery: To process and send transactional email notifications (confirmations, reminders, and one-time passwords).
    • SMS delivery: Through an Australian-based SMS provider, to send transactional SMS — booking confirmations and reminders — to Customers who have explicitly opted in to texts from a specific salon. SMS is sent only from the registered YANYJA alphanumeric sender ID. Consent is per-salon; opting out (via the link in any text or by replying STOP) stops further SMS.
    • Mapping & geocoding: To resolve business addresses into map locations.
  • Overseas disclosure: Some of these providers are located outside Australia (including in the United States). Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles.
  • Legal Compliance: We may disclose your information if required by law or in response to valid requests by public authorities.

4. Data Storage and Security

Yanyja is built on a modern, secure edge-computing architecture.

  • Data at Rest: All data is encrypted at rest in our managed database.
  • Data in Transit: All communications between your browser and our servers are encrypted via TLS (HTTPS).
  • Authentication: We use HttpOnly secure cookies and OTPs, eliminating the risk of password theft.

5. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy.

  • Account Deletion: Users have the right to request account deletion. Upon deletion, Personally Identifiable Information (PII) is securely anonymised in our databases to preserve the structural integrity of historical booking records for Providers without identifying the individual Customer.
  • Message History: Outbound message records (SMS, email, and in-app content plus their delivery status) are retained for a default of 24 months, after which they are purged automatically. A Provider may delete a specific Customer’s message history with their salon at any time; this removes only that salon’s records for that Customer.

6. Your Data Rights

As an entity bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), you have the right to access, correct, update, and request deletion of your personal data. To exercise these rights, please contact us.

7. Behavioural Reliability Signals

Yanyja may compute a reliability signal derived from your appointment history across the platform — for example, a show/no-show score based on confirmed bookings you attended or did not attend.

Lawful basis: The processing rests on the legitimate interests of Providers and Resources on the platform who rely on booked time being honoured. We have balanced this against your interests by applying the constraints below.

What crosses a tenant boundary: A derived, non-identifying aggregate score only. No individual Provider can ever see raw booking records from another Provider’s bookings with you.

How the signal is used: A Provider MAY use the signal to adjust the friction on a booking request — for example, requiring an additional confirmation step, adjusting slot ordering, or influencing waitlist priority. The signal MUST NOT be used as the sole basis for denying you the ability to book; it may only adjust friction, not hard-block access.

Your rights regarding this signal:

  • Access: You may request a copy of the reliability signal held about you at any time by contacting us.
  • Correction: If you believe the signal is inaccurate, you may dispute it. Confirmed corrections are applied and propagated to downstream decisions.
  • Explanation: Where the signal has materially affected an automated decision you experienced, you may request an explanation of how it was applied.
  • Objection: You may object to this processing at any time. We will assess your objection against our legitimate interests and notify you of the outcome.

8. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

  • Email: hello@yanyja.com
  • Entity: Yarra Systems Pty Ltd (trading as Yanyja), ABN: 20 698 366 531
  • Registered office / postal address: Suite 1208/530 Little Collins Street, Melbourne VIC 3000, Australia
Join the Melbourne beta