GDPR & Your Data Rights
If you’re a creator or brand based in the EEA or UK, GDPR gives you specific rights over how Yosta handles your data. Here’s what they are and how to use them.
Yosta as a Data Controller
Yosta acts as the data controller for the personal information we collect when you create a creator account, build a portfolio, manually add your social stats, use the Brand Inquiry Inbox, or subscribe to Pro or a Custom plan. We are committed to GDPR and UK GDPR compliance, and we process your data only on lawful bases described below.
Lawful Basis for Processing Your Data
Contractual Necessity
Processing your account data, portfolio content, manually entered social stats, and Brand Inquiry Inbox data is necessary to deliver the Yosta service you signed up for. Without this processing, we cannot operate your portfolio or provide analytics.
Legitimate Interests
We process aggregated usage data (e.g., which features creators use most, how often portfolios are viewed, Creator Shop click rates) to improve the platform. We also use legitimate interests for fraud prevention and platform security.
Consent
For optional analytics cookies and marketing emails (e.g., creator tips, Yosta product updates), we rely on your explicit consent. You can withdraw consent for marketing at any time by unsubscribing.
Legal Obligation
We retain subscription invoices, payment records, and certain account logs as required by applicable tax, financial, or regulatory law.
Your Rights Under GDPR
Right of Access
You can request a copy of all personal data Yosta holds about you — including your account details, portfolio metadata, manually entered social stats, analytics logs, and subscription records. We will respond to verified requests within 30 days.
Right to Rectification
If any personal data we hold is inaccurate, you have the right to have it corrected. Most of your data (profile info, bio, social handles, stats) can be updated directly in your Yosta dashboard. For anything else, email us.
Right to Erasure ("Right to be Forgotten")
You can request that Yosta delete your personal data. Deleting your account removes your public portfolio immediately and queues your data for deletion within 90 days. We may retain certain records (e.g., subscription invoices) as required by law.
Right to Restriction
You can ask us to restrict how we process your data in certain circumstances — for example, if you're disputing the accuracy of the data we hold, or if you've objected to our processing and we're assessing whether our legitimate interests override yours.
Right to Data Portability
You can request your personal data in a structured, machine-readable format (e.g., JSON or CSV). This includes your profile data, uploaded content metadata, analytics history, and Brand Inquiry Inbox lead records. Email us to make a portability request.
Right to Object
You can object to Yosta processing your personal data for direct marketing at any time. You can also object to processing based on our legitimate interests — for example, if you don't want your public portfolio to be visible to brand users on the platform.
International Data Transfers
Where Your Data Is Stored
Your Yosta portfolio content, videos, and account data are stored on cloud infrastructure that may be located outside the EEA (primarily in the US). When we transfer data internationally, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure equivalent protection.
Data Retention
We keep your data for as long as your Yosta account is active. If you delete your account, your portfolio goes offline immediately and personal data is purged within 90 days. Subscription invoices may be retained for up to 7 years for legal/tax purposes.
How to Exercise Your Rights
Email supportyosta@gmail.comwith your request and the email address associated with your Yosta account. We’ll verify your identity and respond within 30 days. You also have the right to file a complaint with your local data protection authority (e.g., the ICO in the UK, or your national DPA in the EU) if you believe your rights have not been respected.
Contact Our Data Protection Team
For GDPR requests or questions about your rights, reach us by email or on X.