Privacy Policy.

1. Introduction

AuraByt Inc. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://aurabyt.com (the "Site") or use our services.

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the General Data Protection Regulation (GDPR) in the European Union, and the California Consumer Privacy Act (CCPA) in the United States.

Please read this privacy policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site.

2. Data Controller

For the purposes of applicable data protection laws, AuraByt Inc. is the data controller responsible for your personal information.

Contact Information:
AuraByt Inc.
Email: connect@aurabyt.com
Privacy-specific inquiries: privacy@aurabyt.com

3. Data We Collect

We may collect information about you in a variety of ways. The information we may collect on the Site includes:

3.1 Personal Information You Provide

When you voluntarily submit information through our contact form, we collect:

• Name: To identify you and personalize our communication
• Email Address: To respond to your inquiries
• Company Name: To understand your business context (optional)
• Message Content: The subject and details of your inquiry

Legal Basis: We process this data based on your consent and our legitimate interest in responding to your inquiries.

3.2 Automatically Collected Information

When you visit our Site, certain information about your device and usage may be automatically collected:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, referral sources, navigation paths
• Technical Data: Screen resolution, language preferences, time zone

Legal Basis: Legitimate interest in maintaining and improving our Site's functionality and security.

3.3 Cookies and Tracking Technologies

We run a privacy-conscious analytics stack and do not use cookies for advertising, retargeting, or cross-site tracking. The only cookies set by our Site are strictly necessary for the Site to function:

• Strictly Necessary Cookies: Essential for the Site to function properly. These cannot be disabled.
  • Theme preference (light/dark mode)
  • Cookie/consent preferences if you set them

We do not use Google Analytics, advertising pixels, Facebook/Meta pixels, or any third-party advertising trackers.

3.4 Analytics & Performance Monitoring

We use first-party analytics provided by our hosting platform (Vercel) to understand high-level usage and to monitor site performance. These services do not set tracking cookies and do not collect personally identifiable information:

• Vercel Web Analytics: Anonymous, aggregated page-view counts. No cookies, no cross-site tracking. See Vercel Analytics privacy.
• Vercel Speed Insights: Anonymous Core Web Vitals measurements (LCP, INP, CLS) sampled from real visitors so we can improve page performance. No cookies, no PII.

Legal Basis: Legitimate interest in maintaining and improving the Site (GDPR Art. 6(1)(f)). Because no personal data or identifiers are collected, no consent banner is required under Quebec Law 25, PIPEDA, GDPR, or the ePrivacy Directive.

3.5 Form Security

Our contact form is protected by lightweight server-side measures (origin checks, honeypot field, basic rate limiting). We do not use Google reCAPTCHA, hCaptcha, or any third-party bot-protection service that profiles visitors.

4. How We Use Your Data

We use the information we collect for the following purposes:

• Communication: To respond to your inquiries, questions, and comments submitted through our contact form
• Service Delivery: To provide and maintain our services
• Security: To operate and maintain the security of our Site, including preventing spam, fraud, and abuse
• Analytics: To analyze website traffic and improve the user experience (only with your consent)
• Legal Compliance: To comply with legal obligations and protect our rights
• Business Operations: To send important notices about our services or changes to our policies

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information with third-party service providers who perform services on our behalf:

5.1 Service Providers

• Vercel Inc.: Our website hosting and serverless infrastructure provider. Vercel handles request routing, CDN delivery, and runs the serverless function that processes contact form submissions. Vercel may process IP addresses and request metadata for security and operational purposes. See Vercel's Privacy Policy.
• Resend (Resend Inc.): Transactional email provider used to deliver contact form submissions to our inbox. Resend processes the message contents and the email address you provide so we can reply. See Resend's Privacy Policy.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Protection of our legal rights or property
• Investigation of potential violations of our Terms of Service
• Protection of the safety of individuals

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Contact Form Submissions: The email containing your message is retained in our inbox for up to 2 years, or until you request deletion.
• Vercel Analytics & Speed Insights: Aggregated, non-personal data retained per Vercel's defaults (rolling 30 days for detailed views; longer for aggregate counts). No individual visitor can be re-identified from this data.
• Server Logs: Vercel may retain request logs (IP, user-agent, request path) for a short period (typically days, not months) for security and debugging.

When data is no longer needed, we securely delete or anonymize it in accordance with industry standards.

7. Your Data Rights

Depending on your location, you have certain rights regarding your personal data:

7.1 Rights Under PIPEDA (Canada)

• Access: Right to know what personal information we hold about you
• Correction: Right to correct inaccurate information
• Withdrawal of Consent: Right to withdraw consent for data processing
• Complaint: Right to file a complaint with the Privacy Commissioner of Canada

7.2 Rights Under GDPR (EU/EEA)

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

7.3 Rights Under CCPA (California)

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@aurabyt.com. We will respond to your request within:

• 30 days for PIPEDA requests
• 1 month for GDPR requests (extendable to 3 months for complex requests)
• 45 days for CCPA requests

8. Security of Your Information

We implement administrative, technical, and physical security measures to protect your personal information, including:

• Encryption: HTTPS/TLS encryption for data in transit
• Access Controls: Limited access to personal data on a need-to-know basis
• Secure Infrastructure: Hosting on secure, SOC 2 compliant servers
• Regular Security Audits: Periodic review of security practices
• Data Minimization: Collecting only necessary information

Important: While we take reasonable steps to secure your data, no security measures are perfect or impenetrable. No method of data transmission over the internet can be guaranteed as 100% secure. You transmit information at your own risk.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country, province, or jurisdiction where data protection laws may differ. By using our Site, you consent to the transfer of information to Canada, the United States, or other countries where our service providers operate.

For EU users: When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately at privacy@aurabyt.com, and we will delete the information.

11. Third-Party Websites

The Site may contain links to third-party websites and applications. We are not responsible for the privacy practices or the content of such websites. We encourage you to read the privacy policies of any third-party sites you visit.

12. Do Not Track Signals & GPC

Because we do not engage in cross-site tracking and do not run third-party advertising or analytics that profile visitors, "Do Not Track" (DNT) and Global Privacy Control (GPC) signals do not change our data practices — there is nothing for us to disable. Our analytics (Vercel Web Analytics and Speed Insights) are cookieless, anonymous, and aggregated regardless of any browser signal.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• For significant changes, we may provide additional notice (such as a banner on our homepage)

Your continued use of the Site after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time: We aim to respond to all privacy-related inquiries within 2 business days.