Last update:

8 April 2026

Privacy Policy

1. Introduction

This Privacy Policy explains how myBrick SA, doing business as Yassi or Yassi.ai (“Yassi,” “we,” “us,” or “our”), collects, uses, stores, discloses, and otherwise processes personal data when you use our website, software, client portals, applications, integrations, communications channels, and related services (collectively, the “Services”).

This Privacy Policy applies to personal data processed through the Services, including when you:

  • visit our website;

  • create an account or workspace;

  • use Yassi as a business user or individual user;

  • connect third-party systems such as SharePoint, OneDrive, Google Drive, email, messaging, or telephony providers;

  • upload, route, process, or analyze files and documents through Yassi;

  • communicate with us, with Yassi, or with others through the Services.

Yassi is operated by myBrick SA, a Swiss company. Our Services are designed to support users in Europe, Switzerland, and other locations, subject to the deployment, integrations, and processing configurations selected by the user.

2. Scope of this Privacy Policy

This Privacy Policy describes how we process personal data:

  • that we collect directly from users;

  • that we receive from connected services and integrations at the user’s direction;

  • that is contained in documents, files, prompts, messages, and metadata processed through the Services;

  • that arises from the use of our website and Services.

This Privacy Policy does not govern the privacy practices of third-party services that you connect to Yassi or use independently, including:

  • SharePoint;

  • OneDrive;

  • Google Drive;

  • Outlook / Microsoft 365;

  • Gmail / Google Workspace;

  • WhatsApp or other messaging channels;

  • CRM, storage, telephony, transcription, or AI providers used in your environment.

Those services are governed by their own privacy notices and terms.

3. Controller and Contact

The controller for personal data processed under this Privacy Policy is:

myBrick SA
Chemin des Côtes-de-Montmoiret 5, 1012 Lausanne
Switzerland
Email: hello@yassi.ai

If you have questions, requests, or concerns regarding this Privacy Policy or our privacy practices, you may contact us at the email above.

4. Categories of Personal Data We Process

Depending on how you use the Services, we may process the following categories of personal data:

4.1 Account and Identity Data

  • first and last name;

  • business name or organization name;

  • email address;

  • phone number;

  • account login information;

  • role, permissions, and workspace information.

4.2 Profile and Configuration Data

  • organization details;

  • branding and white-label settings;

  • AI assistant settings and communication preferences;

  • selected hosting or residency preferences;

  • selected AI / model preferences where supported;

  • storage structure and routing settings.

4.3 Customer Content and Operational Data

  • documents, files, images, PDFs, and attachments uploaded or routed through the Services;

  • metadata associated with such files;

  • extracted text, OCR results, summaries, classifications, and structured outputs;

  • prompts, commands, instructions, and workflow parameters;

  • communications sent through or to the Services.

4.4 Client and Third-Party Data

Where the Services are used to communicate with clients or third parties on your behalf, we may process:

  • names;

  • email addresses;

  • phone numbers;

  • document-related metadata;

  • communication history;

  • request status and workflow-related information.

4.5 Technical, Usage, and Device Data

  • IP address;

  • browser type and version;

  • operating system;

  • device identifiers;

  • log files;

  • usage events;

  • timestamps;

  • security and access logs;

  • error reports and performance metrics.

4.6 Billing and Commercial Data

Where applicable:

  • subscription plan;

  • invoices;

  • payment-related records;

  • commercial relationship information.

We generally rely on specialized payment providers for payment processing and do not intend to store full payment card details ourselves.

5. How We Collect Personal Data

We collect personal data in the following ways:

  • Directly from you when you create an account, fill out forms, configure the Services, send prompts, upload files, or communicate with us;

  • From your connected systems where you authorize integrations with storage, email, communication, or business systems;

  • From users within your organization who invite or create accounts for other users;

  • From recipients, clients, or third parties who interact with Yassi on your behalf;

  • Automatically through logs, cookies, pixels, usage analytics, and technical monitoring tools;

  • From service providers and infrastructure providers that support authentication, hosting, monitoring, communications, storage, or model processing.

6. How We Use Personal Data

We use personal data for the following purposes:

6.1 To Provide and Operate the Services

  • create and manage accounts and workspaces;

  • process prompts and workflow instructions;

  • send and manage document requests;

  • receive, classify, process, and organize files;

  • perform OCR, extraction, summarization, conversion, compression, renaming, and related processing;

  • route files to the destinations configured by the user;

  • deliver communications and notifications;

  • administer permissions and access rights.

6.2 To Secure, Maintain, and Improve the Services

  • monitor uptime, performance, and reliability;

  • troubleshoot errors and incidents;

  • detect abuse, fraud, and unauthorized access;

  • improve usability, workflows, and feature performance;

  • conduct internal testing and quality assurance.

6.3 To Communicate with You

  • provide support and onboarding;

  • respond to questions and requests;

  • send transactional and administrative communications;

  • notify you of changes, issues, or security events.

