Privacy Policy | ByteX Studio

ℹ️

Plain English Summary: Data collection varies by application. Some ByteX Studio apps may collect limited information necessary to provide their features, while other apps collect no personal information at all. We never sell your data. For apps used by children under 13, we collect no personal data without verified parental consent. You can delete your data at any time by emailing mahmudalam.au@gmail.com.

Who We Are

ByteX Studio ("ByteX Studio", "we", "our", or "us") is a mobile app and web development company operating the website bytexstudio.vercel.app (soon to be bytexstudio.com) and publishing mobile applications on Google Play Store and Apple App Store.

Our registered contact for privacy matters is: mahmudalam.au@gmail.com

Scope of This Policy

This Privacy Policy applies to:

Our company website at bytexstudio.vercel.app
All mobile applications published under the ByteX Studio developer account on Google Play Store
All mobile applications published under the ByteX Studio account on Apple App Store
Any services, APIs, or platforms we operate in connection with the above

Each individual app we publish may also have its own dedicated privacy policy linked on its Google Play Store listing. This master policy covers ByteX Studio as a publisher and applies to all apps unless a specific app policy states otherwise.

App-Specific Privacy Notices

Different ByteX Studio applications may have different data practices depending on their functionality. The disclosures below supplement this master policy and take precedence where app-specific practices differ.

🎮

Orbit Defender: Space Survival
Orbit Defender does not require user registration, does not collect personal information, does not use analytics services, does not use advertising SDKs, does not use crash reporting services, and does not transmit data to ByteX Studio servers. All game progress and settings remain stored locally on the user's device.

Additional app-specific notices may be added here as new applications are published.

Data We May Collect

The information described in this section represents data that may be collected by one or more ByteX Studio products or services. Not every app collects every type of information. Please refer to the App-Specific Privacy Notices section for the exact practices of a particular application.

3.1 Data You Provide Directly

Account registration: name, email address, username, and password (hashed)
Profile information: profile picture, date of birth (age verification only), preferences
Contact form / support: name, email, message content
Payment information: We do not store card details. Payments are processed by Google Play Billing or Stripe. We only receive transaction confirmation and subscription status.

3.2 Data Collected Automatically

Device information: device model, OS version, unique device identifiers (advertising ID, Android ID) — used for crash reporting and analytics only
Usage data: screens visited, features used, session duration, button taps — used to improve the app
Crash reports: stack traces and device state at the time of a crash — no personal data included
IP address: collected automatically by our servers; used for fraud prevention and approximate location (country/city level only)
Log data: server logs including timestamps, requests, and error messages

3.3 Data We Do NOT Collect

We never collect Social Security numbers, national ID numbers, or government IDs
We never collect full financial data (bank account numbers, full card numbers)
We never collect biometric data (fingerprints, facial scans)
We do not record audio or video without explicit in-app disclosure and consent
We do not read your contacts, SMS messages, or call logs (unless explicitly stated in a specific app)

How We Use Your Data

Purpose	Data Used	Legal Basis
Provide and operate the app/service	Account data, usage data	Contract performance
Send account & transactional emails	Email address	Contract performance
Improve our apps and services	Usage analytics, crash reports	Legitimate interest
Customer support	Contact form data, account data	Legitimate interest
Fraud prevention & security	IP address, device identifiers	Legitimate interest
Legal compliance	Any data required by law	Legal obligation
Marketing emails (opt-in only)	Email address, name	Consent

⚠️

We never sell, rent, or trade your personal data to third parties for their own marketing purposes. Full stop.

Children's Privacy (COPPA Compliance)

👶

Commitment to Children's Safety: ByteX Studio develops apps specifically designed for children, including educational apps, lullaby apps, autism support apps, and kids reminder apps. We take children's privacy extremely seriously and operate in full compliance with the Children's Online Privacy Protection Act (COPPA), the UK Children's Code, and GDPR Article 8.

5.1 Apps Directed at Children Under 13

For any app in our portfolio that is directed at children under the age of 13 (including but not limited to lullaby apps, kids reminder apps, and autism support apps for children), we apply the following strict rules:

No personal data collection without verifiable parental consent (VPC). We collect no name, email, photo, or voice data from children without a parent or guardian first providing verified consent.
No behavioural advertising. We never serve interest-based or targeted ads in children's apps. Any ads shown are contextual-only and vetted for child-appropriateness.
No third-party analytics SDKs that collect personal data are used in kids apps.
No social sharing features that could expose a child's activity to the public.
No in-app purchases without explicit parental-consent flow.
All content in kids apps is reviewed for age-appropriateness before release.

