Privacy Policy

Last updated: 18 June 2026
Privacy by design. BytesApp is built around data minimization. We collect only what is needed to run the Service, we do not sell personal data, and the data tied to a connected account exists only while that account is connected — disconnect or delete it, and that data is removed from the live Service.
Contents
  1. Who is responsible
  2. Data we collect
  3. How we use data
  4. Legal bases (GDPR)
  5. Controller & processor
  6. Retention & deletion
  7. Sharing & sub-processors
  8. International transfers
  9. Security
  10. Your GDPR rights
  11. Your US / CCPA rights
  12. Cookies & local storage
  13. Children
  14. Changes
  15. Contact

1. Who is responsible

This policy explains how Bytescare Inc. ("Bytescare", "we", "us") handles personal data in connection with BytesApp (the "Service"). Our registered address is 16192 Coastal Highway, Lewes, DE 19958, USA, and you can contact us at contact@bytescare.com for any privacy matter, including data-subject requests.

2. Data we collect

We keep the categories we collect deliberately narrow:

  • Sign-in identity. Your email address (used to send one-time codes) and, if you provide it, your display name and organization.
  • Authentication data. Short-lived one-time codes and an encrypted, HTTP-only session token. We do not store passwords because the Service does not use them.
  • Connected-account data. When you link a messaging account, we process the data needed to display and operate it in the console — such as chats, messages and media, contacts, and group membership. This data is processed on your instruction to provide the Service.
  • Operational & audit logs. Limited records of actions taken through the Service (for example, that a message or group action was performed, by which authorized user, and when), kept for security and accountability.
  • Technical data. IP address, approximate location, device/browser information, and timestamps, used to operate the Service securely and prevent abuse.
  • API usage. Metadata about API keys and requests, where you use the API.

We do not sell personal data and we do not use your messaging content for advertising or to train models.

3. How we use data

  • to provide, operate, and maintain the Service and its features;
  • to authenticate you and keep your account secure;
  • to detect, prevent, and investigate fraud, abuse, and security incidents;
  • to maintain the audit trail you and your organization rely on;
  • to provide support and respond to your requests; and
  • to comply with legal obligations and enforce our Terms.

4. Legal bases (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to deliver the Service you sign in to and use;
  • Legitimate interests — to keep the Service secure, prevent abuse, and maintain audit logs, balanced against your rights;
  • Consent — where required for optional processing (which you may withdraw at any time); and
  • Legal obligation — where we must process data to comply with the law.

5. Controller & processor

For your sign-in identity and account, Bytescare is the data controller. For the content of the messaging accounts you connect — the messages, contacts, and groups you operate through the console — you (or your organization) are the controller, and Bytescare acts as a processor on your behalf, processing that data only on your instructions to provide the Service. As controller of that content, you are responsible for having a lawful basis to message your recipients and for providing any notices and obtaining any consents the law requires.

6. Retention & deletion

  • One-time codes expire within minutes and are not retained after use.
  • Connected-account data is processed to operate the console and is tied to the connection. When you disconnect or delete a connected account (or your account), the associated data is removed from the live Service. Browser-side caches you create are cleared when you sign out or clear them.
  • Audit and security logs are kept only for a limited period appropriate to their security and accountability purpose, then deleted, unless a longer period is required by law.
  • You can ask us to delete your personal data at any time (see Your rights). We will honor verified requests, subject to limited exceptions where the law requires us to retain certain records.

7. Sharing & sub-processors

We share personal data only as needed to run the Service, and never to sell it:

  • Infrastructure & messaging-gateway providers that host the Service and relay messages to and from the Third-Party Platforms, under contracts that require appropriate safeguards;
  • Legal & safety — where we must comply with law, enforce our Terms, or protect rights, property, or safety; and
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

When you connect a third-party messaging account, your data also flows to and from that Third-Party Platform (for example, WhatsApp or Telegram) under that platform's own terms and privacy policy, which we do not control.

8. International transfers

We are based in the United States and may process data in the U.S. and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed.

9. Security

We use technical and organizational measures appropriate to the risk, including passwordless email-OTP sign-in, encrypted HTTP-only sessions, server-side handling of platform credentials and keys (which are never exposed to your browser), access controls, and per-server quotas. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

10. Your GDPR rights

If you are in the EEA, UK, or a comparable jurisdiction, you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data ("right to be forgotten");
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent at any time, without affecting prior processing; and
  • lodge a complaint with your local supervisory authority.

To exercise any right, email contact@bytescare.com. We may need to verify your identity, and we will respond within the time limits the law requires.

11. Your US / CCPA rights

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request deletion or correction, and to not be discriminated against for exercising these rights. We do not sell or "share" personal information as those terms are defined under the CCPA/CPRA. To make a request, email contact@bytescare.com.

12. Cookies & local storage

We use a strictly necessary, encrypted session cookie to keep you signed in. The app also stores data in your browser's local storage (for example, a cache of chats and your preferences) to make the console fast and usable. These are essential to the Service; clearing them or signing out removes them. We do not use third-party advertising cookies.

13. Children

The Service is intended for business use by adults and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

14. Changes

We may update this policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice where appropriate.

15. Contact

For any privacy question or request, contact Bytescare Inc., 16192 Coastal Highway, Lewes, DE 19958, USA, or email contact@bytescare.com.