yaanyaan

End User Privacy

How yaan processes data when you visit a protected site

This notice explains what happens when you visit a website protected by yaan. If you're a yaan customer, please see the Privacy Policy instead.

For privacy questions, email support@yaan.ch.

Introduction

Yaan is an invisible bot protection service operated by Zenith Hosting KLG (Switzerland). When you visit a website that uses yaan to protect against bots and automated abuse, yaan checks whether your traffic appears human or automated. This notice explains what data is involved and how it's handled.

Who Does What

  • The website you visit is the data controller — they decide to use yaan and determine the purposes of bot detection on their site.
  • Yaan (Zenith Hosting KLG) is the data processor — we process data strictly on the website operator's instructions to detect and block automated traffic.

Processing is based on the website operator's legitimate interest in:

  • Preventing bot abuse, fraud, and credential stuffing
  • Protecting their service from automated attacks
  • Ensuring the security and integrity of their website

Under both the GDPR (Art. 6(1)(f)) and the Swiss nFADP, legitimate interest is a valid legal basis for this type of security processing.

What We Check

When you visit a protected site, yaan evaluates behavioral and technical signals to determine whether the traffic originates from a human or a bot. This evaluation includes:

SignalPurpose
Browser environment attributesDistinguishing real browsers from headless/automated ones
IP address (hashed)Identifying known malicious IP ranges and request velocity

Yaan does not:

  • Set cookies or use any client-side storage
  • Access or read other tabs, browsing history, or personal files
  • Intercept, modify, or block any of your communications

What We Don't Do

  • No cookies: Yaan does not set any cookies. Our detection is entirely stateless.
  • No automated decision-making with legal effect: Our verdicts (allow, challenge, block) are security decisions, not decisions that produce legal effects or similarly significant effects on you.

Data Retention

All signals we receive (browser attributes, hashed IP) and data the data controller sends to us (user IDs, email, phone) are retained for 120 days after the last recorded activity. Data is then permanently deleted.

Data Storage and Transfers

Yaan's infrastructure is hosted by Scaleway in France and Bunny in Slovenia.

For a complete list of infrastructure providers, see our sub-processors page.

Data Breaches

If a data breach occurs that involves personal data processed on behalf of a website operator, yaan will notify the affected website operator promptly so they can fulfill their notification obligations to supervisory authorities and affected individuals as required by law.

Questions?

If you have questions about how yaan processes your data when visiting a protected site, email support@yaan.ch.

Subprocessors

Third-party processors used by yaan services

On this page

IntroductionWho Does WhatLegal BasisWhat We CheckWhat We Don't DoData RetentionData Storage and TransfersData BreachesQuestions?