Privacy & Data Governance Policy
Last Updated: February 10, 2026
1. Data Controller and Core Identity Yeah Up S.r.l., based in Rome (Via Giorgione 106), acts as the Data Controller for information processed through our Decision Intelligence Platforms (DIP) and websites. Our commitment to privacy is built on the five pillars of Decision-Grade Data: it is operational AI-ready, granular, normalized, governed, and continuous.
Contact: info@yeahup.net
2. Taxonomy of Processed Data We categorize data processing to ensure maximum "Processing Integrity," a key criterion for enterprise-grade SaaS :
Technical & Usage Data: IP addresses, browser telemetry, and technical logs required to maintain platform availability and security.
Logic Input Data: Data voluntarily entered into our calculators or decision models. For decision-support tools, this data is processed in real-time to generate outputs but is not stored unless a user explicitly saves a "Decision Scenario" or requests an auditable report.
Contact & Account Data: Names, professional emails, and company details provided for account creation or to receive "Decision Intelligence" insights.
3. Purposes and Legal Basis for Processing
We process data under the following legal bases:
Performance of a Contract: To provide the decision-orchestration services you requested.
Legitimate Interest: To improve our logic engines, ensure platform security, and reduce "decision latency" for our users.
Consent: For marketing communications and non-essential analytical cookies.
4. Automated Decision-Making and Logic Transparency (Art. 22 GDPR) As a leader in decision-grade platforms, we prioritize the "Right to Explanation." Our platforms utilize DMN Conformance Level 3 (CL3) logic engines. When our tools provide automated projections or rankings:
The Logic: Decisions are based on hierarchical decision graphs and standardized business rules (Decision Tables).
Significance: These outputs are designed for decision-support and should be validated via a "Human-in-the-Loop" protocol.
User Rights: Users have the right to obtain human intervention, express their point of view, and contest automated outputs by contacting our "Architect Team" at info@yeahup.net.
5. Security, Governance, and Processing Integrity We are transitioning our operational controls to align with SOC 2 Type 2 and ISO 27001 standards.
Data Protection: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Integrity: We perform regular "Zero-Trust" architectural reviews to ensure that the logic used to process your data remains unauthorized-change-free.
6. Your Rights and Data Subject Access Requests (DSAR)
Under GDPR, you maintain eight fundamental rights, including access, rectification, and the right to data portability.
| Right | Description | How to Exercise |
| Access | View the data we hold on you. | Email: info@yeahup.net |
| Portability | Receive your "Decision Scenarios" in machine-readable format. | Via User Dashboard |
| Erasure | Request permanent deletion of account data. | Email: info@yeahup.net |
| Explanation | Understand the logic behind an automated result. | Request "Logic Brief" |
7. Data Retention and Deletion
We adhere to the principle of "Storage Limitation." Usage logs are anonymized after 26 months, while Logic Input Data for guest users is purged immediately after the session ends to maximize privacy.