Before you scroll, the short version
Yearloom is a place to map your life on a timeline. Some of what you put here is among the most personal information you have. We take that seriously.
Here is the short version. The rest of this page is the detailed version.
- You own your timeline. Your events, photos, descriptions, and dates belong to you. You can export everything, and you can delete everything.
- Privacy is per item, not per account. You set a privacy level on your timeline as a whole, on each category (for example "Health" can be more private than "Career"), and on each event. The most restrictive setting wins.
- We do not sell your data, and we do not run ads. Yearloom is not funded by advertising. We have no business reason to share your timeline with anyone.
- We use Firebase to run the service. Google Cloud (Firebase) stores your data on our behalf. They are bound by contract to act only as our processor.
- Children get extra protection. Anyone under 13 needs a guardian. Guardians have privacy controls, and where a guardian and a child disagree on a setting, private wins.
- You can leave at any time. Export your data, delete your account, and your timeline goes with you.
If you only read one section, read this one. If you want the detail, keep going.
What we will never do
- Sell or rent your personal information
- Run advertising on Yearloom
- Use your private timeline content to train generative AI models
- Share your information with data brokers or marketing aggregators
- Track you across other websites for advertising purposes
1. Who we are and what this policy covers
Yearloom is a life-timeline web application operated by Jalapeno Labs LLC, an Idaho limited liability company doing business as Yearloom. Jalapeno Labs LLC is the controller of your personal information for the purposes of GDPR, UK GDPR, the California Consumer Privacy Act ("CCPA"), and other applicable privacy laws.
This Privacy Policy explains:
- What information Yearloom collects from and about you
- How we use that information
- Who we share it with (and who we do not share it with)
- Your rights and how to exercise them
This policy applies to:
- The Yearloom web application at yearloom.com (and any subdomain)
- Any mobile or desktop app we publish under the Yearloom name
- Marketing pages, support content, and emails we send you
It does not apply to third-party services that we link to. When you click out to a different service, that service's privacy policy governs.
If you do not agree with this policy, please do not use Yearloom.
2. The information we collect
We collect information in three ways: information you give us directly, information we collect automatically when you use Yearloom, and information we receive from third parties you have connected.
2.1 Information you provide
Account information. When you sign up we collect your email address (used for sign-in via passwordless email link), your chosen username, and a display name. You may also add a profile photo and a short bio. If you sign in using Google or Apple, we receive the basic profile information that provider releases to us.
Sensitive personal information. Yearloom timelines often include information that is "sensitive" under privacy law: health events, religious practice, sexual orientation, political activity, ethnicity, or biometric content in photos. You decide what to record. We use this information only to provide the service to you at the privacy level you set. We do not infer attributes from it, build a profile from it, or use it for advertising of any kind.
Timeline content. Yearloom is built around things you choose to record:
- Events (titles, descriptions, dates, fuzzy or exact)
- Categories you create (with names, colors, and a privacy level)
- Photos and other media you attach to events
- Map pins and locations
- Comments and replies on events
Photo metadata (EXIF). Photos you upload may contain embedded metadata such as GPS coordinates, camera serial number, and timestamps. Yearloom strips GPS coordinates from photos on upload by default. Other technical metadata is retained and stored alongside the photo, because removing it can degrade quality. You can choose to keep GPS metadata on a per-upload basis if you want it preserved.
Privacy and category settings. Your timeline-wide privacy level (private, family-only, friends-family, or public), per-category overrides, and per-event overrides are stored on your account so we can enforce them.
Relationships and your network. When you accept friend or family requests, we record the connection and its type (for example, sibling, parent, friend, guardian). When you nominate a guardian for a minor's account, we record the relationship and the guardian's permissions.
Memorial and legacy designations. If you mark a timeline as memorialized, or designate a future contact who can manage your timeline if you pass away, we store that designation and act on it according to your wishes.
Communications with us. If you contact support or reply to a service email, we keep a record of the conversation.
2.2 Information we collect automatically
- Device and connection. IP address, browser type and version, operating system, screen size, and language.
- Usage data. Pages you visit inside Yearloom, the timelines you view, features you use, and approximate times of use.
- Logs. Server logs that record requests, error reports, and crash reports. These help us debug and protect the service from abuse.
- Cookies and similar technologies. See section 6.
