Yorra — Privacy Policy

Effective Date: July 8, 2026·Last Updated: July 6, 2026

The short version

  • We collect the information you give us (parent contact info, athlete info, school lists, activity notes) and a small amount of technical data (like your browser type and pages you visit).
  • We use that information to run Yorra for you. That's it.
  • We don't sell your data. We don't share it with college coaches. We don't share it with other Yorra customers. We don't license it to anyone to train AI models.
  • We use trusted third-party services (Stripe for payments, Supabase for our database, and AI tools like OpenAI and Anthropic to power features) — each is under contracts that say they don't retain or train on your data.
  • Athletes under 13 use Yorra only through their parent's account with active parental involvement.

If you want the full picture, keep reading. If you'd rather ask a question, email contact@useyorra.com.


1. Who this policy applies to

This Privacy Policy explains how JBACK LLC (d/b/a Yorra) collects, uses, and protects information when you use the Yorra platform (the “Service”). It applies to:

  • Account Holders — the parent or guardian who signs up and pays
  • Athletes — the gymnast whose recruiting search Yorra supports
  • Visitors to useyorra.com

If you don't want your information handled this way, please don't use the Service.


2. Information we collect

2.1 Information you give us

When you sign up and use Yorra, you provide:

  • Account information: Parent's name, email, phone number, home address, and password
  • Payment information: Credit card details go directly to Stripe — we never see or store your full card number. We do see the last 4 digits, card brand, expiration, and billing zip
  • Athlete information: Athlete's name, email, phone, graduation year, gymnastics level, gym affiliation, and skills/scores you enter
  • Recruiting information: School list, coach contact history, notes, log entries, files you upload
  • Communications: Emails you send us at contact@useyorra.com, DMs to our Instagram, and any support conversations

2.2 Information we collect automatically

When you use the Service:

  • Usage data: Pages you visit, buttons you click, features you use, time spent, referral source
  • Device/technical data: IP address, browser type, operating system, device type, screen size
  • Cookies and similar technologies: Session cookies (so you stay logged in), analytics cookies (to understand what's working)

2.3 Information from third parties

We supplement your data with information from public sources to make the Service useful:

  • NCAA rosters and college program pages — public information about programs, coaches, current roster composition
  • Coach engagement signals — publicly visible activity (verified via link-tracking services when you send outreach)
  • Aggregated recruiting data — public data on class openings, program trends, geographic patterns

We do NOT purchase third-party datasets about you or your athlete from data brokers.


3. How we use your information

We use information to:

  • Run the Service — deliver features, personalize your dashboard, generate insights, provide support
  • Process payments — via Stripe (see Section 5)
  • Improve the Service — analyze usage patterns (in aggregate) to figure out what works and what doesn't
  • Communicate with you — send receipts, product updates, kickoff-call scheduling, and important account messages
  • Protect the Service — detect fraud, prevent abuse, enforce our Terms
  • Comply with the law — respond to lawful requests from government authorities

We do NOT use your information for:

  • Selling to data brokers
  • Selling to marketers
  • Sharing with college coaches or their programs
  • Sharing with other Yorra customers
  • Licensing to third parties for AI model training

4. Our AI commitments

We use AI tools inside Yorra to power features — for example, summarizing coach emails, structuring your notes, or drafting outreach templates. We take this seriously because we know parents of minors are (rightly) cautious about AI and their children's data.

What we promise:

  • We use AI providers only under zero-retention business agreements. When Yorra sends your data to OpenAI, Anthropic, or any other AI provider to power a feature, those providers process the data on our behalf and do NOT retain it, do NOT train their models on it, and do NOT use it for any other purpose. This is a contractual requirement, not an honor system.
  • We never license your data to AI companies for training. Full stop.
  • We use AI to build Yorra itself (things like Cursor, GitHub Copilot, v0, Claude, ChatGPT for engineering) but this involves our own code and internal decisions, not your athlete data.
  • We may use aggregated, de-identified patterns to improve our own features (for example, “what percentage of NCAA D1 gymnastics programs typically post class openings in September”). This never involves personally identifiable information about you or your athlete.

If we change any of these commitments in the future, we will notify you by email at least 30 days in advance and give you the ability to export your data before the change takes effect.


