Privacy Policy

ByteSphere (“ByteSphere,” “we,” “us,” or “our”) is a technology consultancy and software studio that designs and builds web applications, mobile applications, desktop software, AI automations, and related digital products for our clients. We respect your privacy and are committed to handling your personal data lawfully, transparently, and with care.

This Privacy Policy explains what information we collect when you visit bytesphere.devand related domains (the “Site”), contact us, or engage us for professional services (collectively, the “Services”), how we use that information, the legal bases on which we rely, and the rights you have over your data. By using the Site or Services, you agree to the practices described in this policy.

This policy applies to:

• Visitors to our Site and anyone who interacts with our online content.
• Prospective clients who contact us via our forms, email, phone, or messaging channels.
• Clients who engage us to deliver software, automations, consulting, or related services.
• Vendors, partners, and applicants who communicate with us in a business capacity.

It does not cover personal data that we process strictly on behalf of a client as a data processor — in those cases the client’s own privacy notice and our written agreement with that client govern the processing.

We collect information in the following ways:

a. Information you provide directly

• Contact details: your name, email address, phone number, company, and any information you choose to include in the message field of our contact form, in an email, or in a chat with us on WhatsApp, Telegram, LinkedIn, X (Twitter), or similar channels.
• Project details: requirements, goals, files, credentials, designs, code, content, and other materials you share with us during a discovery, proposal, or engagement phase.
• Billing information: billing name, address, tax identifiers, and payment details when we issue invoices. Card payments, where applicable, are processed by third-party payment providers; we do not store full card numbers on our systems.

b. Information collected automatically

• Usage and device data: IP address, browser type and version, operating system, device type, referrer URL, pages viewed, time spent on pages, and timestamps. We use this for security, debugging, and aggregate analytics.
• Cookies and similar technologies: small data files used to keep the Site working correctly and to measure performance. See Section 07 for details.
• Analytics events: high-level interaction data (for example, page views) collected via Vercel Analytics, which is designed to be privacy-friendly and does not use cross-site tracking cookies.

c. Information from third parties

• Business contact information from professional networks (such as LinkedIn) where you have made it publicly visible, or from referrals and partners who introduce you to us.
• Data from service providers we use to operate our business, such as email, hosting, version control, and cloud infrastructure providers.

We do not knowingly collect special categories of personal data (such as health, religion, or political views) and we do not ask for them. Please do not send us such information unless it is strictly necessary for a project we have agreed to deliver.

We use the information we collect for the following purposes:

• To respond to your enquiries and provide quotes, proposals, and demos.
• To deliver, support, and improve the software and services we build for you.
• To manage contracts, invoicing, and payments.
• To communicate operational updates, security notices, and changes to our Services.
• To operate, monitor, secure, and improve our Site and infrastructure.
• To analyze how our Site is used in aggregate so we can improve content and performance.
• To comply with legal, tax, accounting, and regulatory obligations.
• To protect the rights, property, and safety of ByteSphere, our clients, and the public — including fraud prevention and enforcement of our terms.

We do not sell your personal data, and we do not use it for automated decision-making that produces legal or similarly significant effects on you.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases:

• Contract: to take steps at your request before entering into a contract and to perform a contract with you (for example, delivering a project you have engaged us for).
• Legitimate interests: to run, secure, and grow our business — including responding to enquiries, basic analytics, fraud prevention, and direct B2B outreach where you have a reasonable expectation of contact. We balance these interests against your rights and freedoms.
• Consent: where required, for non-essential cookies, marketing communications, or other processing that depends on your choice. You can withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, anti-money-laundering, and other applicable laws.

We share personal data only as necessary, with parties bound by confidentiality and data-protection obligations. The main categories of recipients are:

• Service providers and sub-processors who help us operate the business — including hosting (Vercel), email delivery, source control (GitHub), analytics, payment processing, cloud infrastructure (such as AWS, Google Cloud, or Microsoft Azure where used for a given project), and productivity tools.
• Clients— for example, where you contact us as part of a client’s project or where you are a stakeholder on a project we are delivering.
• Professional advisors such as accountants, auditors, lawyers, and insurers, when reasonably required.
• Authorities when we are legally required to disclose information, or to protect rights, property, or safety.
• Successors in interest in the event of a merger, acquisition, restructuring, or sale of assets. We will notify affected users where required by law.

