Skip to main content
Y
Yusagi

Privacy Policy

Last updated: January 27, 2026

1. About This Policy

This Privacy Policy explains how muratov.io ("we," "our," or "us") handles information in connection with Yusagi, our audit workpaper generation software. Yusagi operates on a dedicated installation model – each client receives their own isolated software installation, not a shared cloud service.

This policy applies to information we collect during the onboarding process, account administration, and support interactions. It does not govern the audit data you process within your dedicated Yusagi installation, which remains under your direct control.

2. The Dedicated Installation Model

Unlike shared software-as-a-service platforms, Yusagi provides each client with a dedicated, isolated installation. This means:

  • Your data stays on your installation. Audit workpapers, client files, and PBC items you upload are stored exclusively within your dedicated environment.
  • No multi-tenancy. Your installation does not share databases, storage, or processing resources with other Yusagi users.
  • You control your data. We do not access, process, or analyze the audit content within your installation except when providing requested technical support with your explicit consent.
  • Deletion is straightforward. When you terminate your installation, all data within it is deleted. We retain no copies.

3. Information We Collect

We collect limited information necessary to provision and support your dedicated installation:

Account Information

  • Contact details (name, email, phone) of authorized users
  • Professional credentials and firm information
  • Billing and payment information (processed by third-party payment providers)

Technical Information

  • Installation configuration and status
  • Error logs and diagnostic data (anonymized, no audit content)
  • Usage metrics (feature usage patterns, not document contents)

Communication Records

  • Support requests and correspondence
  • Onboarding communications
  • Feedback and feature requests

4. What We Do Not Collect

To be clear about the boundaries of our access:

  • We do not collect, access, or process your audit workpapers
  • We do not access client names, financial data, or engagement details
  • We do not analyze document contents for any purpose
  • We do not use your audit data for AI training or model improvement

Your audit content remains entirely within your dedicated installation and under your control.

5. How We Use Information

We use the limited information we collect to:

  • Provision and maintain your dedicated installation
  • Provide technical support when requested
  • Send important updates about your installation (security patches, updates)
  • Process payments and maintain billing records
  • Improve our software based on aggregated, anonymized usage patterns
  • Comply with legal obligations

6. Data Security

Your dedicated installation includes:

  • AES-256 encryption for data at rest within your installation
  • TLS 1.3 encryption for all data in transit
  • Isolated infrastructure with no shared components
  • Regular security updates deployed to your installation
  • Access controls and authentication mechanisms

Account information we maintain (contact details, billing) is protected using industry-standard security measures and stored separately from any installation data.

7. Data Retention

Within your installation: Data is retained as long as your installation is active. Upon termination, all installation data is deleted within 30 days.

Account records: We retain contact and billing records for the duration of our business relationship plus the period required by applicable tax and accounting regulations (typically 7 years for financial records).

Support communications: Retained for 3 years after the last communication to maintain service history and provide consistent support.

8. Third Parties

We engage limited third-party services:

  • Infrastructure providers: Host your dedicated installation (data stays within your isolated environment)
  • Payment processors: Handle payment transactions (we do not store full payment card details)
  • Email services: Deliver transactional emails and support communications

These providers are bound by data processing agreements. They do not have access to audit content within your installation.

9. Your Rights

Regarding information we hold about you (account records, communications), you may:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion (subject to legal retention requirements)
  • Object to certain processing activities
  • Request data portability where applicable

Regarding data within your installation: you have direct control and can export, modify, or delete it at any time through the application.

10. Professional Confidentiality

We recognize that CPAs and auditors have professional confidentiality obligations. The dedicated installation model is designed to support these requirements by ensuring:

  • Client data remains under your control
  • We cannot access engagement content without explicit invitation
  • No data commingling with other practitioners' information
  • Audit trails for access and modifications within your installation

11. Contact

For privacy-related inquiries or to exercise your rights, contact us:

  • Through the contact form at /contact
  • Via your dedicated support channel (for active installations)

We aim to respond to all privacy requests within 30 days.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For active installations, we will notify you via email of material changes at least 30 days before they take effect.

© 2026 muratov.io. All rights reserved.