Privacy Policy

YAY is a platform for parents, soon-to-be mothers and fathers, and memory lovers. With YAY, you can subscribe to your personal Online journal, share it with loved ones, and print it as a photo book. YAY allows you to save your memories with text, pictures, and videos in the form of journal entries that appear on a timeline. This is your yay-line!

As parents ourselves, we know how risky it feels to put personal information online. Therefore, we offer you the best possible protection of your data based on the highest security technologies. Of course, we store your data in consent with the General Data Protection Regulation (GDPR).

First things first

Your own the copyright to all your personal data. You alone decide who sees them.

Data security at YAY stands for the following directives:

  • the rights to your text, image, and video data remain exclusively with you (unlike Facebook, for example)

  • no other customer or person can see your online journal unless you make your password available to other people

  • we will never publish any of your data

  • we do not use it to advertise, because YAY is financed through subscriptions

  • we never use your data to create a profile of you

  • you can get an export of the data you uploaded to our platform at any time

  • we will irrevocably delete your account if you wish

We use marketing tools to optimize our website, but not for your private, password-protected online journal. Unless we are legally obliged to do so (see below), we do not pass on any data to third parties. We have concluded an order data processing contract (ADV) with the third-party providers with whom we work for the collection, processing, or use of personal data by the service provider. This includes the shipping service providers for newsletters, e-mails, hosting, photo book printing, and Google for the use of Google Analytics.

In our data protection declaration we clarify about you:

  • which data we collect (type of data)

  • which persons are affected (category of affected persons)

  • to what extent and for what purpose do we collect the data

  • what we do with the data

The data protection declaration refers to our website, the private online journals we provide and the external online presences associated with our online offer, such as our social media profiles on Facebook, Instagram, Twitter and Pinterest (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "responsible", we refer to the definitions in Art. 4 of the GDPR.

Responsible for the Offer of YAY and Data protection

Inhaber Philipp Scheit
OT Sibstin
Dorfstr. 12 f
D-23720 Altenkrempe

T: +49 174 6004263
VAT number: DE280778214

1. Collected Data

We collect data that you actively share with us and that helps us to improve the functionality of our offer for you. Data we collect is only processed for our service, but never used for advertising purposes.

I. Types of Data We Collect:

a) Information you share with us

Inventory and contact data such as B., name, e-mail address, and home address you have to tell us when ordering / registering for the trial (the free 30-day test phase) so that you can register as a user with YAY. We save the data in order to manage your user account and to properly invoice you for the product(s) purchased from us (stork package, annual/monthly subscription, photo book). We send the invoice for the purchase of our products online. Your address belongs on the invoice for legal reasons.

b) Data that we receive as a result of your use of YAY

When you visit our website, we collect:

  • Usage data and meta/communication data: This includes e.g. B. device-related information such as browser type, browser version, operating system, IP address, and access times, which we use with Google Analytics to improve our offer (for details see the section on Google Analytics).

For your private online journal created by us, we also record:

  • Content data: These are e.g. B. Text entries, photographs, and videos that you, as a user of YAY, put in your online journal. The data in your online journal is not public if you protect it with a password. Only the people to whom you send the journal password and link can then read your online journal. You have to set the password yourself so that your online journal is not publicly visible (only you can edit the content data or only those to whom you have given your user data (user name and password of the personal editing area), such as your life partner ( See also the section on data security). We only store content data for the purpose of making it available to you as part of our offer. We do not analyze your content, i.e. what you write about or which pictures you upload!

II. Types of Relevant Persons

Visitors and users of our online offer (in the following we refer to the persons concerned collectively as "users" or "customers").

III. Purpose of Processing

  • Provision of the online offer, its functions, and content

  • Contact requests and communication with users

  • Safety measures

  • Security measures/marketing

IV. Terms Used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who is identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data.

The "responsible person" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.

2. Data Security

We strive to protect YAY and our users from unauthorized access to or unauthorized modification, disclosure or destruction of data. The security measures taken include:

  • We have done everything technically to ensure that your photos and texts are stored securely and clearly separated from other customer data. Therefore, the data of each user is in its own database.

