Yipii Logo

Yipii Privacy Policy

Last updated: 31 May 2026

This Privacy Policy explains how Yipii Limited ("Yipii", "we", "us", "our") collects, uses, shares, and protects personal data when you:

  • Visit our websites (the "Website");
  • Submit a contact, sales, or job-application form;
  • Book a meeting with us through a scheduling tool;
  • Use our mobile and web applications, including the Yipii IoT and Yipii Mobility platforms (the "Apps");
  • Purchase from our online shop (the "Shop"); or
  • Otherwise interact with our products and services (together, the "Services").

We process personal data in accordance with the EU General Data Protection Regulation ("GDPR"), the Maltese Data Protection Act (Cap. 586), and other applicable laws.

This Policy should be read alongside our Terms & Conditions. If you use the Services on behalf of an organisation, please share this Policy with the people whose data you may submit to us.

1. Who we are

The data controller is Yipii Limited, a company registered in Malta with registration number C 16799, and registered address at 197, Kest, Triq il-Ġiżimin, Swieqi, Malta.

We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 of the GDPR. For all privacy enquiries and to exercise your rights, contact [email protected].

2. Scope of this Policy

This Policy covers personal data we process as a controller, including:

  • Information about visitors to the Website;
  • Information submitted through forms (sales enquiries, lead capture, newsletter, careers, scheduling);
  • Account-level information about users of the Apps and Shop.

Where Yipii processes data on behalf of a business customer (for example, location, telematics, sensor, or driver data captured through devices and software our customer operates), Yipii acts as a processor. In those cases the customer is the controller and is responsible for informing the relevant individuals. See section 11 below.

3. Personal data we collect

3.1 Information you give us

  • Contact and lead forms: name, email address, phone number, company name, job title, fleet size, vehicle or cargo type, industry, and any free-text message you provide.
  • Channel preferences and consents: whether you have opted in to receive communications by email, WhatsApp, or both, together with the date, source form, and exact text of the consent you gave.
  • Scheduling and meeting requests: name, email address, time zone, the meeting time you choose, and any answers you provide to questions on the booking form.
  • Job applications: name, email, phone, position applied for, years of experience, location, availability, CV/resume, cover letter, and portfolio (where uploaded).
  • Account and Shop: account credentials, billing and delivery details, and order history (when you sign up for the Apps or purchase from the Shop).
  • Support communications: the content of emails, chat messages, WhatsApp messages, or tickets you send us.

3.2 Information we collect automatically

  • Device and connection data: IP address, browser type and version, operating system, referring URL, pages viewed, time on page, and click events.
  • Cookies and similar technologies: see section 9.
  • Form telemetry and attribution: the page a form was submitted from, and where present, marketing parameters such as UTM tags, Google Click ID (GCLID), and Facebook Click ID (FBCLID). These help us route enquiries and credit the marketing source.

3.3 Information from third parties

We may receive limited information from advertising networks, analytics providers, or business partners. This includes attribution data showing which campaign brought you to the Website, and lead data submitted through Meta lead-ad forms you completed on Facebook or Instagram. We only combine such data with information you provide where it is lawful to do so.

4. How and why we use your data

We use personal data for the following purposes, on the legal bases shown:

  • Responding to enquiries and providing the Services — including replying to forms by email or WhatsApp, scheduling meetings, fulfilling orders, providing access to the Apps, and offering support.
    Legal basis: performance of a contract, or steps taken at your request prior to entering a contract.
  • Marketing communications — sending product updates, early-access invitations, and operational insights to people who have opted in or who are existing customers, by email and (where opted in) WhatsApp.
    Legal basis: consent. For email communications to existing customers about similar products, we may also rely on our legitimate interest. You can unsubscribe at any time using the link in any email, or reply STOP to any WhatsApp message to opt out of WhatsApp.
  • Recruitment — assessing your application, contacting you about the role, and keeping a record where local law permits.
    Legal basis: steps taken at your request prior to entering an employment contract, and our legitimate interest in evaluating candidates.
  • Website analytics, advertising measurement, and remarketing — understanding how the Website is used and measuring the performance of our advertising.
    Legal basis: your consent, given through our cookie banner. We do not load non-essential analytics or advertising trackers without consent. See section 9.
  • Operating a functional and secure Website — including strictly necessary measurements, server logs, rate limiting, and abuse prevention.
    Legal basis: our legitimate interest in operating the Services securely.
  • Legal and compliance obligations — meeting tax, accounting, and other statutory duties, and responding to lawful requests from authorities.
    Legal basis: compliance with a legal obligation, or our legitimate interest in protecting our rights.

