Skip to main content
Skip to main content
Privacy Policy

Your Privacy Matters

We believe in radical transparency. This policy explains how we collect, use, and protect your information — in plain language, not legal jargon.

Last Updated: January 1, 2026Effective: January 1, 2026

The Short Version

We collect only what we need to provide our services
We never sell your personal data. Period.
Your project data and code belong to you
We use industry-standard security measures
You can request your data or deletion anytime
We're GDPR and CCPA compliant

Questions? Email privacy@byteforever.com

Table of Contents

01

Information We Collect

We collect information to provide and improve our services. Here's exactly what we collect and why.

Information You Provide Directly

Contact Information
Name, email address, phone number, company name, job title, industry
Used for: Communication, proposals, support
Project Information
Project descriptions, requirements, timelines, technical specifications, budgets
Used for: Providing development services
Communication Records
Emails, chat messages, call recordings (with consent), meeting notes
Used for: Project delivery, quality assurance
Payment Information
Billing details, invoices (processed by secure third-party processors)
Used for: We do NOT store credit card numbers

Information Collected Automatically

Device Information
Browser type, operating system, device type
Used for: Website optimization
Usage Information
Pages visited, time spent, click patterns
Used for: Improving user experience
Network Information
IP address, approximate location (city/country level)
Used for: Security, analytics
Referral Information
How you found our website
Used for: Marketing effectiveness

Information from Third Parties

Analytics Providers
Aggregated website usage data
Used for: Understanding traffic patterns
Business Partners
Referral information (with your consent)
Used for: Partnership tracking
Public Sources
Publicly available professional information
Used for: Business development
02

How We Use Your Information

To Provide Services

GDPR Legal Basis: Contract Performance
Respond to your inquiries
Deliver contracted development services
Send project updates and communications
Process payments and invoices
Provide technical support

To Improve Our Business

GDPR Legal Basis: Legitimate Interests
Analyze website usage to improve user experience
Understand client needs to improve services
Train our team on client communication
Develop new service offerings

Legal and Security

GDPR Legal Basis: Legal Obligation
Comply with legal obligations
Protect against fraud and abuse
Enforce our terms of service
Protect our rights and safety

Marketing (With Your Consent)

GDPR Legal Basis: Consent
Send newsletters and updates (you can unsubscribe anytime)
Share relevant content and insights
Notify you about new services

We never send unsolicited marketing without consent.

03

Data Sharing & Disclosure

WE DO NOT SELL YOUR PERSONAL INFORMATION. PERIOD.

Your data is not a product. We don't sell it, rent it, or trade it with third parties for their marketing.

Service Providers We Use

Cloud Hosting
AWS, Google Cloud, DigitalOcean
Hosting websites and applications
Email Services
Google Workspace
Business email communication
Analytics
Google Analytics (anonymized)
Understanding website usage
Payments
Stripe, PayPal
Processing invoices securely

All providers are bound by contract to protect your data and use it only for specified purposes.

Legal Requirements

To comply with applicable law or legal process
To respond to valid legal requests from authorities
To protect our rights, privacy, safety, or property
To enforce our terms of service

Business Transfers

If ByteForever is acquired or merged, your data may transfer to the new entity with the same protections. We'll notify you before any such transfer.

04

Data Security

Encryption

Data encrypted in transit (HTTPS/TLS)
Data encrypted at rest where applicable
Secure key management practices

Access Controls

Role-based access (employees only access what they need)
Multi-factor authentication for sensitive systems
Regular access reviews and audits

Security Practices

Regular security assessments
Secure development practices (OWASP guidelines)
Vulnerability scanning and patching
Security awareness training for team

Vendor Security

Service providers vetted for security compliance
Data processing agreements in place
Regular vendor security reviews

Incident Response

Documented incident response procedures
Breach notification within 72 hours (GDPR requirement)
Root cause analysis and remediation

No system is 100% secure. We work hard to protect your data but cannot guarantee absolute security. If you discover a security issue, please report it to security@byteforever.com immediately.

05

Your Rights & Choices

Your Data Rights (GDPR & CCPA)

AccessWithin 30 days

Request a copy of your personal data we hold

CorrectionWithin 30 days

Request correction of inaccurate or incomplete data

DeletionWithin 30 days

Request deletion of your data (subject to legal requirements)

PortabilityWithin 30 days

Receive your data in a portable, machine-readable format

Opt-OutImmediate

Unsubscribe from marketing communications at any time

ObjectWithin 30 days

Object to certain processing activities

RestrictWithin 30 days

Request restriction of processing in certain circumstances

How to Exercise Your Rights

Email: privacy@byteforever.com
Subject: "Data Rights Request - [Your Request Type]"
We'll verify your identity and respond within 30 days. No fees for reasonable requests.

