Last Updated: 29 April 2025
Welcome to Ywork, a platform operated by 90 North Ltd., a company incorporated in the United Kingdom. We are committed to protecting your personal data and ensuring transparency about how it is collected, used, and protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we handle personal data when you use our platform and outlines your rights and choices. It applies to all users, including business clients, professional service providers, and third parties interacting with Ywork. It is intended to provide a general overview and does not constitute an exhaustive list of all data processing activities or applicable rights.
By accessing or using the platform, you confirm that you have read and understood this Privacy Policy. If you do not agree with its terms, you should not use our services.
This Privacy Policy applies to the processing of personal data by 90 North Ltd., in connection with the operation of the Ywork Platform.
It applies to:
This Privacy Policy covers personal data collected through the Platform's digital services, including websites, interfaces, AI-powered tools, and related functionalities, regardless of access method (e.g., desktop, mobile, API).
It does not apply to third-party websites, applications, or services that may be linked or integrated within the Platform. We do not control and are not responsible for the content, policies, or practices of these external services. We encourage you to review their privacy policies before engaging with them.
We collect and process only the personal data required for functionality of the Platform. The types of personal data we may process include:
Necessary data for subscription management or service purchases, processed securely by authorised third-party payment providers.
We may process your contact details and communication preferences to send service-related updates or promotional messages, in accordance with applicable marketing laws. You can opt out of marketing communications at any time.
We collect personal data through a combination of direct user input, automated technologies, and interactions facilitated through the Platform. The methods of collection include:
You provide data when you:
We automatically collect data when you interact with the Platform, including:
We may receive data about you from external sources, including:
We process personal data where we have a lawful basis under the UK General Data Protection Regulation (UK GDPR). The lawful basis depends on the context and purpose of the processing. The table below outlines the key purposes and corresponding legal bases:
| Purpose of Processing | Legal Basis |
|---|---|
| Creating and managing user accounts | Performance of a contract (Art. 6(1)(b)) |
| Submission of requests, document upload, and facilitating interactions between Users and Third Parties or Users and Users. | Performance of a contract (Art. 6(1)(b)) |
| Sharing user profiles and project-related details with other Platform users or Third Parties as part of service functionality | Performance of a contract (Art. 6(1)(b)) |
| Processing and verifying payments, subscriptions, and invoicing | Performance of a contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) |
| Responding to support queries, service requests, and user feedback | Performance of a contract (Art. 6(1)(b)) |
| Processing AI-based inputs and generating outputs linked to projects | Performance of a contract (Art. 6(1)(b)) |
| Maintaining platform functionality and security | Legal obligation (Art. 6(1)(c)) |
| Monitoring platform performance, usage trends, and diagnostics | Legitimate interest (Art. 6(1)(f)) |
| Sending service-related notifications and account updates | Performance of a contract (Art. 6(1)(b)) |
| Sending optional marketing communications to business users | Legitimate interest (Art. 6(1)(f)), with opt-out rights under PECR |
| Managing email preferences and newsletter subscriptions | Consent (Art. 6(1)(a)) |
| Complying with legal obligations, including tax and regulatory requirements | Legal obligation (Art. 6(1)(c)) |
Where processing is based on legitimate interest, we ensure that such interests are balanced against your rights and freedoms. You may object to this type of processing at any time. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
The Ywork Platform uses AI-powered tools to assist Users with communication drafting, project interactions, and data structuring. When you use these features, your inputs (including messages, uploaded documents, or prompts) and any associated outputs may be processed using automated systems.
We process this data to:
Each AI-generated output is linked to your account and project. However:
You remain responsible for reviewing any AI-generated output and ensuring its suitability for your business or contractual use. For further disclaimers on the use and limitations of AI content, please refer to our Terms and Conditions.
We engage trusted third-party service providers (sub processors) to support the operation and delivery of the Platform. These providers assist with essential services such as infrastructure hosting, analytics, identity verification, communication, and payment processing.
Each sub processor is contractually bound to act only on our documented instructions, implement appropriate security measures, and comply with the requirements of Article 28 UK GDPR.
