Last updated: February 23, 2026
This Privacy Policy explains how Yasmin Stokinger, self-employed in Switzerland and operating under the brand name “heyyoli” (“we”, “us”, “our”), collects, uses, and shares personal data when you use our services (the “Services”), including:
our website https://www.heyyoli.com, and our web-based application available at https://app.heyyoli.com (the “App”).
If you have questions, contact us at hey@heyyoli.com or by post at Hauptgasse 34, 9620 Lichtensteig, Switzerland.
We collect personal data that you provide directly to us, as well as certain information that is collected automatically when you use our Services.
a) Account Information
When you create an account in the App, we collect:
You are responsible for ensuring that the information you provide is accurate and up to date.
b) Google Login
You may choose to register or log in using your Google account. In this case, Google authenticates you and provides us with your email address for the purpose of creating or accessing your user account. We do not request access to additional Google account data, and we do not store Google profile information beyond your email address. Google may process personal data as part of the authentication process in accordance with its own privacy policy. Where applicable, our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
c) Onboarding and Usage Information
When using the App, we collect certain interaction and usage data, including: Your onboarding selections (e.g., areas you would like to explore such as “connect to my body” or “self-confidence”) Interactions with content (e.g., reactions such as “thumbs up”) Activity timestamps (e.g., most recent activity date)
We use this data in aggregated or pseudonymized form to analyze engagement metrics such as: Daily Active Users (DAU), Weekly Active Users (WAU), Monthly Active Users (MAU) This information is used solely for internal analytics and service improvement.
d) Payment Information
Payments are processed through external payment providers, such as Stripe. We do not store full payment card details. Payment information is processed directly by the respective payment provider in accordance with their privacy policies.
e) Automatically Collected Technical Data
When you access the Services, certain technical data may be collected automatically, including:
We use Google Analytics, a web analytics service provided by Google Ireland Limited, to analyze how users interact with our website and App. Google Analytics uses cookies and similar technologies to collect information such as IP address and usage data.
This information helps us understand user behavior and improve our Services. Further details are provided in the section “Cookies and Tracking Technologies” below.
f) Newsletter and Communication Data
If you subscribe to our newsletter or receive email communications from us, we process:
- Your email address
- Information about email opens
- Links clicked within emails
We use Brevo (Sendinblue GmbH / Brevo SAS) as our email service provider. Brevo may process email interaction data (such as open rates and click behavior) to help us analyze and improve our communications.
We process your personal data for the following purposes:
a) To Provide and Operate the Services
We use your data to:
b) To Improve and Develop the Services
We use usage and analytics data to:
Analytics data is used in aggregated or pseudonymized form wherever possible.
c) To Communicate With You
We may use your data to:
You may unsubscribe from marketing communications at any time.
d) To Ensure Security and Prevent Misuse
We may process data to:
e) To Comply With Legal Obligations
We may process personal data where required to:
We process personal data only where we have a valid legal basis under applicable data protection law, including the Swiss Federal Act on Data Protection (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).
Depending on the context, we rely on the following legal bases:
a) Performance of a Contract
We process personal data where necessary to:
This processing is necessary to perform the contract between you and us.
b) Consent
We rely on your consent where required, for example:
You may withdraw your consent at any time with future effect.
c) Legitimate Interests
We may process personal data where it is necessary for our legitimate interests, provided that your interests or fundamental rights do not override those interests.
This includes:
d) Legal Obligations
We may process personal data where necessary to comply with:
We may share personal data with trusted third-party service providers who support the operation of our Services. These providers process data on our behalf and only to the extent necessary to provide their services.
a) Service Providers
We may share personal data with the following categories of service providers:
These providers process personal data only in accordance with applicable data protection laws and under appropriate contractual safeguards.
b) Legal Requirements
We may disclose personal data if required to do so by law or in response to valid legal requests by public authorities.
c) Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction.
Some of our service providers may process personal data outside of Switzerland or the European Economic Area (EEA), including in the United States.
Where personal data is transferred to countries that do not provide an adequate level of data protection under applicable law, we ensure appropriate safeguards are in place. These may include:
You acknowledge that certain providers (such as Google, Stripe, Bubble, and Webflow) may process data in the United States or other third countries in accordance with their respective privacy policies and contractual safeguards.
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
In particular:
Account data is retained for as long as your account remains active.
If you delete your account, your personal data will be deleted or anonymized, unless retention is required for legal obligations.
Payment and transaction data may be retained for longer periods in order to comply with accounting and tax laws.
Usage data and analytics data may be retained in aggregated or anonymized form for statistical and service improvement purposes.
Where deletion is not immediately possible (e.g., due to backup systems), data will be securely stored and isolated from further processing until deletion becomes possible.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure.
Access to personal data is restricted to authorised personnel only and limited to what is necessary for operational purposes.
Our services are hosted via professional infrastructure providers and use encrypted connections (HTTPS). Payments are processed by certified third-party payment providers and we do not store full payment details on our own servers.
Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security. You use the Services at your own risk.
Our Services are intended exclusively for individuals who are at least 18 years old.
We do not knowingly collect, solicit, or process personal data from individuals under the age of 18. By using the Services, you confirm that you are at least 18 years old.
If we become aware that personal data from a person under 18 has been collected without verified parental consent, we will take appropriate steps to delete such data without undue delay.
If you believe that we may have collected data from a minor, please contact us at: hey@heyyoli.com
Depending on your place of residence, you may have certain rights regarding your personal data under applicable data protection laws.
If you are located in Switzerland or the European Economic Area (EEA), you may have the following rights:
To exercise your rights, please contact us at:
hey@heyyoli.com
We may request appropriate verification of your identity before processing your request.
If you are located in the European Union and believe that we process your personal data unlawfully, you also have the right to lodge a complaint with a supervisory authority in your country of residence.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).
We use cookies and similar technologies to operate, secure, and improve our Services.
Cookies are small text files stored on your device when you visit a website. They allow us to recognize your browser and collect certain technical and usage information.
We use:
Where required by applicable law, non-essential cookies (such as analytics cookies) are only used after obtaining your consent through our cookie banner.
You can manage or withdraw your cookie preferences at any time through your browser settings or via the cookie management tool available on our website.
Further details about the specific cookies used, their purpose, and retention periods can be found in our separate Cookie Policy.
We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data processing practices.
The updated version will be indicated by a revised “Last updated” date at the top of this Privacy Policy.
If we make material changes, we may notify you through the Services or by email where appropriate.
We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.
If you have any questions about this Privacy Policy or about how we process personal data, you may contact us at:
Email: hey@heyyoli.com
Postal address: Hauptgasse 34, 9620 Lichtensteig, Switzerland.
