YAIM Privacy Policy

Yet Another Instant Messenger ("YAIM", "we", "us") provides a desktop-first and web-based instant messaging service. This policy explains what personal data we process, why we process it, and your choices.

This policy applies to YAIM clients and services, including desktop and PWA/web.

Important note about encryption

Important: YAIM is currently not end-to-end encrypted (E2EE). Messages are encrypted in transit (HTTPS/WSS), but message content can be processed by YAIM servers to provide service features. We plan to evaluate E2EE as the product grows.

Data we collect

• Account and profile data: email address, display name, IM ID, password hash, avatar image (if uploaded), status and now-playing text.
• Relationship data: buddy relationships and buddy request state.
• Messaging data: 1:1 content, metadata (sender, recipient, timestamps), group session content, attachments and metadata.
• Presence and connection data: presence state, device/client indicators, push subscription endpoints/tokens.
• Technical/security data: auth token claims and operational logs used for reliability and abuse prevention.

Why we process data

• Create and manage accounts.
• Authenticate users and secure sessions.
• Deliver messages and attachments.
• Show presence and buddy state.
• Send push notifications and catch-up reminders.
• Prevent abuse, detect failures, and keep the service reliable.
• Comply with legal obligations.

Legal basis (where applicable)

• Contractual necessity (to provide YAIM).
• Legitimate interests (security, abuse prevention, reliability).
• Consent (where required, for example notification permissions).
• Legal obligations.

EU/EEA and UK privacy supplement

• Controller: YAIM (see Contact below).
• GDPR/UK GDPR bases include Article 6(1)(b), 6(1)(f), 6(1)(c), and 6(1)(a) where relevant.
• Where data transfers outside your region occur, we rely on lawful transfer mechanisms where required.
• You may have the right to lodge a complaint with your local supervisory authority.

Data sharing

We do not sell personal data. We may share data with infrastructure/service providers, legal authorities when required by law, and professional advisors when needed.

Data retention

We retain data only as long as needed for operations, security, legal obligations, or legitimate business purposes. Retention varies by data type.

Security

We use reasonable technical and organizational measures, including transport encryption and access controls. No system is 100% secure.

International transfers

Your data may be processed in countries other than your own depending on infrastructure location and providers.

Your choices and rights

Depending on applicable law, you may have rights to access, correct, delete, restrict/object, request portability, and withdraw consent where relevant.

Children

YAIM is not intended for children under the age required by local law to consent to data processing.

Changes to this policy

We may update this policy from time to time. If changes are material, we will update the date above and provide notice where appropriate.

Contact

If you have privacy questions or requests, contact: privacy@yaim.im

Short version for early alpha users

• YAIM currently stores and processes message content server-side.
• YAIM is not E2EE yet.
• We do not sell your personal data.
• We only ask for data needed to run messaging and account features.

Back to YAIM