5. Third-party services we use

To run Yorra, we rely on a small set of trusted service providers. Each processes some of your data under contract with us:

ProviderWhat they doWhat they see
StripePaymentsCard info, billing address, payment history
SupabaseDatabase, authentication, storageAll account and athlete data, encrypted at rest
VercelWebsite hostingServer logs, IP addresses
Google WorkspaceBusiness emailYour emails to contact@useyorra.com
OpenAI / AnthropicAI feature processing (zero-retention)Only the specific data needed for a specific feature, never retained
BitlyLink tracking on coach outreachClick activity on links you send
Analytics (Google Analytics or similar)Website usage analyticsAnonymized page-view data
Email delivery serviceTransactional email (receipts, reminders)Email address and message content

We do not authorize any of these providers to use your data for their own marketing, model training, or resale purposes.


6. How we protect your information

  • Encryption in transit (HTTPS/TLS) for all data moving between your device and Yorra
  • Encryption at rest for data stored in Supabase
  • Access controls — only the founder and named team members can access production data, and only when necessary
  • No plaintext passwords — passwords are hashed
  • Payment card data is stored only by Stripe (PCI-DSS Level 1 compliant), not by Yorra
  • Regular software updates and dependency monitoring for known vulnerabilities

No system is 100% secure. In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours of confirming the incident, and we will report as required by Illinois PIPA and other applicable law.


7. Data retention and deletion

  • We retain your data for the duration of your subscription plus 90 days after cancellation to allow data export
  • After 90 days, we delete Your Content from production systems, with deletion from backups within 12 months
  • Aggregated, de-identified data (with no way to link back to you) may be retained indefinitely
  • You can request earlier deletion at any time by emailing contact@useyorra.com with subject “Delete my data” — we'll confirm within 14 days, except where retention is required by law (for example, tax records)

8. Your privacy rights

Depending on where you live, you may have specific rights over your data:

  • Access: Ask us what information we have about you
  • Correction: Ask us to fix inaccurate information
  • Deletion: Ask us to delete your data (subject to legal retention requirements)
  • Export: Get a copy of your data in a portable format (CSV)
  • Objection: Object to certain uses of your data
  • Withdraw consent: Where our use is based on consent, withdraw it

How to exercise your rights: email contact@useyorra.com with subject “Privacy Request.” We respond within 30 days.

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of “sale” or “sharing” of personal information. Yorra does not sell or share personal information as those terms are defined by CCPA.

Illinois residents: JBACK LLC is an Illinois company. This policy is written in compliance with the Illinois Personal Information Protection Act (PIPA). Yorra does not currently collect or use biometric identifiers (fingerprints, facial geometry, voice prints, etc.), so the Illinois Biometric Information Privacy Act (BIPA) does not apply to our current data practices. If this changes, we will update this policy and obtain explicit consent.


9. Children's privacy

Yorra is designed for competitive gymnastics families. Many gymnasts are minors. We take this seriously.

Account structure:

  • The parent or guardian is always the legal account holder. They sign up, provide payment, and agree to the Terms of Service and this Privacy Policy on behalf of their family.
  • Athletes may access the Service through a magic-link login provided by the parent's account. Legally, the parent's consent governs.
  • Athletes under 13: May use the Service only with active, direct parental supervision. The parent should physically sit with young athletes when they use the Service.

Compliance with COPPA:

The federal Children's Online Privacy Protection Act (COPPA) applies when an online service knowingly collects personal information from children under 13. Because the parent creates the account and provides all athlete information (including for athletes under 13), and because young athletes use the Service only through the parent's account with parental supervision, Yorra is designed to operate consistent with COPPA's parental consent framework.

If you are a parent and you believe your under-13 child has provided personal information directly to Yorra without your knowledge, please email contact@useyorra.com and we will delete it immediately.


10. Cookies

Yorra uses cookies for:

  • Session management — keeping you logged in (required)
  • Preferences — remembering your settings
  • Analytics — understanding aggregate usage patterns

You can control cookies through your browser settings. Disabling session cookies will prevent you from staying logged in. Disabling analytics cookies is fine and does not affect the Service.


11. International users

Yorra is operated from the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

Yorra does not currently serve or market to users in the European Union or United Kingdom. If we begin serving EU/UK users in the future, we will update this policy to address GDPR/UK GDPR requirements.


12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes (for example, changing our data-sharing practices or AI commitments), we will:

  • Update the “Last Updated” date at the top
  • Send you an email notifying you of the change at least 30 days before the change takes effect
  • Post a notice on useyorra.com

Non-material changes (grammar fixes, clarifications) will be posted without email notification.

If you don't agree with a material change, you can cancel your subscription before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.


13. Contact us

Questions about this Privacy Policy? Rights requests? Privacy concerns?

Email: contact@useyorra.com (subject line “Privacy” preferred)