Privacy Policy

Last updated: April 22, 2026

Who we are

Yuki Capital is an AI product studio operating yukicapital.com and a portfolio of SaaS products including Humanizer AI and Melies. This policy explains what data we collect on yukicapital.com and the Yuki Affiliates program. Each product SaaS has its own privacy policy linked from its site.

What we collect

When you browse yukicapital.com

  • Page views and basic device info via Plausible Analytics (stats.yukicapital.com). No cookies, no personal identifiers.

When you apply to the Yuki Affiliates program

  • If you sign up with Google: your name, email, profile picture, and a Google user ID.
  • If you sign up with email: email, a bcrypt-hashed password, display name.
  • Information you provide: where you plan to promote, audience description, payout details (Wise email, PayPal email, or bank info), and optional tax info (legal name, address, country, VAT number) so we can pay you.

Referral and conversion tracking

  • When a visitor clicks an affiliate link on a Yuki product site, a ref cookie is set on that product's domain (scoped to that domain, 60-day expiry).
  • We log the referral click: short code, timestamp, landing URL, referrer, user-agent, UTM parameters, a hashed IP (SHA-256, salted — never the raw IP), and an anonymous cookie ID.
  • On successful purchase, we record the conversion: Stripe customer ID, customer email, invoice amount, commission computed.

What we don't collect

  • We never store raw IP addresses. They are hashed with a salt and truncated.
  • We don't share referral data across products in ways that identify individuals outside their own product account.
  • We don't sell personal data.

How we use it

  • Operate the Yuki Affiliates program: attribute conversions, compute commissions, send payouts.
  • Send transactional email (signup received, approval, commission attributed, payout sent) via Postmark.
  • Detect fraud (e.g. same-IP self-referral, abnormal refund rates).

Google Sign-In

When you sign in with Google, Google sends us an authorization code. We exchange it for an access token and call Google's userinfo endpoint once to fetch your name, email, profile picture, and verified-email status. We store these values. We request only the openid email profile scopes — we do not access your Gmail, Calendar, Drive, or any other Google service. You can revoke access at any time via myaccount.google.com/permissions.

Third-party services

  • Google — authentication.
  • Stripe — payment processing and webhook ingestion for conversion tracking. Stripe's privacy policy: stripe.com/privacy.
  • Postmark — transactional email.
  • Wise — payouts. We export a CSV of amounts and recipient emails; we don't share payout data back with Wise outside of the transfer itself.
  • Plausible Analytics — privacy-respecting website analytics, no cookies, self-hosted on stats.yukicapital.com.

How long we keep it

  • Affiliate account: as long as your account is active. You can request deletion at any time — we'll remove your account and personal data within 30 days.
  • Click logs with no conversion: 90 days.
  • Conversion records: kept for at least 7 years for tax and accounting compliance.

Your rights

You have the right to access, correct, export, or delete your personal data. Email [email protected] and we'll respond within 30 days.

Under GDPR, you also have the right to lodge a complaint with your local data protection authority. Yuki Capital is operated from France; the competent authority is the CNIL (cnil.fr).

Security

Passwords are hashed with bcrypt (work factor 11). Session cookies are HMAC-signed with SHA-256, HttpOnly, Secure, SameSite=Lax. Data is transmitted over TLS. Databases are hosted on Hetzner (Germany/Finland).

Changes to this policy

We'll update the "Last updated" date above when we change this policy materially, and email affiliates when the changes affect them.

Contact

Yuki Capital — [email protected]