4.1 WhatsApp communications

Where you have opted in (through one of our website forms, a Meta lead-ad form, or directly), we may contact you on WhatsApp at the phone number you provided. We use WhatsApp to:

  • Respond to your enquiry and continue the conversation;
  • Send follow-up messages about your enquiry and our products, using message templates approved by Meta;
  • Share documents, links, and other materials you have asked for or that are relevant to your enquiry.

WhatsApp's underlying messaging infrastructure is operated by Meta Platforms, and Meta's own privacy policy applies to that infrastructure. We store a record of your consent (the time, source form, and the exact text shown), and we keep WhatsApp messaging history in our customer relationship management system for the retention periods set out in section 7.

You can withdraw consent at any time by replying STOP to any WhatsApp message we send you, or by emailing [email protected]. When you opt out, we stop sending WhatsApp messages within one business day, retain a suppression record so we do not contact you again by mistake, and keep any prior messages only for the periods set out in section 7.

5. Who we share your data with

We do not sell personal data. We share it only with service providers that help us operate the Services, and only to the extent necessary for them to perform their role. Our main processors are:

  • HubSpot — customer relationship management (lead and contact records).
  • Loops.so — transactional and marketing email delivery and automation.
  • Resend — email delivery for job applications and operational notifications.
  • Google — Google Tag Manager and Google Analytics 4 for Website measurement.
  • Meta — the Meta (Facebook) Pixel for advertising measurement and remarketing; Meta lead-ad forms for capturing enquiries on Facebook and Instagram; and the WhatsApp Business Platform for sending and receiving messages where you have opted in.
  • Vercel — Website and application hosting.
  • Stripe — payment processing for subscriptions and Shop orders.
  • Scheduling tools — for booking meetings with our team (for example, the call-booking service linked from our Website).
  • Telecommunications and mapping providers — the carriers and mapping services that deliver connectivity and map data for the Apps.

We may also disclose personal data to professional advisers (lawyers, accountants, auditors), to actual or prospective buyers in connection with a business sale or restructuring, and to public authorities where required by law.

6. International transfers

Several of the providers listed in section 5 are based in, or may process data from, countries outside the European Economic Area, primarily the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, typically:

  • The European Commission's Standard Contractual Clauses;
  • Adequacy decisions where they apply, including the EU-US Data Privacy Framework for recipients certified under it; and
  • Supplementary technical and organisational measures where required.

You can request a summary of the transfer mechanism for a specific provider by contacting [email protected].

7. How long we keep your data

We keep personal data only as long as necessary for the purposes set out above:

  • Marketing contacts: until you withdraw consent or unsubscribe (including by replying STOP to any WhatsApp message), and in any case no longer than 24 months after your last engagement. Each new engagement (such as opening an email, clicking a link, replying to a WhatsApp message, or visiting our Website while identifiable) restarts this 24-month period.
  • WhatsApp suppression records: where you have opted out of WhatsApp messaging, we retain a minimal record (phone number and opt-out timestamp) indefinitely so we do not contact you again by mistake.
  • CRM and customer records: for the duration of the customer relationship and up to 6 years after the last business activity, in line with Maltese accounting and limitation periods.
  • Job applications: 12 months from receipt where you are not hired, after which the application is deleted (unless you ask us to keep it on file for future roles).
  • Scheduling records: booking metadata is kept for up to 12 months for record-keeping; meeting outcomes recorded in our CRM are retained under the CRM rule above.
  • Server logs and rate-limit data: up to 30 days.
  • Cookie consent record: up to 12 months, after which we re-prompt you for consent.
  • Tax, invoicing, and statutory records: for the period required by law (typically up to 10 years for VAT and accounting records).

