Bystro Privacy Policy

1. Information We Collect

We collect different types of information when you use the Website. This includes information you provide directly, information we collect automatically from your device and use of the Website, and information collected through cookies and similar technologies. The specific categories are described below.

• Account and profile information (such as your name, email address, and any other details you choose to provide when you create an account, sign in, or otherwise interact with the Website).
• Usage and device information, including login time, browser type, IP address, operating system, device identifiers, pages viewed, referring/exit pages, and information about how you navigate and interact with the Website.
• Support and communications information, such as the content of emails or messages you send to our support team and related metadata (for example, time and date of contact).
• Optional storage of datasets or other files that you explicitly upload or request us to store as part of your use of the Bystro SaaS platform (for example, annotated results or configuration files).

We do not intentionally collect certain categories of especially sensitive information through the Website, including:

• Protected Health Information (PHI) or clinical records as defined under applicable health privacy laws.
• Identifiable genomic data (for example, genetic sequences or variant information that are linked, or reasonably linkable, to an identified or identifiable individual).
• Personal data that we know belongs to minors, including children and teenagers, in connection with use of the Website.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Website and related services, including creating and managing your account, authenticating your login, and enabling core platform functionality.
• To send you marketing communications, product updates, announcements, and other information about Bystro, where you have given us consent to do so.
• To monitor, analyze, and improve product performance and user experience, including troubleshooting, analytics, testing, and research.
• To communicate with you, including responding to requests or questions, sending service or account notices, and providing information about updates or changes to the Website.
• To protect the security, integrity, and availability of the Website, including detecting, preventing, and responding to security incidents, abuse, fraud, or other malicious activity.

We do not sell your personal information for money, and we do not share your personal information with third parties for their own advertising or cross-context behavioral advertising purposes.

3. AI Observability

We collect and retain AI conversation logs and related usage information to maintain service quality, ensure the reliability and safety of the Website, and improve the platform. These logs help us understand usage patterns, identify and fix issues, and enhance our AI capabilities. Where feasible, we aggregate or de-identify this information for analytics and improvement purposes.

4. Genomic & Research Data

For the hosted software-as-a-service (SaaS) version of Bystro (separate from our public marketing Website), you may choose to upload genomic or research datasets using our tools. In that context:

• Input genomic data you submit for annotation or similar processing is deleted from our active systems immediately after the annotation or processing workflow completes, subject to technical logs and backups retained for security and operational integrity.
• Derived results, annotations, and other uploaded data (for example, your project files or configuration information) are retained in your account until you delete them or request that we delete them, subject to applicable legal requirements and our internal retention policies.
• Our Terms of Service apply to your use of these services.

For enterprise or on-premise deployments, all genomic and research data generally remains within customer-controlled infrastructure, subject to the terms of your agreement with us. Our access to such data, if any, is limited and governed by that agreement.

5. Cookies

We use cookies and similar technologies that are strictly necessary to authenticate users, keep you signed in, and protect your account and our systems. If you disable these essential cookies in your browser settings, you will not be able to log in or use key features of the service. For information about other types of cookies and your choices, please see the "Cookies and Online Tracking Technologies" section above.

6. Data Sharing

We may share or disclose limited account, usage, and support information with third parties as reasonably necessary to operate the Website, protect our rights, and comply with law, including:

• Service providers (for example, cloud hosting and storage providers, analytics providers, email and customer support platforms, and other vendors who help us operate, secure, and improve the Website). These providers are contractually obligated to use personal information only to provide services to us and to protect it appropriately.
• Security vendors and related providers who assist with monitoring, detecting, investigating, or responding to security incidents, fraud, or abuse, and who are similarly bound to protect the information they handle on our behalf.
• Courts, law enforcement, regulators, government authorities, or other third parties when we believe disclosure is necessary or appropriate to comply with applicable law or legal process (such as a subpoena or court order) or to protect the rights, property, or safety of Bystro, our users, or others.
• Other parties with your consent or at your direction.
• Our affiliates and corporate group entities, in which case they will handle your information in accordance with this Privacy Policy.
• Another company in connection with or during negotiations related to any merger, financing, acquisition, reorganization, sale, transfer, or other disposition of all or a portion of our business or assets.

We do not share datasets you upload for analysis with third parties for their own independent purposes. Any access by service providers or security vendors to such datasets is solely to provide services to us and is subject to the confidentiality and security obligations described above.

7. Your Rights

Depending on where you live and the laws that apply to you, you may have certain rights regarding your personal information. These may include the ability to access, correct, delete, or restrict certain uses of your information, as described below.

• Access to your data, including information about the categories of personal information we collect, the sources of that information, and, in some cases, specific pieces of personal information we hold about you.
• Correction of your data if it is inaccurate or incomplete.
• Deletion of your data, subject to certain exceptions (for example, where we are legally required or permitted to retain it for security, fraud prevention, or recordkeeping).
• Withdrawing Consent & Unsubscribing. You may withdraw your consent and unsubscribe from marketing emails at any time, free of charge, by clicking the unsubscribe link in any marketing email we send you, or by contacting us at team@bystro.io. Withdrawing consent does not affect the lawfulness of any processing carried out before you withdrew it. We will process unsubscribe requests promptly and no later than 10 business days.
• Restriction or objection to certain processing, including where applicable law gives you the right to opt out of specific uses of your personal information.
• Requesting a copy of certain personal information in a portable, readily usable format, where required by law.
• Opting out of the "sale," "sharing," or use of your personal information for targeted advertising or cross-context behavioral advertising, to the extent those concepts apply to our Website under applicable state law. As noted above, we do not sell your personal information for money or allow third parties to use it for their own advertising.

To exercise any of these rights, you may contact our support team at team@bystro.io or through any request form or in-product mechanism we may make available. We may need to verify your identity (for example, by confirming your email address or asking for limited additional information) before fulfilling your request. Where permitted by law, you may also authorize someone to submit a request on your behalf, and we may require proof of your authorization. We will not discriminate against you for exercising any of your privacy rights.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect account and other personal information from accidental loss and from unauthorized access, use, alteration, or disclosure. These measures may include encryption in transit, access controls, logging, and regular security reviews. However, no method of transmission over the internet or method of electronic storage is perfectly secure. Although we work hard to protect your information, we cannot guarantee absolute security. Any transmission of information to or through the Website is at your own risk.

9. International Transfers

Your information may be transferred to, stored, or processed in countries or jurisdictions that may have data protection laws that are different from the laws of your state, province, or country. Where required by applicable law, we implement appropriate safeguards (such as contractual protections) to help ensure that your personal information remains protected.

10. Children's Privacy

The Website is intended for use by individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18 through the Website. If you believe that a child or minor has provided us with personal information in connection with the Website please contact us at team@bystro.io so that we can take appropriate steps to delete the information.

11. Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of the Website. When we make changes, we will revise the "Updated" date at the top of this page. In some cases, we may also provide additional notice (such as by posting a notice on the Website or sending you a notification, where required by law). Your continued use of the Website after any changes become effective means that you accept the updated Privacy Policy.