GENERAL DATA PROTECTION REGULATION (GDPR)
Last updated: January 14, 2026
The information given by AYYES, LLC relating to the GDPR (General Data Protection Regulation) is for information purposes only. It is not designed to be an exhaustive guide to the requirements of the GDPR. It is users responsibility to ensure that you comply with the provisions of the GDPR and related legislation. Each company’s responsibilities relating to the GDPR will vary depending on individual circumstances; accordingly, we will not be liable to you for your reliance on information provided in relation to the GDPR.
You warrant, represent, and undertake to us that Personal Data shall comply with the GDPR in all respects including, but not limited to, its collection, holding, and processing.
You shall be liable for, and shall indemnify (and keep indemnified) us in respect of any and all action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and payments on a solicitor and client basis), or demand suffered or incurred by, awarded against, or agreed to be paid by, us and any of our Sub-Processors arising directly or in connection with:
- Any non-compliance by you with the GDPR or other applicable legislation;
- Personal Data processing carried out by us and any of our Sub-Processors in accordance with instructions given by you that infringe the GDPR or other applicable legislation.
AYYES, LLC is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). We ensure that your data is processed lawfully, fairly, and transparently.
AYYES processes personal data under the following lawful bases as defined by GDPR Articles 6 and 9:
- Contractual necessity – to provide services you request
- Legitimate interests – to maintain security, improve services, and prevent fraud
- Consent – for analytics, cookies, advertising, and optional features
- Legal obligation – to comply with applicable laws
- Vital interests – where required for safety or security
Controller and Processor Roles
AYYES acts as:
- Data Controller for account data, billing data, analytics, and platform usage
- Data Processor when processing data on behalf of customers using AYYES Work Manager, AYYES Time Tracker, or related applications
Data storage Guideline
Data is stored securely in Akamai, Linode, Wasabi, and Amazon AWS data centers throughout the world. Data will be held in the data center nearest to the location USA or Europe. Data is encrypted at rest and is also encrypted in transit with all communications over HTTPS.
AYYES implements:
- Encryption in transit and at rest
- Access controls and authentication
- Network firewalls and DDoS protection
- Continuous monitoring
- Incident response procedures
- Regular audits and vulnerability assessments
AYYES uses the following sub‑processors to support service delivery: AWS, Azure, Google Cloud Platform (GCP), Wasabi, Cloudflare, Stripe, PayPal, Twilio, SendGrid, Google Analytics, Google Ads, OpenAI, Azure AI, openstreetmap.
All sub‑processors are contractually required to meet GDPR‑compliant security standards
AI/ML Processing
AYYES applications may process:
- User inputs
- Uploaded content
- Behavioral data
- Telemetry
- Productivity signals
- System interactions
AI outputs may be probabilistic and may contain inaccuracies. AI is not used for automated decision‑making that produces legal or significant effects without human involvement
Monitoring Disclosures
AYYES Work Manager and AYYES Time Tracker may collect:
- Screenshots
- Browser URL activity
- GPS location
- IP address
- Device telemetry
- Application usage
- Productivity scoring
You are responsible for obtaining all legally required notices and consents
Clarification on “We Do Not Sell Data”
AYYES does not sell personal data under GDPR.
Certain analytics and advertising partners may process data as independent controllers, which is not considered “selling” under GDPR but may be considered “sharing” under U.S. state laws.
Backup and Security
In terms of security, access to security logs are strictly controlled. We leverage cloud data center security policies updates for security patches updates. We use Cloudflare and Akami/Linode to monitor for unauthorized intrusion attempts and report unauthorized access upon detection to the Federal government agencies. Our authorized support and sales executives have limited access to usage data, and technical support teams access our network and server infrastructure. Data is backed up every day using auto back system. Our data-retention policies are dictated by user account holders. All access to AYYES dashboard and features is controlled by username and password. Unpaid account usage data is deleted every 90 days.
Data Breach Policy
In the event of a data breach, the point of contact from AYYES, is our legal at ayyes.com, this will invoke the data control procedure with our customer support team as required. Then we will report the breach to the relevant supervisory authority within 72 hours. Upon technical research corrective measures are taken to handle data breach policies.
Data Retention
Please note that consent given does not last forever. All user and personal information will be retained for the purposes of bulk eMail marketing & Phone call management data analytics, once the user master account is closed all data including sub-users will be retained up to 365 days (we reserve the right to change this policy without notice). This means we will delete AYYES Master account and sub-account database & files which we cannot be retrieve upon deletion.
Data may be retained longer where required for:
- Legal compliance
- Fraud prevention
- Security monitoring
- Audit requirements
Data Transfers
Your data may be transferred to the United States or other jurisdictions.
International Transfer Mechanisms
Where data is transferred outside the EU/EEA or UK, AYYES uses:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Addendum (IDTA)
- Adequacy decisions
- Contractual safeguards
No SPAM
We comply with anti-spam laws and enforce anti-spam policies.
Our Rights Under GDPR
You have the right to:
- Access your data
- Correct your data
- Delete your data
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- File a complaint with a supervisory authority
Right to Human Review
If AI/ML features are used, you may request:
- Human review
- Explanation of automated processing
- Opt‑out where legally required
Contact us
If you have any questions about GDPR compliance, please contact: legal @ ayyes.com