The table below provides an overview of the categories of sub processors and the types of data involved:
| Service Provider | Purpose of Processing | Data Categories Involved |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, database, storage, serverless functions | Platform application and data, User data, NLP and AI-generated data |
| Google services – APIs, Analytics | Google integration, Vision API, website user and usage tracking | User data, image processing data |
| LLMs / NLPs like OpenAI, Deepseek, Mistral ai, Gemini, Llama, etc. | AI-powered processing (LLM, NLP) | Text data, structured document data |
| Stripe | Payment collection service | User data, payment, fees and subscription related data |
| HubSpot | CRM | User's full name, email address, phone number, company name, company profile, address, website, services or supplies they provide. |
| Apollo.io | Sales engagement and intelligence | Full name, email address, phone number, company name, company profile, address, website, services or supplies they provide. |
For more information regarding specific sub processors, please refer to Section 15 ("How to Contact Us").
Some of the service providers we engage may process personal data outside of the United Kingdom (UK) or the European Economic Area (EEA), including jurisdictions not subject to an adequacy decision under UK data protection law.
These include:
Where required, we are actively working to implement appropriate safeguards, such as SCCs or equivalent instruments, in accordance with Article 46 UK GDPR, and adopt technical and organisational measures to ensure a level of protection essentially equivalent to UK standards.
You may request further information about our international transfer safeguards by contacting us at support@ywork.ai.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to provide the Ywork Platform, comply with legal obligations, resolve disputes (with Platform), and enforce our contractual terms.
The duration for which personal data is retained depends on the type of data and the context of its use:
We do not delete personal data immediately upon account closure but ensure that data no longer required for identifiable processing is either anonymised or securely isolated. Once anonymised, data is no longer considered personal data and may be retained indefinitely for statistical, research, and platform development purposes under Article 89(1) UK GDPR.
Personal data stored in system backups may be retained for up to 24 months after deletion from live systems. Such data is stored securely, inaccessible for routine processing, and only restored if required for disaster recovery or legal compliance.
You may request deletion of your personal data at any time, subject to legal and regulatory obligations. To do so, please contact us at support@ywork.ai.
You have certain rights under the UK General Data Protection Regulation (UK GDPR) regarding how your personal data is handled. These rights give you control over your information and how we use it.
You can contact us at any time to exercise these rights. We explain them below:
To ensure the accuracy, security, and quality of the Ywork Platform, we may conduct limited human review of certain processes and data including user data. This process is designed solely to improve platform functionality, detect misuse, resolve technical issues, and maintain compliance with legal standards.
Any such reviews:
All reviews are subject to role-based access controls and internal audit procedures.
We advise users to avoid submitting unnecessary confidential or sensitive information unless clearly relevant to the service being requested. If you have concerns or wish to understand how your data is handled, please contact us at support@ywork.ai.
If you want to opt out or have any questions or concerns about this process, please contact us at support@ywork.ai.
We are committed to safeguarding personal data and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure, in line with Article 32 of the UK General Data Protection Regulation (UK GDPR).
We follow generally accepted industry standards to protect personal data during transmission and once received. These measures include:
While we take all reasonable steps to ensure data security, no method of transmission over the Internet or method of electronic storage is entirely secure. Therefore, we cannot guarantee absolute security. If you believe your personal data has been compromised, please contact us immediately at support@ywork.ai.
If we become aware of a personal data breach that may result in a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority in accordance with legal requirements. Where appropriate, we may also publish a notice on the Platform.
Ywork does not use any data obtained through Google Workspace APIs (such as Gmail, Drive, or Calendar) to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.
All data retrieved via Google Workspace APIs is handled in full compliance with Google’s API Services User Data Policy, including its Limited Use requirements.
We may update this Privacy Policy from time to time in response to changes in legal, regulatory, operational, or technical developments. When we make material changes, we will notify you by:
We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.
The "Effective Date" at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Platform after any update constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or would like to exercise any of your rights under this Privacy Policy, you may contact us at:
Email: support@ywork.ai
If you are not satisfied with our response, or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113