Privacy Policy

Last updated: June 19, 2026

The short version: your GitHub token stays on your device. We don't store your credentials on our servers. We collect minimal analytics to improve the product, and we don't sell your data to anyone.

1. What Yado Is

Yado is a mobile app that gives you a full development environment with AI (Claude Code) on your phone. You sign in with GitHub, we provision a cloud container, and you work through chat or a terminal.

Yado is an independent product. It is not affiliated with, or endorsed by, Anthropic.

2. What We Collect

Account information: When you sign in with GitHub, we receive your GitHub username, email address, and a temporary OAuth token. We store your username and email to manage your account.

GitHub token: Your GitHub token is stored exclusively in your device's iOS Keychain. It is only sent to your container during active sessions and wiped when you disconnect. We do not store it in our database or backups.

Usage analytics: We track product events (e.g., "session started", "repo cloned", "toolbar used") with our own in-house analytics system. No third-party analytics services. Events include a device identifier, timestamp, and event name — no personally identifiable content from your terminal or code.

Crash reports: We use Sentry to collect crash reports in production. These include device info, stack traces, and your GitHub username for debugging. No terminal content or code is included.

Push notifications: If you enable notifications, we store your Expo push token to notify you when background tasks complete. You can disable this at any time in iOS Settings.

Subscriptions: If you subscribe to Yado Pro, we receive your purchase and subscription status (the product, whether it is active, and its expiry) through RevenueCat, which manages our subscriptions. Apple processes the payment. We never receive or store your payment card details.

Voice input: If you use voice dictation (a Pro feature), the audio you record is sent to our backend and forwarded to OpenAI for speech-to-text transcription. We do not store the audio. Only the transcribed text is returned to the app, where it is placed in your message for you to review before sending. See OpenAI in Section 5.

3. Your Container

Each user gets an isolated cloud container (Ubuntu). Containers are ephemeral — your repos and data persist during normal use but are wiped on infrastructure updates. Containers are not shared between users.

Your code, terminal history, and files in the container are yours. We do not monitor, read, or analyze the contents of your container, except to provide the service (e.g., running commands you initiate through the app).

4. What We Don't Do

  • We don't sell your data
  • We don't use third-party trackers or ad networks
  • We don't store your GitHub token on our servers
  • We don't read your code or terminal output
  • We don't share data with third parties, except the service providers listed in Section 5

5. Third-Party Services

Anthropic (Claude): When you use Claude Code in your container, your prompts and code context are sent to Anthropic's API. Anthropic's privacy policy applies to that interaction.

OpenAI: If you use voice input, the audio you record is sent to OpenAI for speech-to-text transcription. We do not retain the audio; only the resulting text is returned to you. OpenAI's privacy policy applies to that processing.

GitHub: We use GitHub OAuth for authentication and GitHub's API for repository operations. GitHub's privacy statement applies.

Fly.io: Your containers run on Fly.io's infrastructure. Fly.io's privacy policy applies to the hosting layer.

Sentry: Crash reports are processed by Sentry. Sentry's privacy policy applies.

Expo: Push notifications are delivered via Expo's push service. Expo's privacy policy applies.

Apple: Subscription purchases are processed by Apple through the App Store. Apple's privacy policy applies to payment processing.

RevenueCat: We use RevenueCat to manage subscription entitlements and receipts. RevenueCat's privacy policy applies.

6. Data Retention

Your account data (username, email) is retained as long as your account exists. Analytics events are retained indefinitely for product improvement. Container data is ephemeral and not backed up. You can delete your account and all associated data directly in the app (Settings), or email us — either way we'll remove everything within 7 days.

7. Security

Container API endpoints are authenticated with HMAC-SHA256 signed requests. GitHub tokens are stored in iOS Keychain and only injected into containers during active sessions. Container service names use random UUIDs and URLs are only provided to authenticated users.

8. Children

Yado is not intended for children under 13. We don't knowingly collect data from children.

9. Changes

We may update this policy. Significant changes will be communicated through the app. Continued use after changes constitutes acceptance.

10. Contact

Questions about this policy? Email mehdigatbache4@gmail.com.