ByteQuix Privacy Policy

Version: 2026-06-20 Effective: June 20, 2026

This Privacy Policy explains how Avrilo Holdings LLC, doing business as "ByteQuix" ("ByteQuix," "we," "us") collects, uses, and discloses personal information in connection with the ByteQuix platform, portal, and websites (the "Services"). It is incorporated into the Master Services Agreement.

Two roles, briefly. When we handle information about our own customers, website visitors, and their contacts (for example, account admins, billing contacts, prospects), we act as a business/controller. When we process information that a customer puts into the Services about their users or end users ("Customer Data"), we act as a service provider/processor on that customer's behalf and per our agreement with them; the customer's own privacy notice governs that data. This Policy focuses on the data for which we are the business.

1. Information we collect

1.1 Information you provide.

• Account and profile data: name, email, password (stored hashed), role, employer/organization, and profile details.
• Billing data: billing contact, billing address, and payment-method details. Card numbers are collected and stored by our payment processor (Stripe); we do not store full card numbers.
• Communications: messages, support requests, and survey or form responses.

1.2 Information collected automatically.

• Usage and device data: log data, IP address, browser and device type, pages and features used, and timestamps.
• Acceptance records: when you accept an agreement, we record the version, a hash of the exact text, your identity, the time, and your IP and user-agent, to evidence the acceptance.
• Cookies and tracking data: identifiers and activity collected through cookies and similar technologies, including for analytics and advertising. See Section 3.

1.3 Information from third parties. We may receive information from our subprocessors, analytics and advertising partners, and integrations (for example, payment status from Stripe, or audience and measurement data from advertising partners).

We do not knowingly collect information from children under 13 (or as defined by applicable law), and we do not knowingly sell or share the personal information of individuals we know to be under 16. The Services are for business use and not directed to children.

2. How we use information

We use personal information to:

• provide, operate, secure, and support the Services;
• create and manage accounts, authenticate users, and provision access;
• process payments, billing, surcharges, and renewals;
• communicate about the Services, including service, security, and billing notices;
• understand usage and measure, target, and deliver advertising and marketing;
• monitor, prevent, and address fraud, abuse, and security incidents;
• maintain records of agreement acceptance;
• comply with legal obligations and enforce our agreements; and
• improve and develop the Services, including using aggregated or de-identified data that does not identify any individual.

We may send you administrative, service, security, and billing communications about your account. If we send optional product or marketing emails, each includes an unsubscribe link and we honor opt-out requests. We do not use Customer Data to train machine-learning models without your instruction or consent.

3. Cookies and tracking technologies

We and our third-party partners use cookies, pixels, tags, SDKs, local storage, and similar technologies ("cookies") to operate the Services, remember preferences, understand usage, and measure and deliver advertising. We use these categories:

• Strictly necessary: required for authentication, security, and core functionality. These cannot be turned off.
• Functional: remember your preferences and settings.
• Analytics / performance: help us understand how the Services and our websites are used so we can improve them.
• Advertising / targeting: set by us or our advertising partners to build a profile of your interests, measure campaign performance, and show you relevant ads on other sites and services (cross-context behavioral advertising).

Your controls. You can manage cookies through your browser settings and through our cookie preferences control where offered. Because we use advertising/targeting cookies, you can opt out of the related sale/sharing as described in Sections 6 and 8. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), treating them as a request to opt out of sale/sharing for the browser that sends them.

4. How we disclose information

We disclose personal information to:

• Subprocessors/service providers that operate the Services under contract:
  • Stripe (payment processing)
  • Supabase (database and authentication; hosted on cloud infrastructure)
  • Vercel (application hosting and content delivery)
  • Resend (transactional email delivery)
• Analytics and advertising partners, including Google (Google Analytics and Google Ads), the Meta (Facebook / Instagram) Pixel, and the LinkedIn Insight Tag, as well as other analytics and marketing-technology providers we may use from time to time, that help us measure usage and deliver advertising. Disclosing identifiers and activity data to advertising partners for cross-context behavioral advertising may be a "share" (and, depending on the arrangement, a "sale") under California and similar state laws. You can opt out as described in Sections 6 and 8.
• Professional advisors (lawyers, accountants, auditors) under confidentiality;
• Authorities or others when required by law, to respond to legal process, or to protect rights, safety, and the security of the Services; and
• In a corporate transaction (merger, acquisition, financing, or sale of assets), subject to this Policy.