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you and receive a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data where it is no longer needed or processing was unlawful;
  • Restrict processing in certain circumstances;
  • Object to processing based on legitimate interests, including direct marketing;
  • Receive a portable copy of data you provided to us, where processing is based on consent or contract;
  • Withdraw consent at any time, where consent is the basis for processing, without affecting the lawfulness of prior processing.

To exercise these rights, email [email protected]. We will respond within one month and may need to verify your identity before acting on the request.

If you believe we have not handled your data lawfully, you can also lodge a complaint with the Maltese Information and Data Protection Commissioner (IDPC) at idpc.org.mt, or with the supervisory authority in your country of residence.

9. Cookies and similar technologies

We use cookies and similar technologies (including local storage and tracking pixels) to operate the Website, remember your preferences, measure usage, and support advertising. They fall into the following categories:

  • Necessary — required for the Website to function (for example, recording your cookie preferences and protecting forms against abuse). Always on, on the basis of our legitimate interest in operating a functional, secure Website.
  • Analytics — help us understand how visitors use the Website. We use Google Analytics 4 via Google Tag Manager. Loaded only with your consent.
  • Marketing — used for advertising measurement and remarketing, including the Meta (Facebook) Pixel. Loaded only with your consent.

In line with Article 5(3) of the ePrivacy Directive (as transposed in Malta), we obtain your prior consent before any non-essential cookie or tracker is set or read on your device. We do not rely on legitimate interest as a legal basis for non-essential storage or access on your device.

When you first visit the Website you will see a consent banner where you can accept all cookies, allow only necessary cookies, or customise your choices. You can change your decision at any time by clearing your stored consent preference and reloading the page, or by contacting us.

Most browsers also let you block or delete cookies through their settings. Note that disabling necessary cookies may affect Website functionality.

10. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration, including transport encryption (TLS), access controls, rate limiting, and input validation. No system is completely secure, however, and we cannot guarantee absolute security.

11. Yipii as a data processor

When a business customer uses Yipii's IoT and Mobility platforms to track vehicles, assets, drivers, or other individuals, Yipii processes that data on the customer's behalf. The terms governing this processing are set out in the Data Processing Addendum that forms part of our Service Agreement with each business customer (Schedule B).

In those circumstances the business customer is the controller and is responsible for:

  • Establishing a valid legal basis for tracking;
  • Informing drivers, employees, or other individuals as required;
  • Obtaining any necessary consents;
  • Responding to data-subject rights requests relating to that data.

Where customers track employees, drivers, or contractors, we recommend they review the IDPC's published guidance on employee monitoring, which sets out specific transparency, proportionality, and minimisation requirements applicable in Malta.

If you are a driver, employee, or other individual whose data is processed through a Yipii-powered service, please direct your privacy enquiries to the organisation operating that service. We will support that organisation's response where appropriate.

11.1 When Yipii is the controller versus the processor for App users

If you use the Yipii IoT or Yipii Mobility apps, your data may be processed under different roles depending on what you are doing:

  • Yipii is the controller for your account-level data, including the email address you use to log in, your account credentials, and your communications with our support team. This Policy governs that processing.
  • Yipii is the processor for fleet, vehicle, driver, asset, sensor, and location data captured through the Apps and devices on behalf of the organisation that operates the service (typically your employer or fleet operator). For that data, the organisation is the controller, and you should direct privacy questions to them in the first instance.

11.2 Yipster (AI assistant)

The Apps include Yipster, an AI-powered assistant feature. When Yipster is used, the underlying customer data it operates on is processed on behalf of the relevant business customer under the terms of the Service Agreement and the Data Processing Addendum. Customer data is not used to train third-party AI models, and prompts and outputs are handled in accordance with the security and confidentiality measures set out in the DPA. Further details are available on request.

12. Children

The Website and Services are not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Automated decision-making

We do not use the personal data described in this Policy to make automated decisions that produce legal or similarly significant effects on you. Driver-scoring, anomaly-detection, and similar features within the Apps are operated by our customers as part of their fleet management. See section 11.

14. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent change. For material changes we will provide additional notice (for example, by email or a banner on the Website) where required.

15. Contact

For privacy questions, requests, or complaints, contact: