Skip to content
Last updated: February 2026

Privacy Policy

At Y-ERP Systems & Technologies, we are committed to protecting your privacy and ensuring the security of your personal and business data. This policy explains how we collect, use, store, and safeguard your information when you use our platform and services.

1. Introduction

Y-ERP Systems & Technologies ("Y-ERP," "we," "us," or "our") operates the cloud-based AI-native enterprise resource planning platform available at y-erp.co (the "Platform"). Our Platform provides integrated modules for customer relationship management (CRM), finance, human resources, and AI-powered business insights.

This Privacy Policy applies to all users of the Platform, including organization administrators, team members, and visitors to our website. By accessing or using our services, you acknowledge that you have read and understood this policy. If you do not agree with the practices described herein, please discontinue use of the Platform.

2. Information We Collect

We collect information necessary to provide, maintain, and improve our services. The types of information we collect include:

2.1 Information You Provide Directly

  • Account information: Name, email address, phone number, job title, and organization name when you register for an account or are invited to join an organization.
  • Organization and business data: Customer records, financial transactions, invoices, employee records, project data, and other business information you enter into the Platform as part of normal use.
  • Payment information: Billing address, payment method details, and transaction history. Note that payment card details are processed by our third-party payment processor and are never stored on our servers.
  • Communications: Messages, feedback, support requests, and any other correspondence you send to us.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken, timestamps, frequency of use, and interaction patterns within the Platform.
  • Device information: Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Network information: IP address, approximate geographic location (derived from IP address), referring URLs, and internet service provider.
  • Log and diagnostic data: Error logs, performance metrics, and diagnostic information used to maintain and improve system reliability.

2.3 Information from Third Parties

  • Authentication providers: When you sign in using a third-party authentication service (such as Google or Microsoft via our authentication provider, Clerk), we receive basic profile information as authorized by you during the sign-in process.
  • Integrations: If your organization connects third-party services to the Platform, we may receive data from those services as configured by your organization administrator.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Platform

  • To create and manage your account and organization workspace.
  • To deliver the CRM, finance, HR, and other modules you and your organization use.
  • To process transactions and manage billing and subscriptions.
  • To provide customer support and respond to your requests.

3.2 AI-Powered Features and Insights

Our Platform includes AI-powered features designed to help your organization make better decisions. It is important to understand how we use data in connection with these features:

  • AI features analyze your organization's data solely within the scope of your organization. Your data is never combined with data from other organizations to train AI models.
  • AI-generated insights, predictions, and recommendations are derived from your organization's own data and are accessible only to authorized members of your organization.
  • We may use anonymized, aggregated, and de-identified data across the Platform to improve the overall quality and accuracy of our AI models. This data cannot be traced back to any individual or organization.
  • You retain full control over whether AI features are enabled or disabled for your organization.

3.3 Improvement and Development

  • To analyze usage patterns and trends in order to improve Platform features, performance, and user experience.
  • To conduct research and development for new products and features.
  • To diagnose technical problems and maintain system reliability.

3.4 Communication

  • To send you service-related notices, including security alerts, system updates, and changes to our terms or policies.
  • To send product updates, feature announcements, and educational content relevant to your use of the Platform. You may opt out of non-essential communications at any time.

3.5 Security and Legal Compliance

  • To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • To comply with applicable legal obligations, resolve disputes, and enforce our agreements.

4. Data Storage & Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it.

4.1 Infrastructure and Hosting

  • The Platform is hosted on enterprise-grade cloud infrastructure provided by Vercel and Supabase, which maintain rigorous security certifications and undergo regular independent audits.
  • Data is stored in secure, geographically distributed data centers with redundant systems for high availability and disaster recovery.

4.2 Encryption

  • All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Sensitive data at rest is encrypted using AES-256-GCM encryption, which is among the strongest encryption standards available.
  • Authentication credentials and secrets are encrypted and managed through dedicated secure key management systems.

4.3 Multi-Tenant Data Isolation

Y-ERP operates on a multi-tenant architecture with strict organization-level data isolation. This means:

  • Each organization's data is logically separated and isolated from all other organizations on the Platform.
  • Access controls enforce that users can only access data belonging to their own organization, governed by role-based permissions configured by organization administrators.
  • No organization can view, access, or interact with another organization's data under any circumstances during normal platform operation.

4.4 Additional Security Measures

  • Regular security assessments and vulnerability testing.
  • Continuous monitoring of systems for suspicious activity and unauthorized access attempts.
  • Strict access controls for our internal team, following the principle of least privilege.
  • Incident response procedures to promptly address and communicate any security events.

4.5 Data Retention

We retain your data for as long as your account is active or as needed to provide you with our services. If you or your organization administrator requests account deletion, we will delete or anonymize your personal data within a reasonable timeframe, except where we are required by law to retain certain information or where retention is necessary for legitimate business purposes such as resolving disputes or enforcing our agreements.

5. Data Sharing & Third Parties

We do not sell your personal or business data to third parties. We share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers who assist us in operating and delivering the Platform. These providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security measures. Our key service providers include:

  • Clerk — Authentication and user identity management.
  • Vercel — Application hosting and content delivery.
  • Supabase — Database hosting and backend services.
  • Payment processors — Secure handling of payment transactions.

5.2 Organization Administrators

If you use the Platform as a member of an organization, please be aware that your organization's administrators may have the ability to access, modify, or delete data within the organization's workspace, including data associated with your account within that organization.

5.3 Legal Requirements

We may disclose your information if required to do so by applicable law, regulation, legal process, or governmental request. We will make reasonable efforts to notify you of such requests where legally permissible.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you enable a third-party integration within the Platform.

6. Your Rights

We respect your rights regarding your personal data. Depending on your jurisdiction, you may have some or all of the following rights:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to correction: You may request that we correct inaccurate or incomplete personal data.
  • Right to deletion: You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to restrict processing: You may request that we limit the ways in which we use your personal data.
  • Right to data portability: You may request a copy of your data in a structured, commonly-used, machine-readable format.
  • Right to object: You may object to certain types of processing, such as direct marketing.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at support@y-erp.co. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may ask you to verify your identity before processing your request.

Organization administrators can also export, modify, and delete organization data directly through the Platform's administrative settings.

7. Cookies & Similar Technologies

We use cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files placed on your device that help us recognize you and remember your preferences.

7.1 Types of Cookies We Use

  • Essential cookies: Required for the Platform to function properly. These include cookies for authentication, session management, and security. These cannot be disabled.
  • Functional cookies: Used to remember your preferences and settings (such as language or theme) to enhance your experience.
  • Analytics cookies: Help us understand how users interact with the Platform so we can improve features and performance. These collect anonymized usage data.

7.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies, although doing so may affect the functionality of the Platform. For analytics cookies, you may opt out through your account settings or browser preferences.

8. Children's Privacy

The Platform is designed for business use and is not intended for individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take prompt steps to delete that information. If you believe a child has provided us with personal data, please contact us at support@y-erp.co.

9. International Data Transfers

As a cloud-based platform, your data may be processed and stored in countries other than your own. Our infrastructure providers operate data centers in multiple regions worldwide. Wherever your data is transferred, we ensure that appropriate safeguards are in place to protect it in accordance with this Privacy Policy and applicable data protection laws. These safeguards include contractual obligations with our service providers, encryption in transit and at rest, and adherence to recognized data protection frameworks.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you through the Platform (such as an in-app notification or banner) or via email to the address associated with your account.
  • Where required by applicable law, seek your consent before applying material changes to the processing of your data.

We encourage you to review this policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out:

Y-ERP Systems & Technologies

support@y-erp.co
We aim to respond to all inquiries within 5 business days.

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority or supervisory body.