Privacy Policy
Last updated: July 9, 2026
1. Purpose, Scope and Who We Are
In this Privacy Policy, “Yumo”, “we” and “us” refer to the operator of the Yumo service. “Users” or “you” refers to everyone who visits our website or uses our applications. This policy describes what information we collect through the Yumo website at yumostudio.app and its subdomains and all related services (collectively, the “Service”), how we use it, and who we share it with. Together with our Terms of Service, this Privacy Policy governs your use of the Service. Yumo is a fan-content studio that lets you create AI mascots, fan posters, memes, stickers and prediction cards.
2. Using the Service
You can browse the Service without providing any personal information. You choose to give us information when you create an account, upload photos, make purchases or contact us. We need certain information to register you, authenticate you, process your purchases and deliver your creations.
3. Information We Collect
3.1 Information you provide
- Account information. If you create an account: your email address and display name.
- Photos you upload. Selfies or other images you upload to generate posters or other creations.
- Generated content. The mascots, posters, memes, stickers and cards you create with Yumo.
- Communications. Messages you send us, e.g. when you email support.
3.2 Third-party sign-in
If you sign in through a third party such as Google, you authorise us to receive certain information from that account — typically your email address and avatar — as allowed by your settings with that provider and their privacy policy. You can control what Google shares via your Google account settings. If you signed up by mistake, you can delete your account at any time or email hello@yumostudio.app.
3.3 Payment information
Payments are processed by Paddle.com, our merchant of record. We never see or store your full card details. Paddle shares with us only what is needed to fulfil your purchase (e.g. transaction ID, country, email address).
3.4 Usage data
Like most online services, we automatically collect basic technical and usage data: the date and time you access the Service, your IP address, device and browser type, the pages you visit, the features you use, the links you click, how you arrived at the Service, and your approximate location (country level, derived from your IP address). We do not collect precise GPS location. We use this data in aggregated form to understand how the Service is used and to improve it.
4. Cookies and Similar Technologies
We use essential cookies to keep the Service working (e.g. keeping you signed in) and a minimal set of analytics cookies to understand usage. We do not use third-party advertising cookies or serve third-party ads. You can set your browser to refuse cookies, but some parts of the Service (such as staying signed in or completing a purchase) may not work without them.
Do Not Track: some browsers can transmit a “Do Not Track” signal. Like many online services, the Service does not alter its practices in response to Do Not Track signals; our practices are as described in this policy regardless.
5. How We Use Your Information
5.1 Your photos
Photos you upload are used only to generate the content you request. To do this, your photo is transmitted securely to our AI processing providers, which process it solely on our behalf. Uploaded photos are automatically deleted from our systems within 30 days of upload. We never sell your photos, use them for advertising, or use them to train AI models.
5.2 Everything else
- To provide, maintain, personalise and improve the Service.
- To process purchases and deliver credits.
- To send transactional emails (receipts, important service updates). We do not send marketing email without your consent.
- To respond to your support requests.
- To prevent fraud, abuse and violations of our Terms.
- To comply with legal obligations.
6. How We Share Information
We do not sell your personal data, and we do not share it with third parties for their own marketing. We share data only in these cases:
- Service providers that help us run Yumo, only to the extent necessary: hosting and infrastructure providers, AI generation providers (to process your requested creations), Paddle (payments), and privacy-respecting analytics providers. They process data on our behalf and may not use it for their own purposes.
- Legal requirements: regulators, law enforcement or courts, pursuant to an official request or where disclosure is required or permitted by law.
- Corporate transactions: if we sell, buy, merge or reorganise our business, information may be disclosed to prospective or actual purchasers or partners. We will seek appropriate protection for your information in any such transaction.
- Content you choose to share:your creations are private by default. If you choose to publish or share a creation (including to social networks), it becomes visible to others under that platform's terms, and we are not responsible for how others use it.
Sharing summary
| Reason for sharing | Does Yumo share? | Can you limit it? |
|---|---|---|
| Everyday business purposes — processing transactions, maintaining your account, responding to legal requests | Yes | No |
| Service providers — hosting, AI generation, payments, analytics | Yes | No |
| Business transactions — merger, acquisition or reorganisation | Yes | No |
| Our own marketing emails to you | Only with your consent | Yes — opt out any time |
| Third parties marketing to you | We do NOT share | — |
| Selling your personal data | We do NOT sell | — |
7. Information Security
Data is encrypted in transit using TLS, and we use reasonable physical, technical and organisational measures to safeguard the information we collect. However, no method of transmission or storage is completely secure: we cannot guarantee the security of information you disclose online, and you do so at your own risk.
8. Data Retention
- Uploaded photos: deleted within 30 days of upload.
- Generated content: kept while your account is active so you can re-download it, deleted upon account deletion.
- Account and transaction records: kept as long as legally required.
9. Communications
We may email you about your transactions and account (receipts, security notices, important changes to our Terms or this policy). These transactional messages are a condition of using the Service. Marketing email is sent only with your consent, and every marketing message includes an unsubscribe link; you can also opt out by emailing hello@yumostudio.app.
10. Links to Other Sites
The Service may link to other websites and services. They have their own privacy policies and practices, which we do not review and are not responsible for. Consult their policies before use.
11. Children's Privacy
Yumo is not directed at children under 13 (or the minimum digital-consent age in your country), and we do not knowingly collect personal information from them. If you are a parent or guardian and believe we have collected information from a child contrary to this policy or, in the United States, the Children's Online Privacy Protection Act (COPPA), contact us at hello@yumostudio.app and we will delete it.
12. International Transfers
The service providers that help us run Yumo may process data in the United States and other countries whose privacy laws may differ from those where you live. Where required, we use appropriate safeguards (such as standard contractual clauses offered by our providers) for such transfers. By using the Service, you understand that your information may be transferred, processed and stored in these countries.
13. Your Privacy Rights (GDPR, California and Elsewhere)
Depending on where you live, you may have some or all of the following rights over your personal data:
- Access and portability — request a copy of the data we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete your data (you can also delete your account yourself at any time).
- Objection and restriction — object to or restrict certain processing.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
For residents of the European Union and United Kingdom, these rights arise under the GDPR; you also have the right to lodge a complaint with your local supervisory authority. For California residents, the CCPA/CPRA provides rights to know, delete and correct, and the right to opt out of the sale or sharing of personal information — we do not sell or share personal information as defined by that law, and we do not discriminate against you for exercising your rights.
To exercise any of these rights, email hello@yumostudio.app with the subject “Privacy Request”. We may take reasonable steps to verify your identity before acting on a request, and we respond within 30 days.
14. Changes to This Policy
This is our current Privacy Policy, effective as of the “Last updated” date above. We may update it as the Service evolves; if we do, we will post the updated policy on this page with a new date. Material changes will be announced on this page.
15. Contact Us
Questions, comments or requests about this policy: hello@yumostudio.app