At Frappé, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard the data that you provide to us or that we collect when you use our AI-based content generator service available on our website www.yazo.ai (referred to as "Service" or "Website"). We value your trust and strive to be transparent about our data practices, so we encourage you to read this Privacy Policy carefully.

By using our Service and Website, you acknowledge that you have read, understood, and agree to the terms and conditions of this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use our Service. This Privacy Policy may be updated from time to time, and the most current version will be posted on our Website. Your continued use of the Service after any changes to the Privacy Policy constitutes your acceptance of such changes.

We may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy.

Please note that this Privacy Policy applies solely to the data collected by Frappe through our Service and does not apply to any other websites, services, or applications that may be linked to or integrated with our Service. We encourage you to review the privacy policies of any third-party websites or services you may access through our Service.

If you have any questions or concerns about our privacy practices, please contact us using the contact information provided at the end of this Privacy Policy. We appreciate your trust in us and are committed to protecting your privacy.

In context of the GDPR, Frappe is the Data Controller. Our Data Controller contact information in that case is:

Frappé, obrt za usluge, vl. Franjo Pešut
Ulica sv. Nikole Tavelića 17
10000 Zagreb, Croatia
[email protected]


I. Definitions

Account – an account refers to a personal user profile or registration created by an individual within the AI content generator app. The account allows users to access and utilize the features and services offered by the app, including generating content, managing preferences, and storing content settings.

Content– any prompts you provide to generate content and any content our Services provide to you based on your prompts.

Data Subject – an identified or identifiable natural person, the User.

Frappé – FRAPPE, obrt za usluge, vl. Franjo Pešut which provides and implements specialized software solutions with its registered office in Zagreb, Ulica sv. Nikole Tavelića 17.

GDPR – Regulation (EU) 2016/679 of The European Parliament and of The Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data, Data – User Data, data entrusted to us by our Users for processing, i.e., data of our Users, processed in relation to the use of the Service.

Platform – website that is hosted by Frappé. Users can log in to their Account via the Platform.

Policy – this Privacy Policy.

Processing – operations performed on Personal Data such as collection, recording, storage, adaptation or alteration, disclosure, creating backup copies, and other operations necessary to provide the Service or use the Platform.

Service – Yazo AI content generator created and provided by Frappé electronically in the Software-as-a-Service model (Saas).

Standard Contractual Clauses, SCC – contractual clauses annexed to the Commission Implementing Decision on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679.

Terms & Conditions – Frappé Terms & Conditions.

User – Users refer to individuals who have created an account and registered with the Website. Users may include individuals who have completed the registration process, and agreed to the Terms & Conditions and this Privacy Policy. Users may generate content, customize settings, and interact with the Service's features. Users may also be referred to as 'account holders' or 'registered users' and may be required to provide Personal Data during the registration process. Users may access and utilize the Service through various devices, such as smartphones, tablets, or computers.


II. What Personal Data Do We Collect?

When you access and use our Service, i.e., Website, we may collect your Personal Data.

You are under no obligation to provide Personal Data to us. However, certain Personal Data is essential for the provision of and/or the quality of Service, and you might not be able to obtain certain features of the Service if you do not provide the information required.

The Personal Data we collect from you may include the following:

1. Account Data: In order to use our Service, you will need to register and create an account. During the registration process, we will collect information associated with your Account: your name, surname, email address and country residence. As part of the registration process, you will be required to create a password for your account. Please note that your password is encrypted and stored securely in our system. When you choose to upload a profile picture to your profile, we collect and store that image. Uploading a profile picture is optional, and you can use our Service without providing one.

2. Payment Data: If you choose to upgrade and purchase one of the services plans, we may collect additional information for invoicing purposes. This may include your country, address, city, postal code, and municipality. Please note that we use a third-party payment processor, Stripe, to process payments. When you make a payment, your payment information, such as credit card details or other payment method information, may be collected and processed by Stripe directly. We do not store or have access to your payment information. Stripe use of your payment information is governed by its their Privacy Policy, which we encourage you to review.

