privacy policy

Last updated: April 30, 2026

the short version

Yoinko is a self-hosted, local-first application. Your notes, files, and settings live on your own machine. We don't collect, store, or have access to any of your content.

1. what we don't collect

Your notes and pages — stored locally in a SQLite database on your machine
Your API keys — stored in your local database, never transmitted to us
Your uploaded files — saved to your local disk
Your chat history — stored locally, never leaves your machine

2. LLM provider communication

When you use AI features (chat, content generation, image generation), Yoinko sends requests directly from your server to your chosen LLM provider (OpenAI, Google, Anthropic, or a custom endpoint). These requests include:

The current page content (as context for the AI)
Your chat message
Your API key (sent to the provider, not to us)

We act as a proxy between your browser and the LLM provider — your API key never reaches the browser. We do not log, store, or inspect any of this traffic. Please review your LLM provider's privacy policy for how they handle your data.

3. the website (yoinko.ai)

This marketing website may use basic, privacy-friendly analytics to understand page views and referral sources. We do not use cookies for tracking, and we do not sell or share any data with third parties.

4. yoinko cloud

Yoinko Cloud is our managed hosted version. When you use Yoinko Cloud, your data is stored on our servers with encryption at rest and in transit. We collect only what is necessary to provide the service:

Your account email and authentication credentials
Your pages, folders, and uploaded assets (encrypted at rest)
Usage metadata for billing (e.g. storage used, API calls)

We do not read, analyze, or use your content for any purpose beyond providing the service. We do not train models on your data. You can export or delete your data at any time. The self-hosted version remains fully private with zero data collection.

5. open source transparency

Yoinko is open source under the MIT license. You can audit the entire codebase to verify these claims. There are no hidden telemetry calls, no analytics SDKs, and no phone-home behavior in the self-hosted version.

6. data security

Since Yoinko runs on your own machine, security is in your hands. We recommend:

Keeping your Node.js version up to date
Backing up the data/ directory regularly
Not exposing your Yoinko instance to the public internet without proper authentication

7. children's privacy

Yoinko is not directed at children under 13. Since the self-hosted version doesn't collect any data, there is no data about children to protect.

8. changes to this policy

We may update this policy as the product evolves. Significant changes will be noted in the changelogand on this page. The "last updated" date at the top reflects the most recent revision.

9. contact

Questions or concerns? Open an issue on GitHub or start a discussion.