6.4 To Comply with Legal and Regulatory Obligations

  • comply with applicable law;

  • respond to lawful requests from authorities;

  • enforce our contractual rights;

  • maintain records for legal, accounting, audit, and governance purposes.

6.5 To Develop and Improve Models and Features

Where permitted by law and contract, we may use service usage data, operational metadata, and appropriately minimized or anonymized information to improve the Services. Unless otherwise agreed in writing, we do not use your identifiable customer content to train general-purpose third-party models.

7. Legal Bases for Processing

Where Swiss or other applicable law requires a legal basis, we process personal data based on one or more of the following:

  • performance of a contract or steps taken at your request prior to entering into a contract;

  • our legitimate interests in operating, securing, improving, and supporting the Services;

  • your consent, where required;

  • compliance with legal obligations;

  • protection of our rights or those of others.

Where you provide us with personal data of clients, employees, counterparties, or other third parties, you are responsible for ensuring you have the necessary authority, notice, and legal basis to do so.

8. Data Residency, Hosting, and Processing Locations

8.1 Yassi Platform Data

Yassi uses infrastructure providers such as Microsoft Azure, Vercel, and Google Cloud Services, depending on the feature, deployment, and selected configuration. Yassi is designed to support hosting in the USA, Europe and Switzerland, and the applicable location may vary depending on the onboarding and residency selections made by the user.

The residency and processing options offered through Yassi are intended to support customer compliance with applicable laws and requirements, including the GDPR and Swiss FADP where relevant.

8.2 Customer-Selected Document Storage

A key aspect of Yassi is that users can choose where client documents and uploads are stored by connecting their own storage environments, such as SharePoint, OneDrive, Google Drive, or other supported systems.

The data residency of client documents, uploaded files, and routed storage content is therefore primarily determined by the storage location and storage provider selected and configured by the user.

This means:

  • if you connect your own SharePoint, OneDrive, or Google Drive environment, the residency, security, retention, backup, and access control of those files are determined by your chosen provider and your own configuration;

  • Yassi does not control the underlying geographic residency of your chosen storage environment unless explicitly agreed in writing as part of a managed deployment.

8.3 AI / LLM / OCR Processing Locations

Yassi may use multiple AI, OCR, and language model providers, including third-party and in-house solutions. We allow users, where technically available, to specify or request models and providers that meet their own compliance or locality requirements.

The data residency of AI processing therefore depends in part on the model/provider selected by the user and the deployment options available. Different provider choices may affect:

  • performance;

  • latency;

  • cost;

  • feature availability;

  • quality of outputs.

We will use commercially reasonable efforts to apply the model and location configuration selected or requested by the user where technically feasible.

9. Applicable Data Protection Standards

Yassi is designed to support compliance with applicable data protection requirements depending on the user’s location, selected deployment, storage configuration, and enabled third-party providers.

Where applicable, Yassi may support customer compliance efforts under:

  • the General Data Protection Regulation (EU) 2016/679 (“GDPR”);

  • the Swiss Federal Act on Data Protection, as revised and in force from 1 September 2023 (“Swiss FADP”);

  • and, where relevant, applicable United States federal or state data protection, privacy, cybersecurity, or sector-specific requirements, as well as recognized security and privacy frameworks such as NIST.

Because Yassi is modular and configurable, compliance outcomes depend in part on:

  • the hosting location selected for the workspace;

  • the document storage environment selected and connected by the user;

  • the AI / OCR / LLM provider selected by the user or configured for the workspace;

  • the communication channels and integrations enabled by the user;

  • and the customer’s own legal, technical, and organizational controls.

Yassi does not represent or warrant that the Services alone make a customer compliant with any specific law, regulation, or framework. The customer remains responsible for assessing whether the selected configuration, providers, workflows, and connected systems meet its own legal, regulatory, contractual, and internal compliance requirements.

If a customer requires a specific processing region, storage region, model provider, or deployment setup for compliance reasons, the customer must communicate those requirements to Yassi, and Yassi will use commercially reasonable efforts to support them where technically feasible.

10. Connected Storage and Your Environment

Because Yassi allows you to route and store files into your own connected environments, you acknowledge that:

  • the confidentiality and security of stored client documents depend significantly on your own provider, permissions, and configuration;

  • you remain responsible for access control within your connected storage environment;

  • Yassi cannot guarantee the security, backup, or residency of third-party storage environments chosen by you;

  • any incidents caused by your own credentials, internal permissions, sharing rules, tenant settings, or provider configuration fall within your own environment and responsibility, except to the extent caused directly by our own breach of our obligations.

11. AI, Automation, and Human Review

Yassi provides AI-assisted processing. This may include OCR, classification, summarization, information extraction, workflow actions, and suggested responses.

You acknowledge that:

  • AI outputs may be incomplete or inaccurate;

  • OCR may misread or omit information;

  • automated decisions or extractions may require human review;

  • users remain responsible for validating outputs before relying on them, especially in regulated or high-impact contexts.

