Privacy Policy

Last updated: July 5, 2026

We believe privacy is a fundamental right, not a feature. Yotara is designed so that you — and only you — control your data.


Data Collection

Yotara does not collect any personal data. Because Yotara is self-hosted, all data — your tasks, projects, labels, settings, and user information — stays on your own server. We have no access to it.

The marketing site (yotara.website) does not use analytics, tracking scripts, or cookies. No page visits are recorded.


Cookies

The Yotara app itself uses a single session cookie for authentication. This cookie is essential for the app to function and is never used for tracking.

The marketing site sets no cookies.


Third-Party Services

The Yotara app itself (running on your server) connects to no external services. No telemetry, no analytics, no third-party data processing.

This marketing site loads Tailwind CSS from a CDN and serves font files from Google Fonts. These are content-delivery and typography services only — no tracking, no analytics, no cookies. Blog post images are served from Unsplash.


Security

Yotara follows security best practices:

  • Passwords are hashed using strong cryptographic algorithms.
  • Recovery codes are stored as secure hashes.
  • Session tokens are cryptographically random.
  • The admin interface requires authentication.

Since you self-host, your security is also in your hands. Keep your server updated and use strong passwords.


Contact

If you have questions about privacy or security, open an issue on GitHub or email privacy at yotara dot website.


This policy is simple by design. If we ever need to change it, we will post the update here and note it in the changelog.