Bystro Privacy Policy

1. Information We Collect

We collect different types of information when you use the Website. This includes information you provide directly, information we collect automatically from your device and use of the Website, and information collected through cookies and similar technologies. The specific categories are described below.

• Account and profile information (such as your name, email address, and any other details you choose to provide when you create an account, sign in, or otherwise interact with the Website).
• Usage and device information, including login time, browser type, IP address, operating system, device identifiers, pages viewed, referring/exit pages, and information about how you navigate and interact with the Website.
• Support and communications information, such as the content of emails or messages you send to our support team and related metadata (for example, time and date of contact).
• Optional storage of datasets or other files that you explicitly upload or request us to store as part of your use of the Bystro SaaS platform (for example, annotated results or configuration files).

We do not intentionally collect certain categories of especially sensitive information through the Website, including:

• Protected Health Information (PHI) or clinical records as defined under applicable health privacy laws.
• Identifiable genomic data (for example, genetic sequences or variant information that are linked, or reasonably linkable, to an identified or identifiable individual).
• Personal data that we know belongs to minors, including children and teenagers, in connection with use of the Website.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Website and related services, including creating and managing your account, authenticating your login, and enabling core platform functionality.
• To monitor, analyze, and improve product performance and user experience, including troubleshooting, analytics, testing, and research.
• To communicate with you, including responding to requests or questions, sending service or account notices, and providing information about updates or changes to the Website.
• To protect the security, integrity, and availability of the Website, including detecting, preventing, and responding to security incidents, abuse, fraud, or other malicious activity.
• To send you marketing communications, product updates, announcements, and other information about Bystro, where you have given us consent to do so.

We do not sell your personal information for monetary compensation. However, we may "share" or process your information for "targeted advertising" (as those terms are defined under state laws) through our use of third-party cookies or analytics.

3. AI Observability

We collect and retain AI conversation logs and related usage information to maintain service quality, ensure the reliability and safety of the Website, and improve the platform. These logs help us understand usage patterns, identify and fix issues, and enhance our AI capabilities. Where feasible, we aggregate or de-identify this information for analytics and improvement purposes.

4. Research and Data Analysis Service

If you purchase or subscribe to Bystro's research and data analysis service ("Service"), that relationship will be governed by Bystro's Terms of Service and, in applicable states, our Consumer Health Data Privacy Policy and not this Privacy Policy.

5. Cookies

We use cookies and similar technologies that are strictly necessary to authenticate users, keep you signed in, and protect your account and our systems. If you disable these essential cookies in your browser settings, you will not be able to log in or use key features of the service. For information about other types of cookies and your choices, please see the "Cookies and Online Tracking Technologies" section above.

We recognize the Global Privacy Control (GPC) signal. If your browser or device transmits a GPC opt-out preference signal, we will treat it as a valid request to opt out of the sale and sharing of your personal data. We do not currently sell personal data; the GPC signal will be logged and honored accordingly. We also respond to Do Not Track signals by not engaging in cross-context behavioral advertising.

6. Data Sharing

We may share or disclose limited account, usage, and support information with third parties as reasonably necessary to operate the Website, protect our rights, and comply with law, including:

• Service providers (for example, cloud hosting and storage providers, analytics providers, email and customer support platforms, and other vendors who help us operate, secure, and improve the Website). These providers are contractually obligated to use personal information only to provide services to us and to protect it appropriately.
• Security vendors and related providers who assist with monitoring, detecting, investigating, or responding to security incidents, fraud, or abuse, and who are similarly bound to protect the information they handle on our behalf.
• Courts, law enforcement, regulators, government authorities, or other third parties when we believe disclosure is necessary or appropriate to comply with applicable law or legal process (such as a subpoena or court order) or to protect the rights, property, or safety of Bystro, our users, or others.
• Other parties with your consent or at your direction.
• Our affiliates and corporate group entities, in which case they will handle your information in accordance with this Privacy Policy.
• Another company in connection with or during negotiations related to any merger, financing, acquisition, reorganization, sale, transfer, or other disposition of all or a portion of our business or assets.

We do not share datasets you upload for analysis with third parties for their own independent purposes. Any access by service providers or security vendors to such datasets is solely to provide services to us and is subject to the confidentiality and security obligations described above.

7. Your Rights

Depending on where you live and the laws that apply to you, you may have certain rights regarding your personal information. These may include the ability to access, correct, delete, or restrict certain uses of your information, as described below.

• Access to your data, including information about the categories of personal information we collect, the sources of that information, and, in some cases, specific pieces of personal information we hold about you.
• Correction of your data if it is inaccurate or incomplete.
• Deletion of your data, subject to certain exceptions (for example, where we are legally required or permitted to retain it for security, fraud prevention, or recordkeeping). We retain data only as long as needed for the purposes described.
• Restriction or objection to certain processing, including where applicable law gives you the right to opt out of specific uses of your personal information.
• Requesting a copy of certain personal information in a portable, readily usable format, where required by law.
• Opting out of the "sale," "sharing," or use of your personal information for targeted advertising or cross-context behavioral advertising, to the extent those concepts apply to our Website under applicable state law. As noted above, we do not sell your personal information for money or allow third parties to use it for their own advertising.

The Supplemental Privacy Notice attached to this Policy addresses additional rights that apply to residents of the following states: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, and Utah. To exercise any of these rights, you may contact our support team at team@bystro.io or through any request form or in-product mechanism we may make available. We may need to verify your identity (for example, by confirming your email address or asking for limited additional information) before fulfilling your request. Bystro will respond to consumer request within 45 calendar days for most states with up to one 45-day extension upon notice provided by Bystro, and 30 days for Nevada consumer health data deletion requests and California data broker requests (where applicable). Where permitted by law, you may also authorize someone to submit a request on your behalf, and we may require proof of your authorization. We will not discriminate against you for exercising any of your privacy rights.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect account and other personal information from accidental loss and from unauthorized access, use, alteration, or disclosure. These measures may include encryption in transit, access controls, logging, and regular security reviews. However, no method of transmission over the internet or method of electronic storage is perfectly secure. Although we work hard to protect your information, we cannot guarantee absolute security. Any transmission of information to or through the Website is at your own risk.

9. International Transfers

Your information may be transferred to, stored, or processed in countries or jurisdictions that may have data protection laws that are different from the laws of your state, province, or country. Where required by applicable law, we implement appropriate safeguards (such as contractual protections) to help ensure that your personal information remains protected.

10. Children's Privacy

The Website is intended for use by individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18 through the Website. If you believe that a child or minor has provided us with personal information in connection with the Website please contact us at team@bystro.io so that we can take appropriate steps to delete the information.

11. Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of the Website. When we make changes, we will revise the "Updated" date at the top of this page. In some cases, we may also provide additional notice (such as by posting a notice on the Website or sending you a notification, where required by law). Your continued use of the Website after any changes become effective means that you accept the updated Privacy Policy.