3. User Content (to the extent it contains Personal Data): When you use our Services, we may collect Personal Data that is included in the input, file uploads or feedback that you provide to our Service, including any prompts you provide to generate Content and any Content our Services provide to you based on your prompts.

4. Usage Data: When you use our Service, we may automatically collect certain Data about your interactions with the Service, such as your IP address, browser type, operating system, referring URL, pages visited, and the dates and times of your interactions.

5. Communication Data: If you contact us for support, inquiries, or other purposes, we may collect and retain the content of your communication with us, as well as any other information you provide to us during such communication.

6. Marketing Data: Such as your preferences for receiving communications about our activities, deals, advice, publications, and details about how you engage with our communications (as long as you agreed to receive it).

7. Log and Usage Data: When you use our Services, our servers automatically collect and store some Data about your device, browser, and activity in log files. This information helps us to provide and improve our Services. It may include your IP address, device details, browser type and settings, the date and time of your usage, the pages and files you view or interact with, the features you use, and any errors or problems that occur on your device.

8. Device Data: We collect device data such as information about your computer, phone, tablet, or another device you use to access the Service. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

9. WordPress Export: Our Service provides support for WordPress export, allowing Users to transfer generated texts to their WordPress website. In order to enable this feature, we may collect and store the WordPress application password and username provided by the user on our servers. This information is used solely for the purpose of facilitating the transfer of generated texts and is not shared with any third parties. We take appropriate measures to protect the confidentiality and security of this information, including encryption and access controls. By using this feature, Users consent to the collection and storage of their WordPress application password and username by our service.

We use cookies and similar technologies to collect some of this information. For further details, including to learn how you can control cookies, please read our Cookie Policy.

We collect Personal Data only for the purposes stated in this Privacy Policy and as required to provide the Service to you. You are not obligated to provide us with any Personal Data but please note that failure to do so may prevent you from accessing or using certain features of our Service.


III. Why Do We Process your Data?

Your Personal Data is processed by Frappé in order to execute the Service provided to you and offered by the Website. As per the rule of minimisation, we only process the categories of personal data that are considered necessary to achieve purposes specified.

Your Personal Data is processed for the following purposes:

1. To provide the Service

We collect and process your Data because it is essential in order for you to be able to utilize our Service.

This means that we need to process your Personal Data in order for you to register as our User and to use certain features of our Service. Without this processing, we would not be able to offer our Service or allow you to access and use our Platform.

Such processing is carried out on the basis of legal regulations that allow us to process Personal Data if that is necessary for the performance of a contract (Art. 6 par. 1 item b. of the General Data Protection Regulation).

2. For legitimate business interests

Our legitimate interests constitute the legal basis for the processing of your Personal Data (Art. 6.1. (f) of GDPR). Below you’ll find a list of our legitimate interests.

a. For analytical purposes. We believe we have a legitimate interest in analysing Service operations. Our aim is to constantly develop and to provide the Service of the highest quality.

b. To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service that’s unlawful or incompatible with the Terms & Conditions or to defend ourselves against such claims.

c. To conduct User satisfaction surveys. We believe we have a legitimate interest in verifying if our Users are satisfied and what would help us improve the quality of the Service.

d. To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection.

3. To send you marketing communication

This processing is based on your consent (Art. 6. sec. 1(a) of GDPR).

4. To process User inquiries

We treat the Personal Data you provide to us when contacting our Customer Service as confidential.

We use your Data solely for a specific purpose in order to process your inquiry related to the protection of privacy rights and respond to it.

The legal basis for the processing of data arising from your request is Art. 6 par. 1 item f) and item b) of the General Data Protection Regulation. Our and your simultaneous (legitimate) interest in this data processing arises from the goal of answering your inquiries, possibly solving the existing issues and thus maintaining and improving your satisfaction as a User of our Service. The legal basis for the processing of your privacy rights is Art. 6 par. 1 item c) of the General Data Protection Regulation to the extent necessary to comply with our legal obligations.


