Privacy Policy
Bytespike LLC ("Bytespike", "we", "us") is a Delaware limited liability company located at 8 The Green, Suite B, Dover, DE 19901, USA. This policy explains what personal data we collect through bytespike.ai, the Bytespike Gateway API, and the DOSIA macOS application; why we collect it; who we share it with; and the rights you have under GDPR, UK GDPR, CCPA/CPRA, and PIPL. Privacy questions: privacy@bytespike.ai.
Last updated
1. What we collect
Account data: email, hashed password, organization name, and billing identifiers required by our payment processor. We do not collect government identifiers.
Usage data: model called, request and response sizes, latency, error codes, and the prompt and completion bytes for the duration of the request. Prompt and completion content is not retained beyond 30 days unless you explicitly enable an evaluation feature that requires retention.
Diagnostic data: IP address, user agent, and Cloudflare ray ID — used for abuse prevention and rate limiting. Retained for 90 days.
2. Why we collect it (legal basis)
Performance of contract: to provide the gateway, route requests, and bill you for usage. Legitimate interest: to detect abuse, debug failures, and maintain service availability. Legal obligation: to comply with tax, accounting, and law-enforcement requests where applicable.
3. Third parties we share with
Payment processing: Stripe Inc. handles all card data; we never see your card number. See https://stripe.com/privacy.
Infrastructure: Cloudflare (CDN, edge security, US/global), Lisahost (compute hosting, US). Both bind to industry-standard processor agreements.
Upstream model providers: when you send a request to a model, we forward the request body and authentication context to the chosen provider (e.g. OpenAI, Anthropic, Google). Each provider applies its own privacy policy to that request only.
We never sell personal data. We never share data with third parties for advertising.
4. Retention
Account data: retained while your account is active, plus 90 days after closure for billing reconciliation. Usage logs: 90 days. Prompt/completion content: 30 days. Audit logs (admin actions): 365 days. Backups: rotated 90 days.
5. Your rights (GDPR + CCPA + PIPL)
You may access, correct, delete, port, or restrict processing of your personal data. CCPA/CPRA: you have the right to know, delete, correct, opt out of sale (we don't sell), and limit use of sensitive personal information. PIPL: you have rights of access, correction, deletion, and withdrawal of consent. Email privacy@bytespike.ai — we respond within 30 days.
6. Children
The service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data, contact privacy@bytespike.ai and we will delete it.
8. International transfers
EU/UK to US transfers rely on EU Standard Contractual Clauses (Module 2: Controller-to-Processor) and the UK International Data Transfer Addendum where applicable. PRC outbound transfers rely on the CAC standard contract. Enterprise customers may request a counter-signed Data Processing Addendum.
9. Privacy contact
Privacy and data subject requests: privacy@bytespike.ai. Mailing address: Bytespike LLC, 8 The Green, Suite B, Dover, DE 19901, USA. For EU/UK GDPR matters you may also lodge a complaint with your local supervisory authority.