Draft template — not legal advice. This page is a starting scaffold. Have it reviewed by a qualified lawyer and tailored to your business, jurisdiction, and data practices before relying on it in production. Bracketed [placeholders] mark values you must supply.

Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how ByteAlley (“we”, “us”) collects, uses, and protects personal data when you use our platform. We act as a data controller for the account data of creators who use ByteAlley, and as a data processor for the customer/lead data that creators collect through their funnels.

1. Information we collect

  • Account data: name, email, password hash, and workspace settings when you register.
  • Payment data: plan and subscription status, and payment metadata. Card details are handled by our payment processor (Paystack) — we do not store full card numbers.
  • Content & usage: the funnels, products, and media you create, plus analytics such as page views, conversions, and device/IP information used for security and rate limiting.
  • Customer & lead data (on creators’ behalf): contact details and order information that your visitors submit through your funnels and checkouts.
  • Cookies: strictly-necessary cookies for authentication and security, and any analytics/marketing cookies you enable.

2. How we use information

  • to provide, operate, and secure the service;
  • to process subscriptions and prevent fraud and abuse;
  • to send transactional email (verification, receipts, account notices);
  • to provide analytics and support, and to improve the product;
  • to comply with legal obligations.

3. Legal bases

Where data-protection law (e.g. the GDPR or Nigeria’s NDPR) applies, we rely on: performance of our contract with you; our legitimate interests in operating and securing the service; your consent (for optional cookies and marketing); and compliance with legal obligations. [Confirm the bases that apply to your business.]

4. Payment processing

Subscriptions and creator sales are processed by Paystack. Payment card data is collected and processed by Paystack under its own privacy policy; we receive only the transaction metadata we need to provision plans and fulfill orders.

5. Service providers (sub-processors)

We share data with vendors who process it on our behalf, under contract, including:

  • Paystack — payment processing;
  • Resend — transactional email delivery;
  • Cloudinary — media/file storage and delivery;
  • Error/monitoring provider — diagnostics and uptime;
  • Hosting provider — the servers running the application and database.

[Keep this list accurate as your stack changes, and link each provider’s DPA/privacy terms.] We do not sell personal data.

6. Data retention

We keep personal data for as long as your account is active and as needed to provide the service, then delete or anonymize it within a reasonable period, unless a longer period is required by law (e.g. tax or accounting records). Deleted accounts follow the schedule in the next section.

7. Your rights

Subject to applicable law, you may access, correct, export, or delete your personal data, and object to or restrict certain processing. ByteAlley provides self-service tools for the two most common requests:

  • Export: download a copy of your data from Settings → Download my data.
  • Deletion: request account deletion from your settings. Accounts are soft-deleted with a 30-day grace period and then permanently purged.

To exercise any other right, contact us at privacy@bytealleyapp.com. If you are an end customer of a creator, please contact that creator (the controller of your data); we will assist them as their processor.

8. International transfers

Your data may be processed in countries other than your own. Where required, we put appropriate safeguards in place for such transfers. [Describe the safeguards you rely on, e.g. standard contractual clauses.]

9. Security

We use technical and organizational measures to protect personal data, including encryption in transit, encryption of stored payment-provider secrets, hashed passwords, access controls, rate limiting, and bot-abuse protection. No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to incidents.

10. Children’s privacy

The service is not directed to children under 18, and we do not knowingly collect their personal data.

11. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the “Last updated” date; material changes will be communicated through the service or by email.

12. Contact

Questions or privacy requests? Email privacy@bytealleyapp.com. [Add your legal entity name, postal address, and EU/UK representative or DPO if required.]