IV. Do we process Personal Data of Children or Special Categories of Personal Data?

We do not process Personal Data of children, nor do we collect or process special categories of Personal Data.

The Service is directed to persons who are over 16 (sixeen) years old. When you start using the Service, you declare that you are over 16 years old. We ask minors below the age of 16 not to share any information with us, especially Personal Data.


V. Duration of Retention of Personal Data

Unless specifically provided otherwise in this Privacy Policy, we retain your Personal Data to protect our legitimate business interests and to meet legal obligations for the duration of your usage of the Service or for a minimal period required by law. After you have stopped using the Service (i.e., deleted your User account) we retain Your Personal Data for no longer than 6 (six) months. If you have not logged in to your Account for 6 (six) months we retain the right to automaticaly delete all your Personal Data from our servers.


VI. Who We Disclose Your Personal Data To?

1. OpenAI API Data Usage

Our Service utilizes the OpenAI API for generating Content. As a result, Personal Data may be transmitted to and processed by OpenAI as part of the content generation process. We have a Data Processing Agreement (DPA) in place with OpenAI to ensure that any Personal Data processed by OpenAI on our behalf is protected and handled in accordance with the applicable data protection laws and regulations.

Users are advised to review and familiarize themselves with OpenAI's data usage policies , which outline how OpenAI collects, uses, and protects data as part of their API services. OpenAI's data usage policies can be found on OpenAI's website, and Frappé does not control or assume responsibility for OpenAI's data usage practices.

2. Other Data Processors

We use the services of other third-party providers, who process your Personal Data as data processors on our behalf. Personal Data may be shared with entities that process the Data on our request. In such cases, we conclude a contract for personal data processing with such an entity. The processing entity processes the shared Personal Data solely for purposes specified in the aforementioned contract. Without sharing the Personal Data with such entities we would not be able to conduct our business activity in our Website and provide you with our Service.


VII. Which Countries is Your Personal Data Transferred To?

If you use certain functionalities of our Service, your Personal Data may be transferred to third countries, i.e., outside the EEA. In order to secure such transfer we use SCC as an appropriate measure to protect Personal Data in accordance with art. 46 GDPR.

If we transfer Personal Data to recipients in third countries (countries outside the European Economic Area), you can conclude that from the information on data processing by our service providers. In its adequacy decisions, the European Commission has determined whether such a third country ensures an appropriate level of data protection. The exact list of countries for which such a decision has been made by the European Commission can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If the European Commission has not established the existence of an adequate level of protection for a third country, we ensure that an adequate level of personal data protection is guaranteed by other measures, such as binding corporate rules, standard contractual provisions, certification or recognized codes of conduct.


VIII. Is the Confidentiality of My Personal Data Ensured?

To ensure the confidentiality of your Personal Data, our employees are prohibited from unauthorized collection, processing or use of Personal Data. Our employees are trained in data protection regulations and undertake to maintain data confidentiality before starting the employment. This obligation also exists after the termination of their employment.


IX. Is My Personal Data Safe?

We take the security of your Personal Data very seriously. For this purpose, we take technical and organizational measures to protect your Personal Data from hazards during the transfer and processing, but also so that third parties do not come into unauthorized possession of your Personal Data. These measures are regularly adjusted according to the latest standards of modern technology.


X. What are My Rights Regarding the Processing of My Personal Data?

Rights of Users under GDPR: As the Data Controller of the Personal Data collected and processed by us, we are committed to respecting the rights granted to Users under the General Data Protection Regulation (GDPR). These rights may include the right to access, rectify, erase, restrict or object to the processing of personal data, as well as the right to data portability and the right to lodge a complaint with a supervisory authority. Users may exercise these rights by contacting us using the contact information provided in this Privacy Policy. We will respond to such requests in accordance with applicable data protection laws and regulations.

