ByeApps Logo

    Privacy Policy

    Navigate through our privacy policy

    Privacy Policy

    Last updated: February 3, 2026

    1. Introduction

    This Privacy Policy describes how we collect, use, and protect your personal information when you use our e-commerce platform. We are committed to protecting your privacy and ensuring transparency about our data practices.

    2. Information We Collect

    Personal Information

    • Name, email address, phone number
    • Billing and shipping addresses
    • Payment information (processed securely through Stripe)
    • Account credentials and preferences
    • Communication history and support interactions
    • Email engagement data (opens, clicks, bounces, complaints)

    Business Information

    • Business name, address, and tax identification
    • Bank account details for Stripe Connect
    • Product listings and store information
    • Sales and transaction data

    Technical Information

    • IP address, browser type, and device information
    • Usage patterns and interaction data
    • Cookies and tracking technologies
    • Log files and error reports

    3. How We Use Your Information

    Service Provision: To provide, maintain, and improve our platform services, process transactions, and fulfill orders.

    Communication: To send important updates, respond to inquiries, and provide customer support.

    Security: To protect against fraud, unauthorized access, and ensure platform security.

    Legal Compliance: To comply with applicable laws, regulations, and legal processes.

    Analytics: To analyze usage patterns and improve user experience (anonymized data only).

    Email Communications: To send transactional emails, marketing communications, and important platform notifications through AWS SES.

    4. Third-Party Services and Data Sharing

    Payment Processing - Stripe

    Payment information is processed by Stripe, Inc. We do not store complete payment card details. Stripe's privacy policy governs their data handling practices.

    Domain Registration - OpenSRS

    Domain registration data is shared with OpenSRS and relevant domain registries as required by ICANN policies and domain registration processes.

    Cloud Storage - AWS S3

    Product images and user-uploaded content are stored on Amazon Web Services S3 with appropriate security measures and access controls.

    DNS and CDN - Cloudflare & AWS Route 53

    We use Cloudflare and AWS Route 53 for DNS services, content delivery, and DDoS protection. These services may process technical data for performance optimization.

    Shipping - USPS, DHL, FedEx

    Shipping information is shared with selected carriers (USPS, DHL, FedEx) to facilitate package delivery and tracking services.

    Email Services - AWS SES

    All email communications are processed and delivered through Amazon Simple Email Service (SES). This includes transactional emails, marketing communications, and system notifications. AWS SES processes email addresses, message content, and delivery metrics in accordance with AWS privacy policies. Email engagement data (opens, clicks, bounces) is collected to improve deliverability and measure campaign effectiveness.

    5. Cookies and Tracking Technologies

    Essential Cookies: Required for basic platform functionality, authentication, and security.

    Performance Cookies: Used to analyze site usage and improve performance (via Cloudflare analytics).

    Functional Cookies: Store user preferences and settings for enhanced user experience.

    Email Tracking: We use tracking pixels in emails to measure open rates and engagement, helping us improve our communications and ensure deliverability.

    6. Data Security

    Encryption: All data transmission is encrypted using industry-standard SSL/TLS protocols.

    Access Controls: Strict access controls and authentication measures protect your data from unauthorized access.

    Regular Audits: We conduct regular security audits and vulnerability assessments.

    Incident Response: We have procedures in place to respond to and notify users of any security incidents.

    7. Data Retention

    Account Data: Retained while your account is active and for a reasonable period after closure for legal compliance.

    Transaction Records: Financial records are retained for 7 years as required by law.

    Marketing Data: Retained until you opt out or request deletion.

    Email Data: Email addresses and communication preferences are retained while your account is active. Email engagement data is retained for 2 years for deliverability optimization.

    8. Your Privacy Rights

    Access: Request access to your personal data and information about how it's processed.

    Correction: Request correction of inaccurate or incomplete personal data.

    Deletion: Request deletion of your personal data, subject to legal retention requirements.

    Portability: Request a copy of your data in a structured, machine-readable format.

    Opt-out: Unsubscribe from marketing communications at any time through email unsubscribe links, account settings, or by contacting us directly. Note that you cannot opt out of essential transactional emails related to your account and orders.

    9. International Data Transfers

    Global Services: Our services operate globally, and data may be transferred to countries outside your residence.

    Safeguards: We implement appropriate safeguards for international transfers, including standard contractual clauses.

    Third-Party Compliance: Our service providers (AWS, Stripe, etc.) maintain appropriate data protection certifications.

    10. Children's Privacy

    Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

    11. California Privacy Rights (CCPA)

    California residents have additional rights under the California Consumer Privacy Act (CCPA):

    • Right to know what personal information is collected and how it's used
    • Right to delete personal information
    • Right to opt-out of the sale of personal information (we do not sell personal information)
    • Right to non-discrimination for exercising privacy rights

    12. European Privacy Rights (GDPR)

    If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

    • Legal basis for processing (consent, contract, legitimate interest)
    • Right to withdraw consent at any time
    • Right to lodge a complaint with supervisory authorities
    • Right to restrict processing in certain circumstances

    13. Changes to This Privacy Policy

    We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes via email or platform notification. Your continued use of our services constitutes acceptance of the updated policy.

    14. Contact Information

    For privacy-related questions or to exercise your rights, contact us at:

    Privacy Officer

    Email: [email protected]

    Address: [Your Business Address]

    Phone: [Your Phone Number]

    We will respond to your privacy requests within 30 days of receipt.