  • We carry out multiple backups every day in order to limit the risk of data loss as much as possible. If you would also like to use your data on your own hard drive, you can use the export function in your personal area.

  • Your online journal is not indexed in search engines like Google. This means that it cannot be found on the Internet by entering search terms in search engines such as Google.

  • Your admin space is protected with an admin password. In the admin space, you can write and edit journal entries and change settings, for example. You get the admin password when you start a trial. In addition, you can create a reading password in the settings of your personal area so that nobody can read your online journal who you do not entrust with the reading password.

  • We highly recommend that you change your password regularly and avoid using passwords that are easy to guess.

  • All information between you and our server is encrypted (HTTPS/SSL) so that nobody can intercept the data. This means that all photos and texts that you enter in your online journal are encrypted before they are transmitted from your browser to our server.

  • We encrypt all of our services using SSL.

  • We restrict access to personal data to YAY employees who absolutely need to know the data in order to process it for us.

3. Relevant Legal Bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing.

If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

4. Cooperation with Processors and Third Parties

If, as part of our processing, we disclose data to other people and companies (contract processors or third parties) that you transmit to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if transmission of the Data to third parties, such as to payment service providers, pursuant to Art. 6 Para. 1 lit. b DSGVO is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

5. Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

6. Rights of Data Subjects

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

you have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.

You have the right to request that the data relating to you, which you have provided to us, be received in accordance with Art. 20 GDPR and to request their transmission to other responsible parties.

You also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

6.1. Right of Withdrawal

You have the right to revoke your consent in accordance with Article 7 (3) GDPR with effect for the future.

6.2 Right to Object

You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR.

7. Data Storage With Cookies

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be saved. "Permanent" or "persistent" refers to cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which is used for range measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, we speak of "first-party cookies").

We use temporary and permanent cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in your browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies will lead to functional restrictions and functional failure of this online offer.

8. Local Data Storage

During the ordering process, the data of the order you started will be saved on your device. This means that the data from an order process that has started will be retained if you interrupt the order and visit the website again. The data of started (not shipped) orders are NOT transmitted to us, but only remain on your device (LocalStorage).

9. Your Communication With Us

If you call us, contact us via email or via our social media presence, we record the communication (e.g. Facebook name and subject of your request) in order to e.g. B. to be aware of our past communication and, if necessary, problem-solving if you contact us again. This is especially useful as otherwise only one of our team would be aware of your request, but someone else might reply next time. We do not use social media plug-ins, but the respective social media platforms such as Facebook still collect data (see the relevant section of this data protection declaration).

Our e-mail provider is domainfactory GmbH based in Ismaning, Germany. The e-mail provider is used on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR and an ADV in accordance with Article 28 Paragraph 3 Clause 1 GDPR.

Data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

10. Deletion of Data

The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. i.e. the data will be blocked and not processed for other purposes. This applies e.g. B. for data that must be kept for commercial or tax reasons.

According to legal requirements in Germany, storage takes place in particular for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

11. Business-Related Processing

In addition, we process:

Contract data (e.g., subject matter of the contract, term).

Payment data (eg, bank details, payment history) from our customers for the purpose of providing contractual services, service, and customer care.

12. Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we process inventory data, contact data, content data, contract data, usage data, and meta and communication data from customers, interested parties, and visitors to our online offer on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Article 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of an ADV).

Our internet service provider is netcup GmbH based in Karlsruhe, Germany.

13. Collection of Access Data and Log Files

On the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

14. Provision of Contractual Services

We process inventory data (e.g. names and addresses as well as contact details of users), and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

The data will be deleted after statutory warranty and comparable obligations have expired. The necessity of storing the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted.

15. Ordering Process

As part of the ordering process, you as the user will be informed of the required mandatory information. The data entered during registration will be used for the purpose of using the offer. Users can be informed by email about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention being necessary for commercial or tax reasons in accordance with Article 6 (1) (c) GDPR. It is up to you as the user to back up your data by exporting it before the end of the contract or at any time before. We are entitled to irretrievably delete all of the user's data stored during the contract period.

16. Newsletter and Ebooks

With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to receive it and the procedures described.

