Privacy Policy

1. Introduction

XYZBytes ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and disclose your information when you visit our website at xyzbytes.com (the "Service") or engage our software development services.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Data

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, company name, job title
• Account Information: Username, password (encrypted), profile preferences
• Business Information: Company details, project requirements, budget information
• Communication Data: Messages, inquiries, feedback you send to us
• Payment Information: Billing address, payment method details (processed by third-party payment processors)

2.2 Technical Data

We automatically collect certain information when you visit our website:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Analytics Data: Website performance metrics, user interaction data via Google Analytics
• Cookie Data: Information stored in cookies and similar tracking technologies

2.3 Third-Party Data

We may receive information about you from third-party sources, including social media platforms, business partners, and public databases, which we use to enhance our services and communications.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to our data processing activities
• Contract Performance: To fulfill our software development services
• Legitimate Interests: For business operations, security, and improvements
• Legal Compliance: To comply with applicable laws and regulations

3.2 Purposes of Data Processing

We use your information for the following purposes:

• Providing and maintaining our software development services
• Processing payments and managing billing
• Communicating with you about projects, updates, and support
• Personalizing your experience and improving our services
• Marketing and promotional communications (with your consent)
• Analyzing website usage and performance
• Protecting against fraud, security threats, and legal risks
• Complying with legal obligations and regulatory requirements

3.3 Marketing Communications

We may send you marketing emails about our services, industry insights, and company updates. You can opt out of these communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Analytics: Google Analytics for website performance analysis
• Payment Processing: Stripe, PayPal for secure payment handling
• Communication: Email service providers for newsletters and notifications
• Cloud Services: AWS, Google Cloud for data storage and processing
• Customer Support: Help desk and chat support platforms

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal data.

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety
• Investigate potential violations of our terms of service
• Prevent fraud or security incidents

4.4 Consent-Based Sharing

We will not sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent protection levels
• Certification schemes and codes of conduct

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our retention periods are based on:

• Account Data: Retained while your account is active and for 3 years after closure
• Project Data: Retained for 7 years after project completion for business and legal purposes
• Marketing Data: Retained until you opt out or for 3 years of inactivity
• Analytics Data: Aggregated data retained for 26 months (Google Analytics default)
• Legal Compliance: Retained as required by applicable laws and regulations

7. Your Rights and Choices

7.1 GDPR Rights (EU Residents)

If you are located in the European Union, you have the following rights:

• Right of Access: Request information about your personal data we process
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for consent-based processing

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request information about personal data collection and use
• Right to Delete: Request deletion of personal information we collected
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal data)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

7.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information below:

• Email: privacy@xyzbytes.com
• Mail: XYZBytes Privacy Team, Toronto, ON, Canada

We will respond to your request within 30 days (or as required by applicable law) and may require verification of your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Employee Training: Regular privacy and security awareness training
• Incident Response: Procedures for detecting and responding to data breaches
• Vendor Management: Due diligence and contractual safeguards with third parties

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our security measures.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website performance. For detailed information about our cookie practices, please see our Cookie Policy.

You can control cookies through your browser settings:

• Block all cookies or specific types of cookies
• Delete existing cookies from your device
• Receive notifications when cookies are set

Note that disabling cookies may affect the functionality of our website and your user experience.

10. Children's Privacy

Our services are not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems.

If we become aware that we have collected personal information from children without appropriate consent, we will take steps to delete that information as soon as possible.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have provided your email address
• Post a notice on our website highlighting the changes
• For significant changes, provide additional notice as required by law

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For EU residents, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Canada and the Province of Ontario, without regard to conflict of law principles. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Ontario, Canada.