Skip to main content
Yorker logo
Sign InJoin Waitlist

Privacy Policy

Our privacy policy and how we use your data

Effective: March 1, 2026

yorker.live ("Company", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Yorker platform, including our website, mobile applications, AI coaching tools, and all related services (collectively, the "Platform").

This policy is published in compliance with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Data Controller

yorker.live is the Data Fiduciary (as defined under the DPDP Act, 2023) responsible for processing your personal data. Our contact details are provided in Section 15 below.

2. Information We Collect

We collect information that you provide directly, information generated through your use of the Platform, and information from third-party sources. The categories of data we collect include:

2.1 Account and Profile Information

  • Full name, email address, phone number, and date of birth
  • Profile photograph and biography
  • Cricket-specific profile data: playing role (batsman, bowler, all-rounder, wicketkeeper), batting and bowling style, skill level, and preferred formats
  • Team account information, including team name and team membership
  • Authentication credentials (managed securely through our authentication provider)

2.2 Cricket Performance Data

  • Match statistics, scores, and performance history that you input or that are imported from connected services
  • Skill assessment results and progress tracking data
  • Practice session logs, drill completion records, and training plans
  • AI-generated performance analytics, technique scores, and improvement recommendations

2.3 Video and Image Uploads

  • Photographs and videos uploaded for pose analysis, technique review, and AI-powered coaching feedback
  • Pose estimation data and body-landmark coordinates extracted from your uploads through computer vision processing
  • AI-generated comparison images and annotated feedback visuals

2.4 AI Interaction Data

  • Chat messages, queries, and prompts submitted to our AI coaching assistant
  • AI-generated responses, drill plans, scenario analyses, and coaching feedback
  • Voice inputs and transcriptions when using voice-based coaching features
  • Conversation history and context used to personalise your coaching experience

2.5 Payment Information

  • Billing name, billing address, and payment method details
  • Transaction records, subscription history, and invoice data
  • Note: Full payment card details are processed and stored by our payment processor (Razorpay) and are never stored on our servers. We retain only the last four digits of your card and a transaction reference for record-keeping.

2.6 Technical and Usage Data

  • Device information: device type, operating system, browser type and version, screen resolution
  • Network information: IP address, approximate location (city/region level), internet service provider
  • Usage data: pages visited, features used, time spent, click patterns, search queries within the Platform
  • Error logs, crash reports, and performance metrics
  • Cookies and similar tracking technologies (see Section 10)

3. How We Use Your Information

We process your personal data for the following lawful purposes, based on your consent or our legitimate interests:

PurposeData Used
Providing the PlatformAccount data, performance data, uploads, AI interactions
AI coaching and analysisVideos, images, chat logs, performance data, voice inputs
PersonalisationProfile data, usage patterns, skill level, performance history
Payment processingBilling information, transaction records
CommunicationEmail, phone number (for account notifications, updates, and support)
Platform improvementUsage data, error logs, aggregated analytics
AI model improvementAnonymised and aggregated performance data and interaction patterns
Security and fraud preventionIP address, device data, authentication logs
Legal complianceAny data required to comply with applicable laws and regulations

4. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on the following grounds:

  • Consent: Where you have given clear, informed consent for specific processing activities (e.g., uploading videos for analysis, using AI coaching features, receiving marketing communications).
  • Contractual necessity: Processing required to provide you with the Platform services, manage your subscription, and fulfil our obligations under the Terms of Service.
  • Legitimate uses: As permitted under the DPDP Act for certain legitimate purposes, including platform security, fraud prevention, and enforcement of our terms.
  • Legal obligation: Processing necessary to comply with applicable Indian laws, including tax regulations, court orders, and regulatory requirements.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Account data: Retained for the duration of your account. Upon account deletion, personal data is erased within 90 days, except where retention is required by law.
  • Performance and training data: Retained for the duration of your account to maintain your progress history. Deleted within 90 days of account deletion.
  • Video and image uploads: Retained while your account is active. Original uploads are deleted within 30 days of account deletion. Derived pose-analysis data may be retained in anonymised form.
  • AI chat logs: Retained for up to 12 months for service improvement and to maintain conversation context. You may delete individual conversations at any time.
  • Payment records: Retained for a minimum of 8 years as required under the Income Tax Act, 1961 and the GST Act.
  • Technical logs: Retained for up to 12 months for security, debugging, and performance monitoring purposes.
  • Anonymised and aggregated data: May be retained indefinitely as it does not constitute personal data.

6. Your Rights Under the DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the following rights:

  • Right to Access: You may request a summary of your personal data being processed and the processing activities being carried out.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data. You can update most account information directly from your profile settings.
  • Right to Erasure: You may request the deletion of your personal data. We will comply within 30 days, subject to any legal retention obligations.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. This will not affect the lawfulness of processing carried out before withdrawal. Withdrawal may result in the loss of access to certain features.
  • Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act.
  • Right to Grievance Redressal: You may raise concerns with our Data Protection Officer (see Section 15). If unsatisfied with our response, you may file a complaint with the Data Protection Board of India.

To exercise any of these rights, please contact our Data Protection Officer through our contact form. We will respond to your request within 30 days.

7. Data Security

We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Our security measures include:

  • Encryption: All data is encrypted in transit using TLS 1.2 or higher. Sensitive data is encrypted at rest using AES-256 encryption.
  • Access controls: Role-based access control (RBAC) ensures that only authorised personnel can access personal data, and only to the extent necessary for their role.
  • Row-Level Security: Our database enforces row-level security policies to ensure users can only access their own data.
  • Authentication: We support secure authentication methods including email-based one-time passwords and OAuth providers.
  • Monitoring: We maintain audit logs and conduct regular security reviews to detect and respond to potential threats.
  • Incident response: We have an incident response plan in place and will notify affected users and the Data Protection Board of India of any data breach as required under the DPDP Act.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Third-Party Services and Data Sharing

We use trusted third-party service providers to operate the Platform. Each provider processes data on our behalf, under our instructions, and subject to data processing agreements. The categories of providers we use include:

  • Cloud infrastructure & hosting: We use third-party services for database hosting, user authentication, file storage, application hosting and CDN delivery, object storage for media assets, and rate limiting and caching.
  • AI & machine learning: We route coaching queries, technique analysis, and content generation through multiple AI model providers. We also use specialised services for text embeddings (knowledge base search), AI image generation, and AI observability and quality monitoring. AI interaction metadata shared with observability tools is anonymised.
  • Media processing: We use third-party services for video hosting, streaming, and playback, as well as text-to-speech for voice coaching features.
  • Payments: Payment processing is handled by Razorpay. Full payment card details are processed and stored by Razorpay and are never stored on our servers. We retain only the last four digits of your card and a transaction reference.
  • Analytics & monitoring: We use third-party services for product analytics (anonymised usage events) and error monitoring (error logs, stack traces, device metadata).

Most of our service providers are located in the United States; our payment processor is based in India. See Section 9 for details on international data transfers.

As the Platform evolves, we may engage additional service providers in categories such as messaging, video analysis, and AI-generated video. We will update this policy when new categories of data processing are introduced.

We may also share your data:

  • With law enforcement or government authorities when required by applicable Indian law, including under the Information Technology Act, 2000 or the Code of Criminal Procedure.
  • To protect our rights, safety, or property, or the rights, safety, or property of our users or the public.
  • In connection with a merger, acquisition, or sale of all or a portion of our assets, in which case you will be notified via email or a prominent notice on the Platform.

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own marketing purposes.

9. International Data Transfers

Several of our third-party service providers are located outside India, primarily in the United States and the European Union. When your data is transferred outside India, we ensure that:

  • Transfers are made in compliance with the DPDP Act, 2023 and any rules or notifications issued by the Central Government regarding permissible jurisdictions for data transfer.
  • We enter into data processing agreements with all third-party processors that include appropriate data protection obligations.
  • We do not transfer data to any country or territory that has been restricted by the Central Government under the DPDP Act.
  • Appropriate technical and organisational safeguards are in place to protect your data during and after transfer.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, secure, and improve the Platform. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

11. Children's Privacy

The Platform is designed for cricket enthusiasts of all ages. However, we take the privacy of minors seriously:

  • Under 18: If you are under 18 years of age, a parent or legal guardian must create your account, accept these terms on your behalf, and provide verifiable consent for the collection and processing of your personal data. The parent or guardian is responsible for ensuring the accuracy of the minor's data and for supervising the minor's use of the Platform.
  • Parental controls: Parents and guardians may review, correct, or request deletion of their child's personal data through our contact form.
  • Consent verification: In accordance with the DPDP Act, 2023, we implement reasonable measures to verify that consent for a minor's data has been provided by a parent or legal guardian.
  • Restrictions: We do not knowingly process the personal data of children under the age of 18 without verifiable parental consent. We do not engage in behavioural tracking or targeted advertising directed at minors.

12. Automated Decision-Making

The Platform uses AI and automated processing to provide coaching feedback, technique analysis, and personalised recommendations. These automated processes:

  • Analyse your uploaded videos and images to provide technique feedback and pose comparisons.
  • Generate personalised drill plans and practice recommendations based on your performance data and stated goals.
  • Provide match scenario analysis and tactical suggestions.

These automated outputs are advisory in nature and do not have legal or similarly significant effects on you. You are not required to follow any AI-generated recommendation. If you have concerns about automated processing of your data, you may contact our Data Protection Officer.

13. Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. There is currently no universally accepted standard for how websites should respond to DNT signals. However, we respect your privacy choices and provide cookie preference controls on our Platform regardless of your browser's DNT setting.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be communicated to you via email or through a prominent notice on the Platform at least 15 days before they take effect. Your continued use of the Platform after the effective date of the revised policy constitutes your acceptance of the changes.

We encourage you to review this policy periodically. The "Effective date" at the bottom of this page indicates when the policy was last updated.

15. Contact Information and Data Protection Officer

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, including any matter for our Data Protection Officer or our Grievance Officer under the IT (Intermediary Guidelines) Rules, 2021, please reach us through our contact form.

We will acknowledge your request within 48 hours and aim to resolve it within 30 days. If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India.