Content of our Newsletter

We send newsletters, e-books, e-mails and other electronic notifications with advertising information (hereinafter "newsletters") only with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. Our newsletter also contains information about our services and our company.

Double Opt-in and Logging

The registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after your registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the registration and confirmation times as well as the IP address. The changes to your data stored by the shipping service provider are also logged.

The registration process is logged on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests as well as meets user expectations and also allows us to prove consent.


To register for the newsletter, it is sufficient if you enter your e-mail address and a (first) name for the purpose of addressing you personally.


You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

16.1 Newsletter Provider

The newsletter, eBooks and e-mails from the onboarding and other e-mail funnels of YAY are sent using the shipping service provider encharge, a newsletter shipping and marketing platform of Smel Nov Svyat EOOD based in 59 Uoshbarn, Sofia, Bulgaria.
Contact encharge:
Str. Cherkovna 57, office 19, Sofia, Bulgaria, 1505.W:
T: +359877991191

The e-mail and marketing platform is used on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR and an ADV in accordance with Article 28 Paragraph 3 Clause 1 GDPR.

The e-mail and marketing platform can use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.

16.2 Newsletter - Analytics

The newsletters contain a so-called "web beacon", i. H. a pixel-sized file that is retrieved from the encharge server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are initially collected.

This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our aim nor that of the shipping service provider to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to you or to send different content according to the interests of our users.

The sending of the newsletter and the success measurement associated with it are based on the consent of the recipients in accordance with Article 6 Paragraph 1 Letter a, Article 7 GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG or on the basis of the legal permission according to § 7 paragraph 3 UWG.

17. Online Social Media Presence

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties, and users who are active on these networks and platforms. We also use it to inform them about our services. By using the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.

We process user data if they send us private messages within social networks and platforms.

18. Use of Vimeo

We offer you the option of embedding videos in your YAY online journal via the “Vimeo” platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA, by clicking on the link of the Vimeo Insert videos into a text box of a journal entry.

You can upload password-protected videos to Vimeo and view them directly in your online journal by embedding the link. For technical reasons, the integration of videos calls up the Vimeo servers. Vimeo uses cookies. For the use of data from your end device and your browser, we refer to the data protection information from Vimeo. If you want to prevent Vimeo from storing your data, do not include videos via Vimeo in your online journal. You can find out more about Vimeo's privacy under Settings and Private mode.

19. Use of our Facebook Page

You can reach us through our Facebook page We do not use Facebook Pixel or other social media plug-ins. However, Facebook collects data from users who visit our fan page. For the use of data from your end device and your browser, we refer to Facebook's data protection information and the associated declaration. Under GDPR, Facebook explains how the company deals with the GDPR. If you want to prevent Facebook from storing data about you by collecting our fan page, do not visit and interact with us in other ways.

20. Use of Google Analytics

We use Google Analytics for the YAY website in order to present our products in the best possible way and to continuously improve our service. For the private, password-protected baby diaries, we do NOT use this or other services for evaluating data! If you want to object to the use, you can do so under <a href="#" class="revoke-policy">Privacy Settings</a> do. By NOT agreeing, Google Analytics will not be loaded and used for our website In this case, however, it is more convenient to use the Chrome plugin

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) we use Google Analytics, a web analysis service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that your IP address as a user will be abbreviated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. As a user, you can prevent the storage of cookies by making a corresponding setting in your browser software; You can also prevent the collection of the data generated by the cookie and related to the use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in under this link. Google Analytics is used on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR and an ADV in accordance with Article 28 Paragraph 3 Clause 1 GDPR.

You can find more information on data used by Google, setting and objection options on the Google websites:

21. Changes to Our Privacy Policy

Our privacy policy may change from time to time. Any changes to the privacy policy will be posted by us on this page. We will not restrict your rights under this privacy policy without your express consent. If the changes are material, we will notify you by email. We will also keep older versions of this Privacy Policy in an archive for your reference.

22. Further Information

Do you have further questions? Write us an email or give us a call. We look forward to helping you:
T: +49 45645879914

The data protection declaration was created using the data protection by RA Dr. Created by Thomas Schwenke. It was adapted by us and supplemented with understandable formulations.