We do not rent, trade, or sell personal data to advertisers or data brokers.

Our Site uses a small number of cookies and similar technologies. These typically fall into:

• Strictly necessary: required for the Site to function and to remember preferences such as theme or language.
• Analytics: we use Vercel Analytics to understand aggregate usage of the Site. Vercel Analytics is designed to avoid cross-site tracking and does not use long-lived identifiers tied to individual users.

You can control cookies through your browser settings, including blocking or deleting them. Doing so may affect how the Site works. Where we add non-essential or marketing cookies in the future, we will request your consent first via a cookie banner.

ByteSphere is a globally distributed team and we rely on cloud providers and tools hosted in multiple countries. As a result, your personal data may be processed in jurisdictions outside your country of residence, including the United States and the European Union.

When we transfer personal data internationally, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms, together with technical and organizational measures to protect the data.

We retain personal data only for as long as necessary for the purposes set out in this policy. In practice this means:

• Enquiries that do not become engagements: typically up to 24 months from last contact, then deleted or anonymized.
• Active client records: for the duration of our engagement and a reasonable period after, in line with contractual and warranty obligations.
• Invoices, contracts, and tax records: for the period required by applicable tax and accounting law (commonly 5–10 years).
• Server logs and security data: a short rolling window, typically up to 90 days, unless we need to retain specific entries to investigate an incident.

When retention periods expire, we delete or anonymize the data unless we are legally required to keep it longer.

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include:

• Encryption in transit (HTTPS / TLS) for our Site and most internal tools.
• Access controls, least-privilege permissions, and multi-factor authentication on critical systems.
• Vetting of vendors and sub-processors that handle personal data on our behalf.
• Code review, dependency scanning, and secure development practices in our engineering work.
• Regular backups and incident-response procedures.

No system is fully secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authorities and, where required, affected individuals without undue delay.

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access to the personal data we hold about you.
• Correction of inaccurate or incomplete data.
• Deletion (the “right to be forgotten”), subject to legal exceptions.
• Restriction of, or objection to, certain processing — including for direct marketing.
• Portability of data you have provided to us in a structured, commonly used format.
• Withdrawal of consent at any time where processing is based on consent.
• The right to lodge a complaint with your local data-protection authority. In the EU, this is the supervisory authority of your country of residence; in the UK, the Information Commissioner’s Office (ICO).

If you are in California or another U.S. state with comparable privacy laws, you may also have the right to know what personal information we collect, to request deletion, to opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are commonly defined), and to be free from discrimination for exercising these rights.

To exercise any of these rights, contact us at contact@bytesphere.dev. We may need to verify your identity before acting on a request, and we will respond within the timeframes required by applicable law.

Our Site and the deliverables we build may link to or integrate with third-party services such as GitHub, LinkedIn, WhatsApp, Telegram, X (Twitter), Vercel, and cloud providers. We are not responsible for the privacy practices of those third parties. We recommend reviewing their privacy notices before sharing personal data with them.

The Site and Services are intended for business users and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time to reflect changes to our Services, legal requirements, or our internal practices. When we do, we will update the “Last updated” date at the top of this page. If the changes are material, we will provide additional notice (for example, by email or a prominent notice on the Site) before the changes take effect.

If you have questions, comments, or requests regarding this Privacy Policy or our handling of your personal data, please reach out:

• Email: contact@bytesphere.dev
• Phone: +7 (995) 015-31-02 / +7 (999) 906-03-36
• WhatsApp: wa.me/79950153102
• Telegram: t.me/bytesphere_dev

We will do our best to respond promptly and to resolve any concern you may have about your privacy.