Privacy Policy

Effective date: February 11, 2026

1. Introduction

ByGenAI, Inc. ("ByGenAI," "we," "our," or "us") builds and operates cloud-based business management solutions — including ERP, warehouse management, inventory, order management, and accounting integrations — for small and medium-sized businesses (the "Services"). This Privacy Policy describes how we collect, use, store, and share information when you use our Services or visit our websites.

By using our Services you agree to the practices described in this policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, company name, phone number, and role when you register.
  • Business data: Products, inventory, orders, invoices, customers, vendors, and other operational data you enter or import into the Services.
  • Payment information: Billing details processed by our third-party payment processor. We do not store full credit card numbers.
  • Support requests: Information you provide when you contact us for help.

2.2 Information from Third-Party Integrations

When you connect third-party services (e.g., QuickBooks Online, Stripe, Shopify, or other accounting, payment, or e-commerce platforms), we receive OAuth tokens and authorized data from those services. We only request the minimum scopes necessary to provide the functionality you enable. We encrypt all credentials and tokens at rest using AES-256-GCM.

2.3 Automatically Collected Information

  • Usage data: Pages visited, features used, and actions taken within the Services.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies: Session cookies for authentication and preferences. We do not use third-party advertising cookies.

3. How We Use Your Information

  • Provide, operate, and maintain the Services.
  • Authenticate your identity and manage access controls.
  • Synchronize data between the Services and connected third-party platforms.
  • Process transactions and send transactional notifications.
  • Improve and develop new features based on usage patterns.
  • Provide customer support and respond to inquiries.
  • Detect, prevent, and address security issues and fraud.
  • Comply with legal obligations and enforce our terms.

4. Third-Party Integrations

Our Services integrate with third-party platforms to sync your business data. When you authorize a connection:

  • We access only the data scopes you explicitly authorize.
  • We encrypt all OAuth tokens and credentials at rest using AES-256-GCM encryption.
  • We never store your third-party passwords.
  • You can disconnect any integration at any time from your dashboard, which immediately deletes all stored credentials for that integration.
  • We do not sell or share your third-party data with unrelated parties.

Your use of third-party services is also governed by their respective privacy policies and terms of service.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data with:

  • Service providers: Cloud hosting (Google Cloud Platform), database providers, and other vendors that help us operate the Services, subject to confidentiality obligations.
  • Connected integrations: Third-party platforms you explicitly authorize.
  • Legal compliance: When required by law, subpoena, court order, or government regulation.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice where feasible.
  • Safety: To protect the rights, safety, or property of ByGenAI, our users, or others.

6. Data Security

We protect your data through:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and least-privilege principles.
  • Infrastructure hosted on Google Cloud Platform with SOC 2 and ISO 27001 certifications.
  • Regular security reviews and dependency updates.
  • Separate, isolated environments for each client.

No system is 100% secure. If we discover a breach affecting your data, we will notify you promptly in accordance with applicable law.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. When you terminate your account or disconnect an integration, we delete the associated data within 30 days, unless retention is required by law. Backups are purged on a rolling schedule.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your data in certain circumstances.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@bygenai.com. We will respond within 30 days.

9. International Data Transfers

Our Services are hosted in the United States. If you access the Services from outside the United States, your data may be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with this policy.

10. Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we may also notify you by email.

12. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

ByGenAI, Inc.
Email: privacy@bygenai.com
Website: https://bygenai.com