yarnnnyarnnn

Privacy Architecture

Built for confidential AI work.
Designed to show where memory goes.

See how yarnnn keeps durable memory scoped, attributable, revocable, and honest about the places AI context is processed. Read the policy

OAuth

Authorized access

Scoped

Workspace boundary

Provenance

Attributed changes

Scoped by workspace

Core product data is shaped around account and workspace boundaries, with application and database controls protecting the main user tables.

Not our training data

We do not use your workspace data to train yarnnn-owned models. When you ask AI to work, relevant context may be sent to model providers under their API terms.

Revocable access

Connected assistants require authorization, carry attribution, and can be revoked. Deletion and retention controls are being expanded where durable history still has limits.

How it works

Private by structure, not just by policy.

yarnnn is built around durable memory, so privacy has to be mechanical: what is stored, who can read it, who wrote it, when it leaves yarnnn, and what can be revoked.

Memory stays workspace-shaped

Files, tasks, saved memories, and revision history are organized around your workspace instead of a loose global memory pool.

Assistant access is explicit

ChatGPT, Claude, or another MCP-capable assistant can connect only through an OAuth grant you approve and can revoke.

Changes are attributable

Saved items record whether they came from you, yarnnn, a teammate, or a connected assistant, so durable memory has a visible source.

AI data flow is named

When you ask AI to use workspace context, relevant context may be sent to model providers so the work can be done. The privacy policy states that flow plainly.

What holds today

The trust story is concrete.

This is the part that is strong enough to say plainly: scoped product data, credential encryption where credentials are stored, low-PII telemetry defaults, and visible provenance.

  • Most connector credentials are encrypted at rest where stored as credentials.
  • Crash telemetry is configured without default PII collection.
  • The purge model has explicit levels for work history, workspace state, integrations, and account deletion.
  • Revision history is durable by design so users can inspect what changed and who changed it.

Current hardening

The roadmap is part of the promise.

Durable AI memory creates real privacy tradeoffs. We name the work still being tightened, especially around private content bodies, deletion completeness, credential rotation, and retention.

  • Tightening private file-body reads so content is reachable only through workspace-scoped authorization paths.
  • Adding garbage collection for unreferenced private content bodies after workspace resets and account deletion.
  • Expanding row-level security coverage for user-scoped tables that still depend on application-layer filters.
  • Normalizing remaining API-key-like connector metadata into encrypted credential storage with rotation support.
  • Adding clearer retention controls for operational telemetry, historical revisions, and AI-context minimization.