We collect this information from anyone who loads a Yearloom page, including visitors who view a public timeline without signing in. Logged-out visitors are subject to the same logging and cookie disclosures described in this policy.
We do not place tracking pixels for advertising on the Yearloom site, because we do not run ads.
2.3 Information about other people that you add
This is the part of Yearloom that resembles a family-tree product more than a typical social app. When you add an event involving a relative, friend, or ancestor, you may end up entering information about a person who is not a Yearloom user. Examples include a parent's birthday, a grandparent's name and birthplace, or a photo of a friend at your wedding.
You are responsible for the information you add about other people, and for having a lawful basis to add it. We treat that information as part of your timeline content. We follow these rules:
- Information about a person who is alive and not a Yearloom user is visible only at the privacy level you assign to the event. We default to the most restrictive setting available on your timeline.
- Information about a deceased person is treated as part of the contributor's timeline. Yearloom is the right place to honor and document a life that has ended; we do not require consent from the deceased person, but we follow legal removal requests from estates and family.
- A person who finds information about themselves in your timeline can ask Yearloom to remove or restrict it. We will follow our standard verification and removal process described in section 7.
Information about other people's children. If you upload information about a child who is not a Yearloom user (for example, photos of your own child or a niece on a family event), we treat that information as data about a third party. We default the privacy level for events involving a minor to family only regardless of your timeline-wide setting, and a parent or legal guardian of the child can request immediate removal under section 7.
2.4 Information from third parties
If you sign in with Google or Apple, we receive basic profile information from them.
If you connect another service in the future (for example, importing photos from Google Photos), we will only receive what that service shares for the integration you authorize, and we will tell you in advance what that includes.
We do not buy data from data brokers or marketing aggregators.
3. How we use information
We use the information we collect for the following purposes:
- Operate the service. Authenticate you, sync your timeline across devices, render your timeline, store and display photos, deliver notifications, and process the friend, family, and guardian relationships you create.
- Enforce your privacy settings. Apply your timeline, category, and event privacy levels to every read request so the right people see the right things.
- Personalize your experience. Remember your zoom level, last-viewed timeline, language, and other preferences across sessions and devices.
- Keep Yearloom safe. Detect and prevent fraud, abuse, spam, and policy violations. Investigate reports.
- Communicate with you. Send transactional emails (sign-in links, friend requests, comments, security notices). Send opt-in product updates if you choose to receive them.
- Improve Yearloom. Understand what features are used and which fail, so we can fix bugs and prioritize improvements. We use aggregated and anonymized data wherever possible.
- Comply with the law. Respond to lawful requests from authorities and meet our own legal obligations.
We do not use your information to:
- Train artificial intelligence or machine learning models on your private content
- Build a profile of you for advertising
- Sell or rent your information
Our position on AI features. If we ever build AI-assisted features in Yearloom (for example, suggesting categories for new events, helping you write a description, or auto-tagging photos), they will run only on your own data, with your consent, and any underlying model providers will be bound by contract not to train their models on it. We will never quietly route your private content through a model that retains it.
If we ever change one of these positions, we will say so clearly and ask for your consent before applying the new use to information collected before the change.
4. Privacy levels and what "shared" really means
Yearloom's privacy model is simple to understand and strict to enforce. Every event has a privacy level. The level is the most restrictive of:
- The event's own setting
- The category the event belongs to
- The timeline-wide setting
We call this "the most restrictive wins". You cannot accidentally make something more visible than your strictest setting.
The four levels are:
- Private. Only you (and any guardian assigned to your account) can see it.
- Family only. You, your guardian, and people you have connected as family.
- Friends and family. You, your guardian, family, and friends.
- Public. Anyone on the internet, including people who are not signed in to Yearloom. Public timelines may also be indexed by search engines.
If you are in a guardian relationship and you and your guardian set a different privacy level for the same event or category, the more restrictive setting always wins.
Public content is the only category of content that may appear outside Yearloom (in search results, archived caches, or third-party tools). If you change a public event to private, copies that already exist in third-party caches are outside our control.
5. Who we share information with
We share information in five situations.
5.1 With other Yearloom users, according to your settings
This is what Yearloom is for. Friends, family, guardians, and (for public content) members of the public can see what your privacy levels allow them to see.