5. Security

We maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information, including multi-tenant isolation, encryption of designated sensitive secrets, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. See Section 8 of the Master Services Agreement for how risk is allocated for security incidents.

6. Your choices

• Access and update: account users can update profile information in the Services.
• Communications: you can opt out of non-essential emails using the unsubscribe link; we may still send service, security, and billing messages.
• Cookies and advertising: you can manage cookies through your browser and our cookie preferences control, and you can opt out of sale/sharing for advertising using our "Do Not Sell or Share My Personal Information" control or by enabling a recognized opt-out preference signal such as the Global Privacy Control (GPC).

7. Data retention

We keep personal information only for as long as we need it for the purposes described in this Policy, and we do not retain it indefinitely. To decide how long to keep each category of personal information, we consider:

• how long your account or business relationship is active, and our need to provide and support the Services;
• legal, tax, accounting, and regulatory requirements (for example, financial records are kept for the period required by law);
• our need to evidence agreements and acceptances, resolve disputes, and enforce our terms;
• security, fraud-prevention, and audit needs; and
• the lifespan and settings of cookies and the requirements of our analytics and advertising partners.

When personal information is no longer needed, we delete or de-identify it, subject to backups and legal holds.

8. California privacy rights (CCPA / CPRA)

This Section applies to California residents whose personal information we process as a business. (For Customer Data we process as a service provider, please contact the ByteQuix customer that controls that data.)

8.1 Categories of personal information. In the past 12 months we have collected the categories below; the purposes are in Section 2 and the recipients are in Section 4:

• Identifiers (name, email, IP address, account ID, and online/advertising identifiers);
• Customer records (billing contact and address, payment information held by Stripe);
• Commercial information (subscriptions, transactions);
• Internet/network activity (usage and log data, and interactions with ads); and
• Inferences drawn for advertising and analytics.

We collect account passwords, which we store in hashed form for authentication. We do not use sensitive personal information to infer characteristics about you.

8.2 Sale / sharing. We use advertising/targeting cookies and may "share" personal information (such as online identifiers and internet activity) with advertising partners for cross-context behavioral advertising; depending on the arrangement, this may also be a "sale" under California law. We do not knowingly sell or share the personal information of individuals under 16.

8.3 Your rights. Subject to verification and legal exceptions, California residents may:

• Know/access the categories and specific pieces of personal information we hold;
• Delete personal information;
• Correct inaccurate personal information;
• Opt out of the sale and sharing of personal information; and
• Limit the use of sensitive personal information (to the extent applicable).

We will not discriminate against you for exercising these rights.

8.4 How to exercise. To opt out of sale/sharing, use our "Do Not Sell or Share My Personal Information" control or enable the Global Privacy Control (GPC). For access, deletion, or correction requests, contact privacy@bytequix.com or use your account. We will verify your identity before responding, you may use an authorized agent with proof of authorization, and we respond within the timeframes required by law (generally 45 days, extendable).

9. Other states

Where the privacy laws of other US states grant you similar rights (including rights to opt out of targeted advertising), we honor those rights as required by applicable law.

10. United States processing

The Services are operated from and intended for use in the United States. If you access them from outside the US, you understand and consent that your information will be processed in the United States.

11. Changes to this Policy

We may update this Policy. We will post the updated version with a new effective date and, for material changes, provide additional notice as required by law.

12. Contact

ByteQuix (Avrilo Holdings LLC) 8500 Normandale Lake Blvd., Suite 350, Bloomington, MN 55437 Privacy requests: privacy@bytequix.com General: support@bytequix.com