Privacy Policy

Yellorn is operated by HoangYell as a developer tool. We collect the minimum data needed to run the editor, publish mock webhook URLs, dispatch outbound HTTP requests, and (for paid plans) bill subscriptions. We do not sell your data and we do not use it for advertising.

This policy is written in plain English. If anything is unclear, email support@yellorn.com and we will clarify.

Account data

• Email address — used as your login identifier and for transactional emails (verification, password reset, billing receipts).
• Password (hashed) — stored as a PBKDF2-SHA256 hash with 100,000 iterations and a unique per-account salt. We never see or store the plaintext.
• Google OAuth profile (if you sign in with Google) — name, email, avatar URL, and the verified- email flag. Stored on the same user record as email/password accounts.
• Subscription status — current tier, billing provider customer id, subscription expiry. Used to enforce tier limits.

Workspace content

• Editor tabs — text content, format, palette choice, pane split. Stored locally in your browser (localStorage) by default. Stored in your Yellorn account only when you opt in via Cloud Backup in Settings.
• Webhook payloads — the data you publish via Publish, stored in Cloudflare KV keyed by the slug. Free tier expires after 24 hours; paid tiers persist for the duration of the active subscription.
• Webhook request logs — every incoming request to your slug URL (method, headers, body, source IP, timestamp) is logged in Cloudflare D1. Logs are automatically purged 8 hours after capture; only the owner can read them via the portal at /webhook/<slug>.
• Request Sender history — every outbound request you dispatch (method, URL, response status, timing, truncated response body) is logged in Cloudflare D1 with the same 8-hour retention.
• Saved request templates — name, method, URL, headers, auth, and body, stored in Cloudflare KV under your account. Only deleted when you ask.

Operational data

• Session cookies — HTTP-only cookies used to keep you signed in. Signed with HMAC; we cannot read them after the fact.
• Hashed IP for rate limiting — your IP is hashed (SHA-256) before being used as a counter key for rate limit buckets. We never store the raw IP.
• Email rate limit counters — keyed by email address; used to prevent verification / reset email abuse.

Analytics

• PostHog — anonymous product analytics (which features get used, which buttons get clicked). Initialised after first paint with cookieless tracking; no cross-site identification.
• Google Analytics 4 — anonymised page view metrics. Loaded only after your first interaction with the page so first-load measurements are clean.
• Cloudflare Web Analytics (server-side only) — request counts, response times, geographic distribution. No client-side tracker.

All persistent storage lives in Cloudflare’s global network:

• Cloudflare KV — webhook payloads, user records, sessions, billing audit trail, sender templates.
• Cloudflare D1 (SQLite) — webhook request logs and sender execution logs (both 8-hour retention).
• Resend — used as the email delivery provider for verification, password reset, and billing receipts. Only the recipient address and message content cross the boundary.
• Polar — used as the payment processor for paid plans. Card details never touch Yellorn servers; we only store the Polar customer id and subscription status.

Cloudflare’s edge data centres span 300+ locations; data is replicated globally for read performance. KV and D1 both encrypt data at rest.

You — via the editor, the Webhook portal, the Request Sender history, and Settings.

Yellorn operators — operational logs and Cloudflare’s dashboard. Used only for debugging and quota investigation; never exported in bulk for any other purpose.

Sub-processors — Cloudflare (hosting + storage), Polar (payments), Resend (email), Google (OAuth + GA4), PostHog (analytics). Each handles only the data needed to perform its function.

Anyone with a slug URL — the URL itself is the capability. Only the owner can read the request log for a slug; the slug URL itself can be hit by anyone you share it with (this is the entire point of a webhook URL).

• Access — every editor tab, webhook, request log, and saved template is visible to you in the UI.
• Correction — you can edit any tab or saved template at any time.
• Deletion — you can delete an individual webhook from the Webhooks dashboard, an individual sender template from the Senders dashboard, or your entire account by emailing support@yellorn.com. Deletion is honoured within 7 days. Logs purge automatically every 8 hours.
• Portability — you can copy any payload, request log entry, or template directly out of the UI.
• Cookie controls — analytics cookies respect your browser’s Do Not Track header and can be cleared at any time. The session cookie expires when you sign out.

Yellorn is a developer tool intended for adult professional use. We do not knowingly collect data from children under 13 (or under 16 in jurisdictions where that is the threshold). If you believe we have collected data from a minor, email support@yellorn.com and we will delete it.

When the data flow changes (a new sub-processor, a new storage primitive, a new analytics gate) we update this page and bump the “Last updated” date above. Material changes are also surfaced as a one-time banner on the editor for at least 14 days.

For questions about this policy or to exercise any of the rights above, email support@yellorn.com.