"Friends" and "family" mean people you have personally connected with on Yearloom. Yearloom does not propagate visibility to friends-of-friends. If you connect Alice as a friend and Alice connects Bob as a friend, Bob still cannot see your friends-only content unless you connect with Bob directly.
5.2 With service providers (sub-processors) acting on our behalf
We use a small set of service providers to actually run Yearloom. They are bound by contract to use your information only for the services they perform for us, and to protect it.
| Provider | What they do | Region |
|---|---|---|
| Google Cloud / Firebase (Firestore, Cloud Functions, Storage, Hosting, Auth) | Stores your timeline, photos, and account; runs server logic; authenticates sign-in | United States; multi-region |
| Brevo (Sendinblue SAS) | Delivers transactional emails (sign-in links, notifications) | France (EU) |
| c15t.com | Cookie consent management | EEA |
We will keep the current list of sub-processors at the URL referenced in section 14, and notify users in advance of any material change.
5.3 With guardians of minors
If you are under 13 (or the higher minimum age in your country) Yearloom requires a guardian. Your guardian can see and manage your timeline at the access level you and they have agreed. See section 8 for details.
5.4 When required by law or to protect people
We may share information if we have a good-faith belief that doing so is necessary to:
- Comply with a law, regulation, court order, or other valid legal process
- Enforce the Yearloom Terms of Service
- Detect, prevent, or address fraud, security, or technical issues
- Protect the rights, property, or safety of Yearloom users or the public, including in an emergency involving risk to life
When we receive a legal request, we evaluate it. We will resist requests we believe are overbroad and, where the law allows, we will tell the affected user.
5.5 In a business transfer
If Jalapeno Labs LLC is acquired by, merges with, or sells assets to another company, your information may transfer to that company as part of the transaction. We will require the new owner to honor this Privacy Policy or give you notice and a chance to delete your data before any change takes effect.
5.6 What we do not do
We do not sell your personal information. We do not share it with advertising networks or data brokers. Yearloom is not funded by advertising and we have no incentive to do either.
For California residents: under CCPA / CPRA definitions we do not "sell" or "share" your personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. If you visit Yearloom from a browser that sends a Global Privacy Control (GPC) signal, we treat it as a valid opt-out request for any future sale or share, even though we have none today.
6. Cookies and similar technologies
We use cookies and local storage for three purposes:
- Strictly necessary. Authentication and session, security, and load balancing. These cannot be turned off because the site does not work without them.
- Functional. Remember preferences such as your language, theme, last-viewed timeline, and zoom level.
- Analytics. Aggregate, privacy-respecting usage statistics that help us understand which features are used.
We do not use advertising cookies or cross-site tracking pixels.
When you first visit Yearloom from a region that requires a cookie banner, c15t.com will collect your preferences. You can change them at any time from the link in the site footer.
7. Information about other people
We covered this in section 2.3 because it shapes how data is collected, but it deserves to be its own section because it is one of the most consequential parts of a life-timeline product.
When you add an event, photo, or relationship that involves another person, you are responsible for:
- Having a lawful basis to do so under your local law
- Respecting the privacy and dignity of the people involved
- Honoring requests from those people to remove or restrict the information you have added
Yearloom honors removal requests from third parties. If a person believes you have published information about them that they did not consent to, they can email [email protected]. We will:
- Verify the requester's identity to the extent reasonably possible
- Notify the contributor of the request and review the content (where legally permitted; we may proceed without notice if the content is unlawful or poses a safety risk)
- Restrict, remove, or anonymize the content as appropriate
We do not pre-screen content before it is published. We act on reports.
Right to appeal. If we remove or restrict content you posted, or if we suspend your account, you can appeal the decision by emailing [email protected] within 30 days. A different person from the one who made the original decision will review the appeal and respond within a reasonable time.
8. Children, guardians, and COPPA
Yearloom is not directed to children under 13 in the United States, or under the equivalent age of digital consent in other jurisdictions (16 in some EU countries, for example). However, we recognize that life timelines for children are valuable, and we support them through a guardian system.
8.1 The guardian system
A child under the applicable minimum age cannot create a Yearloom account directly. A parent or legal guardian can:
- Create an account that they manage on behalf of the child
- Or, in jurisdictions where verifiable parental consent has been obtained, create an account in the child's name with the guardian as supervising party
Guardians can:
- View and edit the child's timeline
- Set privacy levels (and override the child's settings if more restrictive)
- Manage friend and family connections
- Request data export and deletion
8.2 Verifiable parental consent
Where required by COPPA or local law, we obtain verifiable parental consent before collecting personal information from a child. We use the methods accepted by the FTC at the time, including credit card verification, signed consent forms, or knowledge-based authentication.