5.2 Parental Rights Under COPPA

If you are a parent or guardian and believe we have collected personal information from your child without your consent, you have the right to:

Review any personal information we have collected about your child
Request deletion of all personal information collected about your child
Refuse to permit further collection or use of your child's personal information
Withdraw previously granted consent at any time

To exercise any of these rights, email us at mahmudalam.au@gmail.com with the subject line "COPPA Request – [App Name]". We will respond within 5 business days.

5.3 Age Verification

Apps in our "General" or "Teen" category that are not specifically designed for under-13 users include an age gate at onboarding. Users who indicate they are under 13 are shown a child-safe experience with all data collection disabled and are directed to a parent/guardian for account setup.

Special Needs & Autism Support Apps

💙

Sensitive Data Commitment: Apps designed to support individuals with autism spectrum disorder (ASD) or other special needs may involve the processing of health-related information. We treat this data as sensitive personal data and apply heightened protections under GDPR Article 9.

Health-related data (e.g. sensory preferences, therapy goals, behavioural patterns entered by caregivers) is stored with additional encryption at rest using AES-256.
This data is never used for advertising, profiling, or shared with any third party other than the cloud storage provider (which processes it only on our instructions).
Users (or their caregivers/guardians) may export or permanently delete all stored health data at any time via in-app settings or by emailing mahmudalam.au@gmail.com.
Apps for elderly users or users with cognitive differences include simplified privacy controls and plain-language consent screens.

Data Sharing & Third Parties

We share data only as necessary to operate our services. Below is a full list of third-party services we may use:

Service	Purpose	Data Shared	Their Privacy Policy
Google Firebase	Crash reporting, analytics, push notifications	Device ID, usage events	policies.google.com/privacy
Google Play Billing	In-app purchases	Transaction data only	policies.google.com/privacy
Stripe	Payment processing (web)	Payment data (PCI-DSS compliant)	stripe.com/privacy
Vercel	Website hosting	IP address, request logs	vercel.com/legal/privacy-policy
AWS (Amazon Web Services)	App backend hosting	Encrypted user data	aws.amazon.com/privacy
Sentry	Crash monitoring	Stack traces, device info (no PII)	sentry.io/privacy

We do not share data with any third parties not listed above except when required by law (e.g. court order, government request) or to prevent fraud or harm to users.

Data Storage & Security

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at rest: Databases are encrypted at rest using AES-256. Sensitive data (health info, passwords) uses additional application-level encryption.
Passwords: Never stored in plain text. We use bcrypt hashing with a minimum work factor of 12.
Access controls: Strict role-based access. Only engineers who need data access to fix bugs have it, and all access is logged and audited.
Security testing: We conduct regular vulnerability assessments and follow OWASP Mobile Security Guidelines.
Data breach notification: In the event of a breach affecting personal data, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

Your Rights (GDPR & Global)

Depending on your location, you may have the following rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. See our Data Deletion Policy.
Right to Data Portability: Request your data in a machine-readable format (JSON/CSV).
Right to Restrict Processing: Ask us to stop processing your data while a dispute is resolved.
Right to Object: Object to processing based on legitimate interest or for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any right, email mahmudalam.au@gmail.com with the subject "Data Rights Request". We respond within 30 days (GDPR standard). You also have the right to lodge a complaint with your local data protection authority (e.g. ICO in the UK, CNIL in France).

Cookies & Tracking

Our website uses cookies. Our mobile apps do not use browser cookies but may use equivalent technologies (device identifiers, local storage). Please see our full Cookie Policy for details.

Data Retention

Data Type	Retention Period	Reason
Active account data	While account is active + 30 days after deletion request	Service provision
Transaction records	7 years	Legal / tax obligation
Crash reports	90 days	Bug fixing
Analytics data	24 months (aggregated)	Product improvement
Support emails	3 years	Legal protection
Children's data	Deleted within 30 days of account deletion or parental request	COPPA compliance

International Data Transfers

ByteX Studio operates globally. Your data may be transferred to and processed in countries outside your home country, including the United States. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Processing only by service providers that are Privacy Shield certified or equivalent
Transfer Impact Assessments where required

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last Updated" date at the top of this page
Send an in-app notification to active users
Send an email notification to registered users (for material changes)
For children's apps, notify parents/guardians and request renewed consent where required

Continued use of our apps or services after the effective date of the updated policy constitutes acceptance of the changes.

Contact Us

Privacy Questions or Requests?

Email: mahmudalam.au@gmail.com

Subject line: "Privacy Request – [Your Name]"

We respond to all privacy requests within 5 business days and complete all actions within 30 days.

ByteX Studio · mahmudalam.au@gmail.com · bytexstudio.vercel.app