← Back to Home

Privacy Policy

Last updated: May 17, 2026

1. Introduction

BlankCanvaAI Inc. ("we," "us," or "our") operates YourDev, an AI-powered customer support chatbot platform accessible at https://yourdev.ai. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

We are committed to protecting your personal data and respecting your privacy rights. This policy is designed to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information when you use the Service:

2.1 Account Data

When you register for an account, we collect your email address, display name, and profile avatar (provided via third-party authentication providers such as Google). We use this information to identify you, communicate with you, and manage your account.

2.2 Document Data

Merchants may upload files and content to populate their chatbot's knowledge base, including PDFs, DOCX files, website URLs, and Google Drive content. We process this content to extract text, create searchable embeddings, and generate AI responses. You are responsible for ensuring you have the right to upload any content you provide.

2.3 Conversation Data

We store messages exchanged between end-users and your chatbot. This includes the questions posed by end-users and the AI-generated responses. Merchants can view and manage conversation history through the dashboard.

2.4 Billing Data

We collect billing-related information to process payments, including your name, billing address, and the last four digits of your payment card. Full payment card numbers are processed exclusively by Stripe, Inc. and are never stored on our servers.

2.5 Usage Data

We collect data about how you use the Service, including features accessed, API calls made, credit consumption, bot configuration changes, and time and frequency of use. This data helps us improve the Service and enforce plan limits.

2.6 Technical Data

We collect technical data including IP addresses (used for rate limiting and abuse prevention; not persisted long-term), browser type and version, device type, operating system, and referring URLs. This data helps us maintain the security and performance of the Service.

2.7 Integration Data

If you connect third-party services such as Google Drive or GitHub to the Service, we collect and store OAuth access tokens and the data necessary to perform the requested synchronization. We only request the minimum permissions needed to provide the integration feature.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Processing your documents, generating chatbot responses, managing your account, and delivering the core features of the platform
  • Billing and Account Management: Processing payments, managing subscriptions, enforcing credit limits, and sending transactional emails (invoices, receipts, plan change notifications)
  • Security and Abuse Prevention: Detecting and preventing fraud, abuse, spam, and other harmful activities; enforcing our Terms of Service
  • Customer Support: Responding to your inquiries, resolving technical issues, and providing assistance
  • Service Improvement: Analyzing usage patterns, diagnosing technical problems, and developing new features (we do not use your Merchant Content to train third-party AI models)
  • Legal Compliance: Meeting our legal obligations, enforcing our agreements, and responding to lawful requests from authorities
  • Communications: Sending you product updates, feature announcements, and policy change notices (you may opt out of marketing communications at any time)

4. Third-Party Processors

We share your data with the following sub-processors who help us deliver the Service. Each processor is contractually bound to handle your data in accordance with applicable privacy laws and our instructions.

Supabase

Provides authentication services and hosts our PostgreSQL database. Account data, conversation data, and document metadata are stored here.
Supabase Privacy Policy

Stripe, Inc.

Processes all payments and manages subscription billing. Payment card data is handled exclusively by Stripe under PCI DSS compliance. We share billing contact information and subscription status with Stripe.
Stripe Privacy Policy

OpenAI

Used exclusively for generating text embeddings (vector representations) of your uploaded documents to enable semantic search. Document text (chunks) is sent to OpenAI's Embeddings API for this purpose.
OpenAI Privacy Policy

OpenRouter

Routes AI model inference requests for generating chatbot responses. Conversation context (relevant document excerpts and user messages) is sent to AI models via OpenRouter for response generation.
OpenRouter Privacy Policy

Cloudflare

Provides CDN, DDoS protection, web application firewall, file storage (Cloudflare R2) for raw uploaded files, and CAPTCHA verification (Cloudflare Turnstile). IP addresses and request metadata pass through Cloudflare's network.
Cloudflare Privacy Policy

Google

If you connect your Google account, we use the Google Drive API to sync documents from your Drive folders. We access only the files and folders you explicitly authorize. We also use Google as an authentication provider for sign-in.
Google Privacy Policy

GitHub

If you connect your GitHub account, we use the GitHub API to sync documents from your repositories. We access only the repositories and content you explicitly authorize.
GitHub Privacy Statement

LlamaParse (LlamaIndex)

Provides document parsing services to convert PDFs and other file formats into structured text. Uploaded document files are sent to LlamaParse for text extraction as part of the ingestion pipeline.
LlamaIndex Privacy Policy

5. Data Retention

We retain different categories of data for different periods:

  • Account Data: Retained for the lifetime of your account. If you close your account, account data is deleted within 30 days unless we are required to retain it by law.
  • Documents: Retained until you delete them or close your account. Deleting a document removes both the raw file and all associated embeddings and chunks.
  • Conversation Data: Retained until you delete conversations or close your account. End-users may request deletion of their conversation data through the Merchant (as a data controller) or directly through us as described below.
  • Billing Records: Retained for the period required by applicable tax and financial regulations (typically 7 years in the United States).
  • Technical / Log Data: Retained for up to 90 days for security and debugging purposes.

To request deletion of your data, contact us at contactus@blankcanvaai.com. We will respond to deletion requests within 30 days.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
  • Encryption at Rest: Data stored in our database and object storage is encrypted at rest
  • Row-Level Security: Our database enforces row-level security policies to ensure each Merchant can only access their own data
  • Access Controls: Internal access to production systems is restricted to authorized personnel on a need-to-know basis
  • Authentication: User authentication is managed by Supabase with industry-standard session management

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you become aware of any security vulnerability or breach, please notify us immediately at contactus@blankcanvaai.com.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

To exercise any of these rights, please contact us at contactus@blankcanvaai.com. We will respond to your request within 30 days. We may require verification of your identity before processing your request.

8. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific privacy rights regarding your personal information:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties, and we do not share it for cross-context behavioral advertising purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will not be denied service, charged different prices, or provided a different quality of service as a result of exercising your CCPA rights.

To submit a CCPA rights request, please contact us at contactus@blankcanvaai.com. We will verify your identity and respond within 45 days as required by law.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a person under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us at contactus@blankcanvaai.com.

10. International Data Transfers

BlankCanvaAI Inc. is based in the United States, and the Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EEA, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for such transfers where required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide at least 30 days' prior notice by sending an email to the address associated with your account and/or by posting a prominent notice on the Service. The updated policy will be effective as of the "Last Updated" date shown at the top of this page.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BlankCanvaAI Inc.

Email: contactus@blankcanvaai.com

Website: https://yourdev.ai

Terms of ServiceCookie Policy← Back to Home