8.3 The "private wins" rule
If a child sets a privacy level on an event or category and the guardian sets a different one, the more restrictive setting always wins. A child cannot make something more visible than the guardian wants, and a guardian cannot make something more visible than the child wants.
8.4 If we discover a child has signed up without a guardian
If we learn that we have collected personal information from a child under the applicable minimum age without proper guardian involvement, we will delete the information and the account promptly. If you believe a child has created an account without consent, please contact [email protected].
9. Memorial mode and what happens to a timeline after death
Yearloom is built to record a life. We have to think about what happens at the end of one.
9.1 Designating a future contact
You can name a future contact in your account settings. If we receive verified notice that you have passed away, we will (depending on your designation):
- Memorialize your timeline (freeze edits, mark it as memorialized)
- Transfer management to your designated contact
- Delete your account and its content
If you have not made a designation, we will memorialize your timeline by default upon receiving verified notice.
9.2 Requests from family and estates
A surviving family member or estate executor can contact [email protected] to request:
- Memorialization of the timeline
- A data export
- Deletion of the account
We will require documentation (death certificate, proof of relationship or executor status) before acting on the request.
9.3 What memorialized means
A memorialized timeline:
- Cannot be signed into
- Stops collecting new login or device data
- Continues to be visible at the same audience level it had at the moment of memorialization. A timeline that was public stays public; one that was friends-and-family stays friends-and-family. We do not auto-restrict the audience, on the principle that a memorial is meant to be seen by the people who already had access.
- Can no longer be edited (unless management was transferred to a designated contact)
The designated contact, where one exists, can change the visibility of a memorialized timeline.
9.4 Information about deceased people in others' timelines
When other Yearloom users have added information about a deceased person to their own timelines, that content is part of those users' timelines. We do not automatically remove it, but a verified estate or close family member can request that we restrict or remove specific content under section 7.
10. Your privacy rights
Depending on where you live, you have some or all of the following rights. Yearloom honors these rights for everyone, regardless of jurisdiction, where it is reasonably possible.
- Access. Get a copy of the personal information we hold about you.
- Correction. Fix information that is inaccurate.
- Deletion. Ask us to delete your account and personal information, subject to legal exceptions.
- Portability. Export your timeline, events, photos, and relationships in a machine-readable format. Yearloom builds this into the product as a first-class feature in Settings › Export Data.
- Objection and restriction. Object to certain processing or ask us to restrict it.
- Withdraw consent. Where we rely on consent, you can withdraw it at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email [email protected] or use the in-app tools in Settings. We will verify your identity and respond within the time required by your local law (typically 30 days).
We will never retaliate against you for exercising your rights.
11. Data retention
We keep different categories of information for different periods.
| Category | Retention |
|---|---|
| Account profile (email, username, display name, photo) | For the life of your account |
| Timeline content (events, descriptions, comments) | For the life of your account, or until you delete it |
| Photos and other media | For the life of your account, or until you delete them. Older media may be migrated to colder storage tiers for cost reasons; this does not change your access to it. |
| Server logs (IP address, user agent, request paths) | 30 days |
| Crash and error reports | 90 days |
| Support email correspondence | 18 months |
| Cookie consent records | 13 months (or as required by local law) |
| Suspended-account identifiers (hashed email or phone) | Indefinitely, to prevent re-registration after a terms violation |
| Backups | Up to 30 days after deletion |
When you delete your account, we begin deletion within 24 hours. Photos and other media are removed from active storage with the rest of your content; copies in backups and cold storage are purged within 30 days.
We may keep limited information longer if required to:
- Comply with a legal obligation
- Resolve disputes or enforce our terms
- Prevent re-registration of an account that violated our terms (we keep hashes of identifiers for this purpose)
Inactive accounts. Yearloom does not currently take action on accounts based on inactivity. If we adopt an inactivity policy in the future, we will give affected accounts at least 12 months of advance notice (with multiple email reminders) before deleting or memorializing them, and the account holder will always be able to keep the account active by signing in.