Namely, as per the GDPR, individuals whose Personal Data is being processed by a Data Controller have the following rights:

1. Right to be informed: The Data Controller is obligated to provide information specified in the GDPR, including details about the data being processed, contact information, purposes and legal basis for data processing, recipients or categories of recipients of personal data, if any, and the period for which the data shall be processed or criteria for determining such period. This information should be provided immediately when the data is acquired, or within a reasonable time frame if acquired from another source, unless the individual has already been informed (art. 12 of the GDPR)

2. Right of access: Data Subjects have the right to access and review their Personal Data, including the right to receive copies of their Personal Data. The first copy should be issued free of charge, and subsequent copies may be charged a relevant administrative fee in accordance with the GDPR (art. 15 of the GDPR).

3. Right to rectification: Data Subjects have the right to correct or update their Personal Data held by the Data Controller, in case of any changes or inaccuracies (art. 16 of the GDPR).

4. Right to erasure (right to be forgotten) : Data Subjects have the right to request the Data Controller to delete their Personal Data. This right can be exercised in situations where the purposes for which the data was processed have been fulfilled, consent for processing has been withdrawn, there is no other legal basis for processing, the Data was processed unlawfully, deletion is required by law, or the data relates to a minor collected as part of an information society service (art. 17 of the GDPR).

5. Right to restriction of processing: Data Subjects have the right to request the Data Controller to limit the processing of their Personal Data. This can be done in situations where the accuracy of the Personal Data is questioned, there is no legal basis for processing but deletion is not desired, a rejection of processing has been filed, or the Personal Data is needed for establishing or defending against legal claims (art. 18 of the GDPR).

6. Right to data transfer: Data Subjects have the right to receive their Personal Data in a format that allows them to review it on their computer and transfer it to another Data Controller, if the legal basis for processing was consent or automated processing was involved (art. 20 of the GDPR).

7. Right to object: Data Subjects have the right to object to the processing of their Personal Data for specific purposes, in accordance with applicable laws (art. 21 of the GDPR).

8. Right not to be subject to automated decision-making or profiling: Individuals have the right not to be subjected to automated decision-making or profiling, unless explicit consent is provided, and should be informed of any instances of profiling (art. 22, relating to art. 4.4 of the GDPR).

9. Right to lodge a complaint with a regulatory body: Data Subjects have the right to file a complaint with the relevant supervisory authority if they believe their Personal Data is being processed unlawfully or in violation of their rights under the GDPR (art. 77 of the GDPR).


XI. Can Data Protection Provisions be Amended?

An amendment to the data protection provisions may be required due to a change in legal regulations or data processing circumstances. If the purposes of collecting, processing or using your Personal Data and the identity of the Data Controller and the category of recipient change, we will notify you and, if necessary, ask for your consent.


XII. General Rules When Exercising Your Rights

In case you decide to exercise one or more of the aforementioned rights, we have the right to verify your identity, all for the purpose of protecting your Personal Data. If you frequently or excessively request access to or transfer of your Personal Data (for example, if you request all Personal Data in writing or less than 6 months have passed since your last request), we have the right to request reimbursement of the costs incurred before carrying out such action.


XIII. Links To Other Websites

The Service may contain links to other websites not operated or controlled by Frappé, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.


XIV. Contacting Frappé

Please feel free to contact us if you have any questions about this Privacy Policy. You may contact us at [email protected] or at our mailing address below:

Frappé, obrt za usluge, vl. Franjo Pešut
Ulica sv. Nikole Tavelića 17
10000 Zagreb, Croatia


This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Name Provider Type Purpose Expiry
csrftoken Yazo First party Used to prevent Cross Site Request Forgery. 1 year
sessionid Yazo First party Used to store session data. 14 days
django-language Yazo First party Used to store language settings. 30 days
referrer_id Yazo First party Used as part of internal affiliate marketing programme. 30 days
__unid UniConsent First party Used to detect cookie consent state. 11 months
euconsent-v2 UniConsent First party Stores the user's cookie consent state. 11 months
_ga Google Third party Used to identify users for generating statistical data. 399 days
_ga_# Google Third party Used to analyze user's usage of website. 399 days
_fbp Facebook Third party Used to store and track visits across websites. 90 days

Cookie declaration last updated on 17th November, 2023.