Privacy Policy

This Privacy Policy ("Policy") governs the collection, use, disclosure, storage, and protection of personal data by Byte ("Company," "we," "us," or "our"), the operator of the Byte mobile application and associated web platforms (collectively, the "Platform").

We respect your privacy and are committed to protecting your personal data. This Policy explains how we handle your data when you access our services, which allow users to order food for dine-in or takeaway from campus vendors.

By accessing or using the Platform, you consent to the data practices described in this Policy. If you do not agree with this Policy, strictly do not use the Platform.

We collect various types of information to provide and improve our Service.

2.1. Information You Provide to Us

• Account Information: When you register, we collect your full name, email address (institutional or personal), and mobile phone number.
• Transaction Data: Details of orders placed, items purchased, time of transaction, and the specific Vendor involved.
• Financial Information: While we do not store your credit/debit card numbers or UPI PINs directly, we store transaction references, payment statuses, and Wallet balance history processed through our third-party payment gateway (e.g., Cashfree).
• Support Communications: Any information provided when you contact support@byteapp.tech, including screenshots or descriptions of issues.

2.2. Information Collected Automatically

• Device Information: We collect information about the device you use to access Byte, including the hardware model, operating system and version, unique device identifiers (IMEI/UUID), and mobile network information.
• Log Data: Our servers automatically record details such as your IP address, browser type, access times, and pages viewed within the app.
• Location Data: We may collect coarse location data to verify that you are within the operational campus radius, solely for the purpose of service availability.

We process your data for the following specific legal and business purposes:

1. Service Fulfillment: To relay your order details to Vendors and generate digital receipts/tokens for pickup.
2. Wallet Management: To maintain your Byte Wallet balance, process recharges, and handle automated refunds (in cases of Vendor rejection/timeout).
3. Communication: To send you transactional updates (e.g., "Order Ready" notifications), administrative notices, and security alerts.
4. Security & Fraud Prevention: To detect unauthorized account access, prevent multiple account abuse, and ensure the integrity of the Wallet system.
5. Legal Compliance: To comply with applicable laws, regulations, and requests from law enforcement agencies within India.

We strictly do not sell your personal data to data brokers. However, we may share your data in the following circumstances:

4.1. With Vendors

We share your Name and Order Details with the specific Vendor fulfilling your order. Vendors are independent data controllers and use this information solely to prepare your order and verify your identity at pickup.

4.2. With Service Providers

We engage third-party companies to perform services on our behalf, including:

• Payment Processors: (e.g., Cashfree) to facilitate payments.
• Cloud Infrastructure: (e.g., Firebase/Google Cloud) for data hosting and backend services.
• Analytics Services: To analyze app performance and usage patterns.

4.3. Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation (e.g., IT Act, 2000).
• Protect and defend the rights or property of Byte.
• Prevent or investigate possible wrongdoing in connection with the Service.

We employ industry-standard technical and organizational measures to secure your personal data, including:

• Encryption: Data in transit is encrypted using TLS/SSL protocols.
• Access Control: Access to personal data is restricted to authorized employees and contractors who need to know that information in order to process it for us.
• Database Security: We utilize secure cloud databases (Isar/Firebase) with strict security rules.

However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.

• Account Data: Retained as long as your account is active.
• Transaction Records: Retained for a period of minimum 7 years for tax and audit purposes, as required by Indian law.
• Deleted Accounts: If you request account deletion, your personal identifiers are removed, but anonymized transaction data may be retained for analytics.

Depending on your jurisdiction, you have the following rights:

1. Right to Access: You can request a copy of the personal data we hold about you.
2. Right to Correction: You can request that we correct inaccurate or incomplete data.
3. Right to Deletion: You can request the deletion of your account via the "Delete Account" feature in the app settings or by contacting support.
4. Right to Withdraw Consent: You may withdraw consent for data processing at any time, though this will result in the termination of your ability to use the Service.

We use cookies and similar tracking technologies (such as local storage in the app) to track the activity on our Service and store certain information, such as your login session and theme preferences ("Claymorphism" UI settings). You can instruct your browser/device to refuse all cookies, but some parts of our Service may not function properly.

Our Service is intended for university/college students and staff. We do not knowingly collect personally identifiable information from anyone under the age of 18 without parental consent. If we become aware that we have collected data from children without verification of parental consent, we take steps to remove that information.

In accordance with the Information Technology Act, 2000 and Rules made thereunder, the contact details of the Grievance Officer are provided below:

The Grievance Officer shall acknowledge complaints within 24 hours and resolve them within 15 days from the date of receipt.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.