12. Security
We protect Yearloom and your information using industry-standard practices, including:
- HTTPS / TLS for all traffic between you and Yearloom
- Encryption at rest in Firebase (Firestore, Cloud Storage)
- Firebase Authentication with passwordless email links and optional federated sign-in
- Firestore Security Rules that enforce per-document privacy on every read
- Separation of duties for the small Jalapeno Labs team that operates the service
- Logging and monitoring for unusual activity
No system is perfectly secure. If we ever discover a security incident that affects your data, we will notify you and the relevant authorities as required by law.
You can help by using a strong, unique sign-in method and by signing out of shared devices.
13. International transfers
Yearloom is operated from the United States. We use Firebase services that may store data in the United States or in other regions where Google operates. If you live in the European Economic Area, the United Kingdom, or Switzerland, we rely on Google Cloud's Standard Contractual Clauses (or successor mechanisms approved by your regulator) to lawfully transfer your data.
You can contact us for a copy of the safeguards we use for international transfers.
14. Sub-processors and changes to this policy
The current list of sub-processors will be available at https://yearloom.com/legal/sub-processors. We will provide at least 30 days advance notice before adding a new sub-processor that has access to personal data, so you can review the change and decide whether to keep using Yearloom.
We may update this Privacy Policy as Yearloom evolves. When we do:
- Minor changes (clarifications, formatting) take effect when posted, with the new "Last updated" date.
- Material changes will be announced by email and an in-app banner at least 30 days before they take effect, except where a shorter period is required by law.
You can always view the current version at https://yearloom.com/legal/privacy. Previous versions will be linked at the bottom.
15. How to contact us
For privacy questions, requests, or complaints, contact us at:
- Email:
- [email protected]
- Privacy lead:
- Alex Navarro, [email protected]
- Mailing address:
- Jalapeno Labs LLC, 2210 E Sharptail St, Meridian, ID 83646, USA
If you are in the European Economic Area, the United Kingdom, or Switzerland and are not satisfied with our response, you can lodge a complaint with your local data protection authority.
Transparency report
Yearloom commits to publishing an annual transparency report summarizing any government, law enforcement, or third-party legal requests we received and how we responded. The first report will be published the year after we receive a qualifying request.
Glossary
- Personal information / personal data.
- Any information that identifies you or could be used to identify you, alone or combined with other information.
- Sub-processor.
- A company we use to provide part of the Yearloom service that has access to personal data on our behalf.
- Controller.
- The party that decides why and how personal data is processed. Jalapeno Labs LLC is the controller for Yearloom.
- Processor.
- A party that handles personal data on the controller's behalf, under contract. Firebase, Brevo, and c15t are processors.
Appendix A: Regional notices
A.1 California (CCPA / CPRA)
California residents have specific rights under the CCPA and CPRA, all of which we honor for every Yearloom user globally:
- Right to know what categories and specific pieces of personal information we collect
- Right to delete
- Right to correct
- Right to opt out of "sale" or "sharing" of personal information (we do neither)
- Right to limit use of sensitive personal information (we do not use sensitive personal information for purposes other than providing the service)
- Right to non-discrimination for exercising these rights
A.2 EEA, United Kingdom, Switzerland (GDPR / UK GDPR)
The legal bases on which we process your information:
| Processing activity | Legal basis |
|---|---|
| Creating and maintaining your account, syncing your timeline, rendering content, processing friend / family / guardian relationships | Performance of a contract |
| Sending sign-in links, friend request notifications, comment notifications, security alerts | Performance of a contract |
| Verifiable parental consent for minors | Legal obligation |
| Responding to lawful requests from authorities | Legal obligation |
| Preventing fraud and abuse, debugging errors, securing the service, aggregated product analytics | Legitimate interests (you may object at any time) |
| Marketing emails, optional product update emails, precise location, optional integrations | Consent (you may withdraw at any time) |
You have the right to lodge a complaint with your local supervisory authority. We have not yet appointed an EU or UK Article 27 representative; if you live in the EEA or the UK and need to reach a designated representative, contact us at [email protected] and we will help you raise your concern with our lead supervisory authority.
A.3 Other jurisdictions
We honor equivalent rights for residents of other jurisdictions where applicable privacy laws grant them. Contact us at [email protected] for jurisdiction-specific questions.