Byter Privacy Policy
Last updated: March 4, 2026. This policy explains what Byter collects, how it is used (including AI processing), and how you can exercise privacy rights.
1) Quick Summary (Plain‑English)
- Byter is a training app. We collect the data needed to run practice, grading, duels, and progress tracking.
- We do not sell personal information and we do not run advertising or cross‑site behavioral tracking on the marketing website.
- Some features use AI. That means relevant inputs (like code/answers and prompt context) may be sent to third‑party model providers for processing.
- You can request deletion of your account and personal data via Delete Account.
This summary is for convenience; the full policy below controls.
2) Scope and Definitions
This policy applies to the Byter mobile application and our marketing/support website (collectively, the "Service").
- Personal Data means information that identifies or can reasonably be linked to an individual (directly or indirectly).
- User Content means content you submit to the Service, such as code, answers, notes, or messages.
- Processor / Service Provider means a vendor that processes data on our behalf to operate the Service.
3) Data We Collect
| Category | Examples | Source | How We Use It |
|---|---|---|---|
| Account and Profile | Email, auth identifiers, profile settings, persona and language preferences. | Provided by you; generated by auth systems. | Sign-in, account safety, personalization, and support verification. |
| Third‑Party Sign‑In (Optional) | If you choose Google/Apple login: email, basic profile information, provider identifiers. | Provided by the identity provider via our authentication systems when you choose that login method. | Authenticate you, link your account, and help prevent unauthorized access. |
| Learning Content (Your Inputs) | Code you type or submit, answers, explanations, notes/context you provide, feedback interactions. | Provided by you while using learning features. | Core functionality (practice, grading, feedback), personalization, and continuity across sessions. |
| Progress and Performance | Problem history, streaks, win/loss records, ratings/ELO, counters, skill signals and summaries. | Generated from your activity in the app. | Progress tracking, match-making, improving lesson sequencing, and performance analytics inside the app. |
| Integrity and Anti-Abuse Signals | Timing signals, paste-event counts, keystroke and interaction metrics, anomaly scores/flags, rate-limit signals. | Generated from interaction patterns while you use solve/duel flows. | Detect cheating/automation, protect fair play, prevent abuse, and improve service integrity. |
| Social and Multiplayer (If Used) | Duels, challenges, friend relationships, opponent identifiers, match results, leaderboards. | Provided by you and other users through social features; generated from matches. | Enable multiplayer features and display results to participants as part of the experience. |
| Purchase and Subscription | Plan tier, entitlement state, Apple transaction and receipt metadata. | Provided by Apple and generated by billing systems. | Subscription validation, restore flows, anti-fraud checks, and billing support. |
| Device, Diagnostics, and Logs | Device model, OS and app version, crash logs, performance diagnostics, IP address and request metadata. | Collected automatically when you use the app/website. | Reliability improvements, debugging, capacity planning, and security monitoring. |
| Support and Communications | Emails, screenshots, troubleshooting notes, and any information you choose to include. | Provided by you when contacting support. | Issue resolution, account verification, and service operations. |
Don’t submit secrets. Please avoid including passwords, private keys, or other sensitive secrets in code/notes. If you include them, we may process them as part of providing the Service.
4) How Data Is Collected
- Directly from you during onboarding, account/profile updates, support contacts, and in‑app activity.
- Automatically via device, log, and diagnostic signals needed for reliability, security, and integrity.
- From Apple for subscription verification and restore processing.
5) Authentication and Account Access
You can typically create an account using email/password, and you may be able to use third‑party sign‑in options (such as Google or Apple) if available in your version of the app.
- If you use third‑party sign‑in, the provider may share certain information with us (for example: your email and a stable provider identifier) so we can authenticate you.
- Authentication is handled through our auth vendor (see processors below). We do not need or want your third‑party account password.
6) AI Processing (Important)
Byter uses AI models to generate challenges, evaluate answers, and provide feedback. To deliver these features, relevant inputs (such as prompt context, submitted code, answer text, and attempts) may be sent to model providers and returned with generated output.
Minimization. We try to limit AI prompts to what is necessary for the feature. You should avoid including personal information or secrets in prompts or code submissions.
Provider handling. Model providers may retain request data for limited periods to operate, secure, and improve their services, subject to their terms and settings. Where available, we prefer configurations that reduce retention and training use, but provider practices may change over time.
7) Integrity, Fair Play, and Anti‑Abuse
Byter includes competitive and graded modes. To protect fairness and prevent abuse, we may collect and analyze integrity signals, such as timing metrics, interaction rates, and paste‑event counts.
