Plain-English summary: Your API keys never leave your device. We don't store your conversations. We don't sell your data. We collect only what's necessary to run the service. Read on for the full details.
01 Who We Are
ByteChat ("we", "us", "our") is a product operated by Byte Chat, based in Singapore. ByteChat.io provides a multi-AI chatroom platform that lets users bring their own API keys from third-party AI providers.
Contact: [email protected]
02 What Data We Collect
We collect minimal data necessary to operate the service:
- Account information (Phase 2): When you create an account, we collect your email address and a display name. This is processed by Clerk (our authentication provider).
- Subscription information (Phase 2): If you subscribe to a paid plan, your payment details are processed by Stripe. We receive only your subscription status and anonymised billing identifiers — never your full card number.
- Usage analytics: Aggregated, anonymous usage data (page views, feature usage counts) collected via privacy-friendly analytics. No personal identifiers are attached.
- Support communications: If you contact us by email, we retain that correspondence to resolve your query.
- Error logs: Technical error reports (stack traces, browser type, timestamp) collected via our error monitoring service. These do not contain message content or API keys.
03 What We Do NOT Collect
We are explicit about what we do not do:
- We do not store your API keys on our servers at any time
- We do not store, log, or read your conversation messages
- We do not sell, rent, or share your personal data with advertisers
- We do not use your data to train AI models
- We do not track you across other websites
- We do not use third-party advertising cookies
04 How Your API Keys Are Handled
This is the most important section of this policy. Here is the exact technical path your API key takes:
- Your API key is entered in the ByteChat app and stored in your browser's
localStorage — on your device only
- When you send a message, your key is passed in the HTTP
Authorization header of a request to our Cloudflare Worker proxy
- The Worker uses the key to make a request to your chosen AI provider (e.g. OpenAI, Anthropic) and streams the response back to you
- The Worker does not log the key, does not write it to any storage, and discards it immediately after the request completes
- Cloudflare's infrastructure processes the request but does not give ByteChat access to request headers stored in logs
In plain terms: Your API key passes through our proxy in memory only, for the duration of one request. It is never written to disk, a database, or any log file that we control.
05 Cookies and Local Storage
ByteChat uses browser localStorage and sessionStorage to save your preferences and conversation history locally on your device. This data stays on your device and is never synced to our servers (in the current version).
Specifically, we store locally:
- Your bot configurations (names, models, API keys, system prompts)
- Your conversation history (messages, timestamps)
- UI preferences (theme, sidebar state)
- Demo usage counter (session only, resets when you close the browser)
We use minimal session cookies for authentication (when signed in via Clerk). We do not use advertising or tracking cookies.
06 Third-Party Services
ByteChat relies on the following third parties. Each has their own privacy policy:
- Cloudflare — infrastructure, CDN, Workers proxy. Privacy policy
- Clerk (Phase 2) — authentication. Privacy policy
- Stripe (Phase 2) — payment processing. Privacy policy
- AI Providers — your messages are sent to whichever provider you configure (OpenAI, Anthropic, etc.). Their privacy policies govern how they handle your message content. We recommend reviewing each provider's policy.
07 Data Retention
- Conversation data: Stored locally on your device. You can delete it at any time from Settings → Clear all conversations.
- Account data (Phase 2): Retained while your account is active. Deleted within 30 days of account deletion request.
- Support emails: Retained for up to 2 years for reference, then deleted.
- Error logs: Retained for 30 days, then automatically purged.
08 Your Rights
Under Singapore's Personal Data Protection Act (PDPA) and applicable international law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Withdraw consent to data processing
- Lodge a complaint with the Personal Data Protection Commission (Singapore)
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
09 Children
ByteChat is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us immediately and we will delete it.
10 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify users via email (when we have your email) or via a notice in the app. Your continued use of ByteChat after changes take effect constitutes acceptance of the updated policy.
11 Contact
For privacy-related enquiries:
- Email: [email protected]
- Response time: within 5 business days
- Governing law: Republic of Singapore