06

Data Retention

Active ClientsDuration of engagement + 2 years

Project data, communication recordsReference, support, legal compliance

Completed Projects5 years after completion (financial: 7 years)

Project documentation, financial recordsLegal compliance, warranty support

Prospective Clients2 years from last contact

Inquiry dataFollow-up, if relationship resumes

Marketing ContactsUntil you unsubscribe

Newsletter subscribersSending updates you requested

Website DataAnalytics: 26 months, Server logs: 90 days

Usage data, access logsSecurity, performance analysis

When retention period expires, data is securely deleted or anonymized. Backups are purged within 90 days. You can request earlier deletion (subject to legal holds).

07

International Data Transfers

ByteForever Technologies Private Limited is based in India. We serve clients globally in USA, UK, EU, Australia, and Middle East.

For EU/UK Residents

Standard Contractual Clauses (SCCs) where required
Data processing agreements with all processors
Compliance with GDPR transfer requirements

For All Clients

Encryption in transit and at rest
Access controls regardless of location
Same security standards globally

India's Data Protection Framework

ByteForever complies with India's Digital Personal Data Protection Act 2023 (DPDP Act), which provides comprehensive data protection similar to GDPR. The DPDP Act includes:

Data Principal Rights (access, correction, deletion, and data portability)
Data security and protection obligations for Data Fiduciaries
Breach notification requirements (within 72 hours)
Cross-border data transfer provisions with adequate safeguards
Penalties for non-compliance and data protection standards

By using our services, you consent to the transfer of your information to India and other countries where we operate.

08

Cookies & Tracking

Cookies are small text files stored on your device when you visit websites. We use them to improve your experience.

Cookies We Use

Essential CookiesRequired

Session management, security

Cannot be disabled, no consent required

Analytics CookiesOptional

Google Analytics (anonymized IP) - understanding website usage

You can opt-out via browser settings

Preference CookiesOptional

Remember your settings (theme, etc.)

You can opt-out via browser settings

We Do NOT Use

Third-party advertising cookies
Social media tracking pixels
Cross-site tracking
Fingerprinting technologies

Do Not Track (DNT)

We respect Do Not Track browser signals for optional analytics cookies. When DNT is enabled:

Essential cookies still function (required for security and functionality)
Analytics cookies (Google Analytics) are disabled
No third-party tracking occurs
Your privacy preference is honored

Managing Cookies in Your Browser

Google Chrome

Settings → Privacy and Security → Cookies and other site data

Learn more →
Mozilla Firefox

Settings → Privacy & Security → Cookies and Site Data

Learn more →
Safari

Preferences → Privacy → Manage Website Data

Learn more →
Microsoft Edge

Settings → Cookies and site permissions

Learn more →

You can control cookies through browser settings or our cookie consent banner.

09

Project Data Handling

When you engage us for software development:

Source code: Belongs to you, stored in your repository
Documentation: Transferred to you at project end
Test data: Anonymized/synthetic, never your production data
Access: Revoked upon project completion
Team access: All team members sign confidentiality agreements before project assignment
Data segregation: Your project data is isolated from other clients

We don't retain your project code after handover unless you request ongoing maintenance.

Additional Confidentiality Protections

Non-Disclosure Agreements (NDAs) available upon request before Discovery Call
Custom data handling agreements for enterprise clients
Project-specific confidentiality terms in Master Service Agreement
Background-verified team members with signed confidentiality clauses

Industry-Specific Compliance

FinTech Clients

PCI-DSS compliant data handling for payment-related projects. No storage of cardholder data on our systems.

Healthcare Clients

HIPAA-compliant practices for PHI when applicable. Business Associate Agreements available.

Enterprise Clients

SOC 2 compliant practices. Custom data handling agreements available.

10

Contact Us

Questions about this privacy policy? We're here to help.

Privacy Inquiries

privacy@byteforever.com

Response time: Within 48 hours

General Inquiries

hello@byteforever.com

ByteForever Technologies Private Limited

Bengaluru, Karnataka, India

For EU/UK Residents

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data appropriately.

European Union
Your national Data Protection Authority
Find your EU supervisory authority
United Kingdom
Information Commissioner's Office (ICO)
Visit ICO website

This does not affect your right to seek judicial remedy or contact us directly to resolve the issue.