We may process prompts, extracted text, and operational metadata through selected model providers in accordance with the user’s chosen setup and this Privacy Policy.

12. Cookies and Analytics

We may use cookies, pixels, tags, and similar technologies on the Website and within the Services for purposes such as:

  • authentication;

  • security;

  • remembering preferences;

  • analytics;

  • performance monitoring;

  • improving user experience.

You may be able to manage cookie preferences through your browser or other settings. Some parts of the Services may not function properly if certain cookies are disabled.

A separate Cookie Policy may be provided or integrated into this Privacy Policy.

13. Disclosure of Personal Data

We may disclose personal data to:

13.1 Service Providers and Subprocessors

Including providers of:

  • hosting and cloud infrastructure;

  • storage and backup;

  • AI / OCR / transcription services;

  • analytics and monitoring;

  • communications and email delivery;

  • authentication and identity;

  • customer support;

  • payment processing;

  • professional advisory services.

13.2 Connected Third-Party Systems Chosen by You

For example:

  • SharePoint;

  • OneDrive;

  • Google Drive;

  • Microsoft 365;

  • Google Workspace;

  • CRM systems;

  • messaging and telephony systems;

  • other integrations enabled at your request.

13.3 Legal and Protective Disclosures

Where necessary to:

  • comply with law, regulation, subpoena, or government request;

  • protect our rights, property, or safety;

  • protect our users or the public;

  • investigate fraud, abuse, or security incidents;

  • enforce our Terms.

13.4 Corporate Transactions

In connection with a merger, acquisition, reorganization, financing, or sale of assets, subject to customary confidentiality protections.

We do not sell personal data in the ordinary meaning of that term.

14. International Transfers

Depending on the user’s configuration, provider choices, and enabled integrations, personal data may be processed in Switzerland, the European Economic Area, the United Kingdom, the United States, or other jurisdictions.

Where required, we will take reasonable steps to ensure that international transfers are subject to appropriate safeguards under applicable law, such as:

  • contractual safeguards;

  • adequacy decisions where recognized;

  • provider-based protective measures;

  • technical and organizational protections.

Because Yassi is configurable and modular, some transfers may depend on:

  • the storage provider you connect;

  • the model provider you choose;

  • the communication channels you enable;

  • the deployment region selected for your workspace.

15. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

  • to provide the Services;

  • to maintain security and auditability;

  • to fulfill legal, contractual, accounting, or regulatory obligations;

  • to resolve disputes and enforce agreements.

Retention periods may vary depending on:

  • the category of data;

  • your account settings;

  • your storage and workflow configuration;

  • legal requirements;

  • whether data is stored within Yassi-controlled systems or in your own connected storage.

Where files are routed into your own connected storage environment, retention of those files may depend primarily on your own configuration and provider.

16. Security Measures

We implement technical and organizational measures designed to protect personal data under our control against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

  • access controls;

  • role-based permissions;

  • tenant segregation;

  • encryption in transit;

  • encryption at rest where supported in our environment;

  • logging and monitoring;

  • incident detection and response procedures;

  • least-privilege access principles.

However, no system or transmission method is completely secure. We cannot guarantee absolute security, especially where risk arises from:

  • your own connected storage or identity systems;

  • compromised user mailboxes or devices;

  • external providers;

  • configuration choices made by you;

  • phishing, malware, or social engineering affecting your users or recipients.

17. Your Choices

Depending on your use of the Services, you may be able to:

  • access and update account information;

  • manage user roles and permissions;

  • choose storage and residency configurations;

  • select or request model/provider configurations where supported;

  • configure communication and workflow settings;

  • request deletion of your account, subject to legal and operational constraints.

Where we rely on consent for certain processing, you may withdraw that consent, but this may affect functionality.

18. Your Privacy Rights

Depending on your location and the nature of the processing, your rights may arise under the GDPR, the Swiss FADP, or other applicable privacy laws. You may have rights regarding your personal data, including rights to:

  • access;

  • rectification;

  • deletion;

  • restriction;

  • objection;

  • portability, where applicable.

Under Swiss law, individuals have rights in relation to their personal data, subject to statutory limitations and conditions.

To exercise rights, please contact us at hello@yassi.ai. We may require verification of identity and authority before acting on a request.

Where we process personal data on behalf of a business customer, the relevant customer may need to handle the request directly, particularly where the data is stored in or controlled through that customer’s own systems.

19. Children’s Privacy

The Services are not intended for children under 18. We do not knowingly collect personal data directly from children under 18 for consumer use. If you believe that a child has provided personal data to us unlawfully, please contact us and we will take appropriate steps.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version on the Website and update the “Last Updated” date above.

If changes are material, we may provide additional notice through the Services or by email where appropriate.

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes acceptance of the updated version to the extent permitted by law.

21. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, you may contact:

myBrick SA
Chemin des Côtes-de-Montmoiret 5, 1012 Lausanne
Switzerland
Email: hello@yassi.ai