Privacy is not a footnote. It is the foundation.

This is not a fine-print document. It is an explanation in our own words. We would rather write it clearly than make it legally airtight, and we have it reviewed periodically by a privacy lawyer to be sure it is both.

Who we are

YearChapter is a product of Yere IT B.V., based in The Hague, the Netherlands. We are the data controller within the meaning of the GDPR, which means the choices about your data rest with us, not with our suppliers.

Yere IT B.V. · CoC 86892681 · VAT NL827401498B01 · Grote Marktstraat 43, The Hague · info@yearchapter.nl

Reachable via info@yearchapter.nl. For formal privacy requests (access, correction, deletion) use the same address with the subject "Privacy".

What data we collect

Account data

Name (as you want to show it to your family), email address, and an encrypted password (we never see your password, only the hash). Optionally a profile photo.

Content you add

Photos, written moments, voice recordings, and everything you or your co-writers place in a chapter. This stays yours, YearChapter gains no ownership rights and does not use your content for any purpose other than compiling your book.

Order data

Name, address, email, chosen package, payment method (only the last type, not your card number, which we never see, Stripe holds that). For a gift, also the recipient's email address and your personal message.

Technical data

IP address, browser type, and which pages you visit. We use this to keep the site secure and to trace problems, not to track you across the web.

Analytics on the website

To understand how visitors use yearchapter.com, we use Plausible Analytics. That is a European service, hosted in the EU, which measures without cookies and without collecting personal data.

We see visitor numbers and which pages are viewed, not who someone is. That is enough to make the site calmer and clearer. No ads, no profiles, no selling of data.

Because Plausible places no cookies and records nothing about you as a person, no consent is needed. That is why we show no cookie banner for it.

Email and the monthly mail

We use your email address for your account, for transactional messages (confirmations, gift codes, password reset), and for our monthly mail: one newsletter a month with stories and writing tips. No daily mail, no advertising storm.

Why we process it

Every processing has a legal basis under the GDPR, and we are honest about which:

• Performance of the contract, to make your account work, compile your book, deliver your order.
• Legal obligation, to keep order data for 7 years for the tax authority.
• Legitimate interest, to secure the site and prevent fraud, we minimise what we store for this. Also for the monthly mail if you are a customer of ours: have created an account or, as a giver, bought a gift subscription. That is allowed under the GDPR as a soft opt-in, provided you can unsubscribe easily.
• Consent, for the monthly mail if you sign up only via the website (without an account or gift purchase), and for other optional choices. You can always withdraw consent with one click in the mail.

The monthly mail, who gets it. If you sign up for YearChapter, we also use your email address for our monthly mail. The same applies if you, as a giver, buy a gift subscription (Plus or Family gift): your address goes on the monthly mail list. Recipients of a gift (people who get a code) are not added automatically. They only get transactional mails about their gift and code, nothing beyond that. You can always unsubscribe via the link at the bottom of every monthly mail. No longer want marketing? Email us at info@yearchapter.nl (objection, GDPR article 21).

Who we share with

We share your data with a small number of processors we have carefully chosen for privacy and reliability. We never share with advertisers, data brokers, or third parties for marketing.

• Supabase (EU region), where your account, content, and order data live.
• Vercel (EU edge where possible), which hosts and serves the website.
• Stripe (EU/US), which handles payments. Stripe sees your payment data, we do not.
• Brevo (EU, France), our processor for marketing email: the monthly mail. Brevo manages the mailing list. We add you on account creation or on purchase of a gift subscription as a giver, not as a recipient of a gift.
• Resend (US), our processor for transactional email: confirmations, gift invitations, codes, and other messages tied to a purchase or account. No advertising via Resend.
• Plausible Analytics (EU), for anonymous visitor statistics on the website. Measures without cookies and without personal data. No personal profiles.

For the processors in the US we have entered into standard contractual clauses, in line with the GDPR requirements for transfer to countries outside the EEA.

How long we keep it

• Account data, for as long as your account is active. On cancellation we delete it within 30 days, except what we are legally required to keep.
• Content, for as long as you want. You can delete items or the whole account at any time.
• Order data, 7 years (legal retention obligation for administration).
• Monthly mail subscription, until you unsubscribe via the link in the mail, delete your account, or object to marketing use of your data.
• Server logs, 30 days, then deleted automatically.

Your rights

Under the GDPR you have the right to access, correction, deletion, and export of your data (data portability). We make it easy to exercise that, you do not need to fill in a form or send an ID for the simple requests.

• Access, we send you an export of everything we have on you.
• Correction, if something is wrong, we adjust it.
• Deletion, you can erase your account and all content at any time. We only keep what we are legally required to.
• Data portability, we deliver your data in a structured, machine-readable format so you can take it with you.
• Objection, to processing based on legitimate interest, including marketing and the monthly mail (GDPR article 21). Unsubscribe via the link in the mail, or email us at info@yearchapter.nl.
• Complaint, with the Dutch Data Protection Authority, you always have that right, even if we disagree with your objection.

You make a request via info@yearchapter.nl with the subject "Privacy". We respond within 30 days.

Cookies

We use as few cookies as possible. What there is:

• Functional cookies, for your session and language choice. No consent needed.
• Stripe cookies, only during payment, to detect fraud.
• Analytics (Plausible), places no cookies. Plausible measures visitor numbers and viewed pages without storing anything in your browser, so no consent is needed. No advertising tracking.
• No marketing cookies, no Google Ads, no Meta Pixel, no TikTok Pixel.

Security

Connections run over HTTPS. Passwords are hashed (we cannot see them). Backups are encrypted. Access to production data is limited to those who strictly need it, and is logged.

Should a data breach occur despite these measures, we report it within 72 hours to the Dutch Data Protection Authority and, if it affects your data, directly to you as well.

Changes to this promise

We update this page when we change something substantial about how we handle data. For far-reaching changes we actively send you an email, not some non-committal "read our new terms" link, but a real explanation of what is changing and why.

This version is from 1 June 2026.