- These signals are used to detect automation, cheating, and abusive usage patterns (for example: mass scraping or spam).
- We do not need to record your device’s general keystrokes outside the app. Integrity signals are intended to be limited to in‑app interaction and derived metrics.
- Integrity analysis may be automated and may trigger actions like throttling, feature restriction, or account review.
8) Third‑Party Processors and Sub‑processors
- We use service providers to operate the Service (for example: authentication, database, AI processing, and hosting).
- Providers process data only as needed to perform services for us and are subject to contractual controls.
| Vendor | Purpose | Data Involved | Reference |
|---|---|---|---|
| Supabase | Authentication, database, storage, and real-time features. | Account identifiers and app data you create as you use the service. | Privacy policy |
| Apple | In‑App Purchase billing and subscription management. | Transaction/receipt metadata and subscription state (we do not receive full payment card details). | Privacy policy |
| Google (Gemini API) | AI generation, evaluation, and feedback workflows. | Prompt context and user inputs needed to produce outputs (may include code/answers you submit). | Privacy policy |
| Hosting and infrastructure vendors | Run the website and backend systems. | Standard request logs and operational data required for reliability and security. | Varies by deployment |
If we add or change key processors, we will update this page and revise the "Last updated" date.
9) Cookies and Website Tracking
The Byter marketing website does not currently run ad tracking or cross‑site behavioral targeting scripts. Hosting providers may still collect standard request metadata (for example: IP address, user agent, and request timestamps) for security and reliability.
10) Retention, Backups, and Deletion
- We retain active account data while your account remains active.
- Verified deletion requests are queued within 7 days and removed from active systems within 30 days.
- We may retain limited records needed for security, fraud prevention, and legal compliance.
- Encrypted backups may persist until normal rotation cycles expire.
Deletion request flow: Delete Account.
11) How We Share Data
We share Personal Data only in the following situations:
- Service providers (processors) that help us run the Service (for example: auth/database, AI processing, and hosting).
- With other users when you use social features (for example: duels, challenges, and leaderboards) — limited to what is needed for the feature experience.
- Legal and safety if we believe disclosure is reasonably necessary to comply with law, protect users, prevent fraud/abuse, or enforce our policies.
- Business transfers if we are involved in a merger, acquisition, or asset sale (we will provide notice where required).
Byter does not sell personal information. We also do not share personal information for cross‑context behavioral advertising.
12) Legal Bases (EEA/UK and similar regions)
Where required by law, we rely on the following legal bases to process Personal Data:
- Contract (to provide the Service you request, including AI features and subscriptions).
- Legitimate interests (to secure the Service, prevent abuse, improve reliability, and develop features).
- Consent (for optional features where we ask).
- Legal obligation (to comply with applicable laws).
13) Your Controls
- Update certain profile settings inside the app (where available).
- Request deletion via Delete Account.
- Contact support to correct account information at mani.byter@gmail.com.
If you do not want AI processing of your inputs, do not use AI features. Some core training functionality may depend on AI.
14) Your Privacy Rights
Depending on jurisdiction, users may request access, correction, deletion, restriction, objection, or data portability rights. Requests are reviewed case-by-case under applicable law.
Submit privacy requests to mani.byter@gmail.com.
If you use an authorized agent to submit a request (where permitted), we may require proof of authorization and identity verification.
15) California and US State Privacy Notices
California and certain other US state laws provide additional rights (such as the right to know, delete, or correct certain data, and to opt out of certain disclosures). Byter does not sell personal information and does not share personal information for cross‑context behavioral advertising.
To exercise rights, contact mani.byter@gmail.com. We may verify your request before completing it.
16) Children’s Privacy
Byter is not directed to children under 13 and does not knowingly collect personal information from children under 13. If discovered, associated data is deleted promptly.
17) International Data Transfers
Byter services may process data in jurisdictions outside your residence depending on hosting and processor locations. Where required, we use appropriate safeguards (such as contractual protections) for cross‑border transfers.
18) Security
We use reasonable administrative, technical, and organizational safeguards designed to protect Personal Data. However, no method of transmission or storage is 100% secure.
For an operational overview, see Security.
19) Policy Updates and Contact
Policy updates are posted on this page with a new "Last updated" date. Material changes may also be communicated through app or support channels.
Operator: Byter (operated by Mani Bondari)
Privacy contact: mani.byter@gmail.com