Privacy Policy

1. What we collect

Account data: email, hashed password, organization name, and billing identifiers as required by our payment processor. We do not collect government identifiers.

Usage data: model called, request and response sizes, latency, error codes, and the prompt+completion bytes for the duration of the request. Prompt+completion content is not retained beyond 30 days unless you have explicitly enabled an evaluation feature that requires retention.

Diagnostic data: IP address, user agent, and Cloudflare ray ID — used for abuse prevention and rate limiting. Retained for 90 days.

2. What we don't do

We do not train models on your prompts or completions. We do not sell user data. We do not share content with upstream providers beyond what is required to fulfill your request.

We do not retain DOSIA local-machine sandboxed file content on our servers. Sandbox contents stay on your machine.

3. Subprocessors

We rely on Cloudflare (CDN, DDoS protection), Lisahost (compute), Stripe (payments for USD billing), and the upstream model providers you address through your prompts. We publish the current list at bytespike.ai/legal/dpa and notify enterprise customers in advance of any changes.

4. Your controls

You can export, correct, or delete your account data from the Console. EU and UK users may exercise the corresponding GDPR rights at any time by emailing privacy@bytespike.ai.

California users may exercise their CCPA rights via the same channel. We do not 'sell' personal information as defined by CCPA.

5. International transfers

Our SaaS is hosted in the United States. EU/UK transfers rely on Standard Contractual Clauses; PRC transfers rely on the relevant cross-border standard contract. Self-hosted enterprise deployments do not transfer data outside your VPC.

6. Contact

Privacy enquiries: privacy@bytespike.ai · Data Protection Officer: dpo@bytespike.ai