Your memories are your own.
Period.

We built yeerbook on the belief that your most personal reflections shouldn't be accessible to anyone but you. Not even us.

Last Updated: May 4, 2026

Security Architecture

Hybrid End-to-End Encryption

Traditional services trade privacy for convenience. True encrypted services trade convenience for privacy. yeerbook uses a hybrid model that gives you both: total cryptographic privacy by default, with "just-in-time" permissions for AI features and printing.

User-Held Keys

Your master keys are derived from your password or your unique Recovery Phrase on your device. We never see your password, and we never store your master keys.

Ephemeral Grants

When you want our AI to process your month, your app provides Just-in-Time Access using a temporary, short-lived key. It is deleted the moment the task is done.

Signer Privacy

All signer contributions—including text notes, voice notes, and signatures and handwriting/drawings—are end-to-end encrypted. Signers can choose whether their content is shared with others or kept strictly private for the creator.

How we compare

FeatureLegacy Cloud Appsyeerbook hybridStandard E2EE
Who holds the keys?You & The CompanyOnly YouOnly You
Can the server read it?Yes (permanently)Only ephemerally (Briefly, when you request)No (never)
AI Features & ProcessingSupportedSupportedImpossible
If database is leaked?Your data is exposedYour data is safeYour data is safe

Privacy Policy

Data Collection & Minimization

We only collect what is necessary to run the service. This includes your email for your account, your shipping address for book delivery, and technical logs (like your IP address) used for security and fraud prevention. Payment information is handled exclusively by Stripe; we never see or store your credit card details. Your content, including photos, voice reflections, and signatures and handwriting/drawings, is encrypted before it ever reaches our servers.

How We Use Your Data

We use your data to generate your monthly reflection prompts, layout your yearbook, and print your physical book. When you authorize AI features, we process your content using temporary keys that are destroyed immediately after use.

Retention & Deletion

You are in control. You can export your data or delete your account at any time. When you delete your account, all your encrypted content is purged from our servers within 30 days.

AI Training & Data Usage

We never use your personal memories, photos, or voice reflections to train AI models. Your data is used exclusively to provide the yeerbook service to you. We believe your history should belong to you, not an algorithm.

Third-Party Sub-processors

We use a small number of trusted partners: Supabase for database and storage, Google AI (Gemini) for temporary photo clustering and transcription, and Stripe for payments. We use enterprise-grade APIs which explicitly state that data sent via the API is not used to train their foundation models.

To fulfill your print order, your book content is transmitted securely to our print fulfillment partner. They process your files solely to produce and ship your book, and are contractually prohibited from using your content for any other purpose. Print files are stored temporarily for up to 14 days from shipping to accommodate reprints or support requests for damaged shipments, after which they are permanently deleted.

The "No Master Key" Guarantee

Because we do not hold your master keys, we cannot recover your data if you lose your password. To protect against this, we provide you with a high-entropy Recovery Phrase. This phrase acts as a secondary master key that only you possess. We recommend storing it in a physical, secure location (like a safe or a password manager). Without either your password or this phrase, your memories are cryptographically lost forever.

Cookies & Tracking

We believe in a clean web. We do not use cross-site tracking cookies. We only use essential session cookies to keep you logged in and functional.