Privacy Policy
ByteFlowAI LLC
Effective Date: January 1, 2026 | Last Updated: December 2025 | Version 2.0
1. Introduction
ByteFlowAI LLC ("ByteFlowAI," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI automation consulting services, visit our website, or engage with us through any other means.
As an AI automation services provider, we understand the critical importance of data protection, particularly when handling business-sensitive information and implementing automated workflows that may process personal data. This policy is designed to comply with applicable data protection laws including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR) where applicable, and other relevant state and federal regulations.
2. Scope of This Policy
This Privacy Policy applies to:
- Our corporate website at byteflowai.com and all associated subdomains
- Automation Opportunity Audit request forms and discovery processes
- Client engagements for AI automation implementation services
- Communications via email, phone, video conferencing, or other channels
- Any automated systems, workflows, or AI solutions we develop and deploy on your behalf
3. Information We Collect
3.1 Information You Provide Directly
Contact Information: Name, email address, phone number, business address, and company name when you request an Automation Opportunity Audit or contact us.
Business Information: Industry, business size, current software tools, workflow descriptions, pain points, and operational data shared during assessments and discovery calls.
Project Data: Requirements documents, process maps, sample data sets (anonymized where possible), API credentials, and system access information provided for automation implementation.
Communications: Content of emails, chat messages, recorded discovery calls (with consent), and any other communications with our team.
Payment Information: Billing address and payment method details processed through secure third-party payment processors.
3.2 Information Collected Automatically
Usage Data: Pages visited, time spent on site, click patterns, referring URLs, and navigation paths.
Device Information: IP address, browser type, operating system, device identifiers, and screen resolution.
Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, and similar technologies for analytics and functionality purposes.
3.3 Information from Third Parties
We may receive information from LinkedIn, business directories, CRM platforms (such as HubSpot), and other professional sources when conducting legitimate business outreach or when you connect accounts for automation purposes.
4. How We Use Your Information
We use the information we collect for the following purposes:
4.1 Service Delivery
- Conducting Automation Opportunity Audits and ROI assessments
- Designing, developing, and implementing AI automation solutions
- Providing technical support and maintenance for deployed systems
- Processing payments and maintaining accurate financial records
4.2 Communications
- Responding to inquiries and providing customer support
- Sending project updates, deliverables, and service-related notifications
- Marketing communications (with opt-out available)
4.3 Business Operations
- Improving our services, website, and user experience
- Analytics and performance measurement
- Ensuring security and preventing fraud
- Complying with legal obligations and exercising legal rights
5. AI-Specific Data Handling Practices
As an AI automation services provider, we implement specialized data handling practices to protect your information throughout the automation lifecycle:
5.1 Client Data Ownership
You retain full ownership of all data you provide to us. We process your data solely for the purpose of delivering our services. We do not use client data to train AI models or for any purpose beyond the specific service engagement without explicit written consent.
5.2 API Key and Credential Management
When automation implementations require API keys or system credentials, we follow the principle that the client owns and pays for all third-party services directly. We never store API keys in plain text, use encrypted vaults or one-time secret links for credential transfer, and recommend clients generate their own API keys for services like OpenAI, Anthropic, and similar platforms.
5.3 Workflow Data Processing
Automated workflows we implement may process data containing personal information. We design all workflows with data minimization principles, pulling only the specific fields necessary for the automation. Execution logs and payloads are protected with appropriate access controls, and we support self-hosting options that allow clients to maintain complete data sovereignty.
5.4 AI Model Interactions
When our solutions interact with AI models (such as Claude, GPT, or other language models), we implement system prompts and guardrails to prevent unauthorized data exposure, prompt injection, or jailbreaking attempts. We do not transmit sensitive personal data to AI services unless explicitly required for the service and approved by the client.
6. Information Sharing and Disclosure
We do not sell your personal information. We may share information in the following limited circumstances:
6.1 Service Providers and Subprocessors
We engage trusted third-party service providers to assist in delivering our services. These may include cloud hosting providers, CRM platforms (HubSpot), workflow automation tools (n8n), payment processors, and communication services. All service providers are bound by data processing agreements requiring appropriate security measures and limiting use of data to service delivery purposes.
Current Subprocessors
| Provider | Purpose | Data Processed |
|---|---|---|
| HubSpot | CRM & Communications | Contact info, communications |
| n8n (Self-Hosted) | Workflow Automation | Client-specified data only |
| Anthropic (Claude) | AI Processing | Per project scope only |
| Squarespace | Website Hosting | Usage data, form submissions |
| ProtonMail | Email Communications | Email content, attachments |
6.2 Legal Requirements
We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
6.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.
7. Data Security
We implement reasonable technical, administrative, and physical security measures to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure credential storage using encrypted vaults
- Access controls limiting data access to authorized personnel only
- HTTPS-only webhook endpoints with signing secrets where applicable
- Regular security assessments and updates
- Rate limiting on API endpoints to prevent abuse
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected parties in the event of a data breach affecting personal information.
8. Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this policy:
- Active Client Data: Retained for the duration of the service engagement plus 2 years for support and reference purposes
- Project Deliverables: Retained for 3 years following project completion unless otherwise specified in the service agreement
- Financial Records: Retained for 7 years as required by tax and accounting regulations
- Marketing Contacts: Retained until you opt out or request deletion
- Website Analytics: Retained for 26 months
9. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
9.1 Access and Portability
You have the right to request access to the personal information we hold about you and to receive that information in a portable, commonly-used format.
9.2 Correction
You have the right to request correction of inaccurate personal information.
9.3 Deletion
You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
9.4 Opt-Out Rights
You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly. California residents have additional rights under CCPA/CPRA, including the right to opt out of the sale or sharing of personal information (though we do not sell personal information).
9.5 Non-Discrimination
You will not be discriminated against for exercising your privacy rights.
To exercise any of these rights, please Email me directly. We will respond to your request within 45 days (or sooner if required by applicable law). We may need to verify your identity before processing certain requests.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website:
- Essential Cookies: Required for basic website functionality
- Analytics Cookies: Help us understand how visitors interact with our website
- Marketing Cookies: Used to track visitors across websites for advertising purposes
You can control cookies through your browser settings. Disabling certain cookies may limit website functionality. We respect Global Privacy Control (GPC) signals where required by law.
11. International Data Transfers
ByteFlowAI is based in Ohio, USA. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using our services, you consent to the transfer of your information to the United States, which may have different data protection rules than your country.
12. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website with a new effective date. For significant changes, we may also provide notice via email to active clients. Your continued use of our services after any changes indicates your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: