1. Introduction & Scope

This document details the policies of Bytes Mobile Inc., governing our AIoT Platform, including all connected hardware, embedded software, cloud services, APIs, and associated support (collectively, "Services"). By accessing, using, or interacting with any part of our Services, you explicitly agree to adhere to these comprehensive policies. We urge all users, customers, and partners to review them diligently.

These policies are universally applicable to all individuals and entities utilizing or interacting with our Services. They are designed to foster a secure, reliable, and legally compliant environment for all AIoT deployments.

Governing Law: These policies shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles.

2. Data Policy (Privacy & Handling)

Bytes Mobile is deeply committed to protecting your privacy and ensuring the responsible, secure, and transparent handling of all data processed through our AIoT platform and services.

2.1. Roles in Data Processing:

• Customer (Data Controller/Business): You, as our enterprise customer, are typically the "Data Controller" (under GDPR and similar laws) or "Business" (under U.S. state privacy laws). This means you determine the purposes and means of processing the operational data collected via your AIoT deployments using our Services. You are primarily responsible for complying with privacy laws regarding the data subjects whose personal data you collect.
• Bytes Mobile (Data Processor/Service Provider): Bytes Mobile acts as a "Data Processor" or "Service Provider" on your behalf. We process operational data strictly according to your documented instructions as outlined in our Service Agreement and any accompanying Data Processing Addendum (DPA).

2.2. Types of Data Collected:

• Operational Telemetry Data: This encompasses the core data generated by your deployed AIoT devices and sensors. Examples include precise sensor readings (temperature, humidity, pressure, air quality), device status and health metrics, environmental parameters, granular location data (GPS, RTLS), video and audio feeds (where specifically configured and enabled by you), and other operational insights directly related to the function of your AIoT deployment. This data is generally owned by you as the customer.
• Platform Usage Data: Information detailing how users interact with the Bytes Mobile AIoT Platform itself. This includes login times, features accessed, API call logs, dashboard configurations, session durations, and user activity patterns. This helps us understand platform engagement and optimize user experience.
• Account & Billing Information: Personal and organizational data provided during account registration and service subscription. This includes names, email addresses, phone numbers, organizational details, billing addresses, payment information, and administrative contact details.
• Technical & Diagnostic Data: Data related to the devices and networks used to access our Services, such as unique device identifiers, IP addresses, browser types, operating systems, software versions, crash reports, and performance metrics. This is crucial for troubleshooting and system stability.
• Aggregated & Anonymized Data: Data that has been processed and de-identified in such a way that it can no longer be reasonably linked back to an individual person or specific customer entity. This form of data is used for broader analytical purposes.

2.3. How Data is Collected:

• Direct Device Ingestion: Operational data is securely transmitted directly from your deployed AIoT devices and sensors to the Bytes Mobile Platform via integrated communication modules.
• User Interaction: Information is gathered through your direct interaction with our web and mobile applications, dashboards, and configuration tools.
• API & Integration Channels: Data is exchanged via secure APIs when our platform integrates with your existing enterprise systems or third-party applications.
• Customer Provisioning: Account and billing information is collected when you initially set up your account and modify your service subscriptions.

2.4. How Data is Used:

• Service Provision & Enhancement: To operate, maintain, and continuously improve the functionality, performance, and reliability of our AIoT Services and platform. This includes processing operational data to provide insights and managing your account.
• Troubleshooting & Support: To diagnose technical issues, respond to customer inquiries, and provide effective technical support.
• Product Development: To analyze usage patterns and identify opportunities for developing new features, modules, and service offerings within the Bytes Mobile ecosystem.
• Billing & Account Management: For invoicing, payment processing, account reconciliation, and administrative communications related to your service.
• Analytics & Research: To monitor and analyze trends, track usage, and conduct research on aggregated and anonymized data to understand market dynamics and improve our overall service offering.
• Legal & Policy Compliance: To comply with legal obligations, respond to lawful requests (e.g., subpoenas, court orders), prevent fraud, protect our rights, your safety, or the safety of others, and enforce our terms and policies.

2.5. Data Sharing & Disclosure:

• With Your Instructions/Consent: We will share operational data strictly based on your instructions or explicit consent as the Data Controller.
• Service Providers: With trusted third-party vendors and service providers (e.g., cloud hosting, data storage, analytics, payment gateways) who perform services on our behalf. These providers are contractually bound by Data Processing Addenda (DPAs) or similar agreements to stringent confidentiality, security, and data protection obligations, and they are only authorized to use your data to fulfill the services they provide to us.
• Legal & Regulatory Compliance: When required by law, subpoena, court order, or other legal process, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, your safety, or the safety of others. This includes compliance with applicable U.S. federal and state data privacy laws.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to continued adherence to data protection principles consistent with these policies.
• Aggregated/Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you or any individual, for research, marketing, or other purposes.

2.6. Your Data Rights & Data Processing Addendum (DPA):

As the Data Controller for your operational data, you are responsible for addressing the data rights of your data subjects (e.g., your employees, end-users, or customers). Bytes Mobile will assist you in fulfilling these rights as required by applicable data protection laws (e.g., GDPR, CCPA/CPRA, and other U.S. state privacy laws) and as stipulated in our Data Processing Addendum.

For enterprise customers processing personal data subject to specific privacy regulations, a separate Data Processing Addendum (DPA) will be incorporated into your Service Agreement, outlining our respective obligations regarding personal data processing, security, and data subject rights.

To exercise rights related to your *account information* (as processed by Bytes Mobile as a Controller), please contact us using the information provided in Section 16.

3. Usage Policy (Acceptable Use & Responsibilities)

This policy outlines the acceptable use of Bytes Mobile Services and your responsibilities as a user.

3.1. Permitted Use:

• Lawful Purposes: Utilizing Services strictly in accordance with all applicable local, national, and international laws, regulations, and industry standards. This includes adherence to applicable U.S. state and federal privacy laws where relevant to your data processing activities.
• Intended Operation: Operating AIoT devices, software, and systems as designed, configured, and intended for your specific business applications.
• Compliance: Adhering to all Bytes Mobile terms of service, contractual agreements, and these published policies.

3.2. Prohibited Use:

• Illegal & Harmful Activities: Engaging in or promoting any activity that is unlawful, fraudulent, defamatory, harassing, abusive, threatening, or harmful to Bytes Mobile, other users, third parties, or public safety.
• Unauthorized Access: Attempting to gain unauthorized access to any part of the Services, user accounts, underlying computer systems, networks, or data not explicitly intended for your access. This includes hacking, phishing, or circumventing security measures.
• Service Interference: Deliberately interfering with or disrupting the integrity, performance, or availability of the Services, our infrastructure, or data contained within. This includes denial-of-service attacks, overwhelming systems, or introducing excessive, meaningless data.
• Malicious Code Distribution: Uploading, transmitting, or distributing any form of malicious code, viruses, worms, Trojan horses, or other harmful programs or components.
• Intellectual Property Infringement: Using Services in any manner that infringes upon or misappropriates the intellectual property rights (including copyrights, trademarks, patents, trade secrets) of Bytes Mobile or any third party.
• Sensitive Data Mismanagement: Collecting, transmitting, storing, or processing sensitive personal data (e.g., health information subject to HIPAA, financial account numbers subject to PCI DSS, children's data subject to COPPA, government IDs) without ensuring explicit legal consent from data subjects and strict adherence to all relevant industry-specific privacy laws and regulations. You acknowledge that if you process Protected Health Information (PHI) via our Services, a separate Business Associate Agreement (BAA) must be executed.
• Unethical or Unlawful AIoT Deployment: Deploying AIoT devices or systems in a manner that:
  • Violates reasonable privacy expectations of individuals (e.g., unauthorized surveillance in private spaces).
  • Contravene local laws, ordinances, or regulations related to data collection, public monitoring, or device deployment.
  • Creates a public nuisance, safety hazard, or unreasonable disturbance.
  • Is intended for or facilitates discriminatory practices.
• Commercial Exploitation without Consent: Reselling, sublicensing, leasing, renting, or otherwise commercially exploiting any part of the Services to third parties without explicit prior written consent from Bytes Mobile.

3.3. Your Responsibilities:

• Account Security: Maintaining the strict confidentiality and security of your account credentials (usernames, passwords, API keys) and being solely responsible for all activities that occur under your account, whether authorized or unauthorized.
• Device Management: Ensuring that your AIoT devices are properly configured, maintained, secured, and operated in accordance with manufacturer guidelines and best practices.
• Legal Compliance: Obtaining all necessary legal consents, permits, licenses, and adhering to all applicable laws and regulations concerning data collection, privacy (including obtaining all required data subject consents), and surveillance in your specific AIoT deployments.
• Notification of Breach: Promptly notifying Bytes Mobile of any suspected unauthorized use of your account, any security breaches related to our Services, or any potential vulnerabilities you discover.

4. Security Policy

Bytes Mobile considers the security of your data and our Services paramount. We implement a robust, multi-layered security framework designed to protect the confidentiality, integrity, and availability of all information and systems.

• Data Encryption: All data transmitted between your devices, the Bytes Mobile Platform, and user interfaces is encrypted in transit using industry-standard Transport Layer Security (TLS/SSL) protocols. Data stored at rest within our platform infrastructure is also encrypted using advanced encryption standards (AES-256) where applicable, to prevent unauthorized access.
• Access Controls & Authentication: We enforce strict access controls based on the principle of least privilege. User access is managed through role-based access control (RBAC), ensuring that individuals only have access to the resources and data necessary for their role. Multi-Factor Authentication (MFA) is strongly encouraged and available for all user accounts, adding an extra layer of security beyond just passwords.
• Network Security: Our infrastructure is protected by comprehensive network security measures, including enterprise-grade firewalls, intrusion detection and prevention systems (IDS/IPS), and DDoS mitigation services. Network segmentation is utilized to isolate critical systems and data, minimizing the impact of potential breaches.
• Physical Security: Our cloud hosting providers (e.g., AWS, Azure, Google Cloud) adhere to the highest global physical security standards, including biometric access controls, 24/7 surveillance, environmental controls, and redundant power systems, safeguarding the physical infrastructure housing your data.
• Incident Response & Management: Bytes Mobile maintains a well-defined and regularly tested incident response plan. This plan includes documented procedures for the rapid detection, thorough analysis, effective containment, complete eradication, swift recovery, and post-incident review of security incidents, ensuring prompt and effective mitigation of any threats.
• Adherence to Security Frameworks: Bytes Mobile aligns its security practices with recognized industry standards and frameworks, suchs as the NIST Cybersecurity Framework, and is committed to pursuing or maintaining relevant certifications (e.g., SOC 2, ISO 27001) to demonstrate our dedication to information security.
• Regular Security Audits & Updates: Our systems are subject to continuous monitoring for vulnerabilities. We perform regular security patching, comprehensive vulnerability assessments, and engage independent third-party experts for penetration testing and security audits to identify and remediate potential weaknesses proactively, adhering to best security practices.
• Data Backups & Disaster Recovery: Comprehensive and regular data backup procedures are in place, combined with robust disaster recovery plans designed to ensure business continuity and minimal data loss in the event of a catastrophic system failure or regional outage. Backups are also encrypted.
• Customer Security Responsibilities: While Bytes Mobile secures the platform, you are responsible for securing your own AIoT devices (e.g., configuring strong, unique passwords; implementing physical security measures where devices are deployed), your local networks, and your account credentials to prevent unauthorized access and data breaches on your end.

5. Data Retention Policy

Bytes Mobile retains data collected through our Services only for as long as necessary to fulfill the specific purposes for which it was collected, to effectively provide our Services, to comply with our extensive legal and regulatory obligations, and for other legitimate business purposes.

• Operational Telemetry Data: This data is retained based on your specific subscription plan and any configurable data retention settings you choose within the Bytes Mobile Platform. Upon the termination of your service agreement, your customer operational data will be securely deleted or anonymized within a specified timeframe (typically 30-90 days, depending on contractual terms), unless a longer retention period is legally mandated or specifically agreed upon in your service agreement.
• Account & Profile Information: We retain your account and profile information for the entire duration of your active account with Bytes Mobile to manage your service. Following account closure or termination, this data will be retained for an additional period (e.g., up to 7 years) as required for legal, tax, auditing, or accounting purposes.
• Usage Data: Aggregated or anonymized usage data (which cannot be linked back to individual users or specific entities) may be retained for longer periods for general analytical purposes, platform improvement, and internal reporting.
• Deletion Requests: Upon receiving a valid deletion request from a customer regarding their personal or operational data, we will endeavor to delete or anonymize the data within a reasonable timeframe, subject to any overriding legal or contractual obligations for retention.

6. Intellectual Property Rights

All intellectual property rights, including copyrights, trademarks, patents, and trade secrets, in the Bytes Mobile AIoT Platform, underlying software code, documentation, designs, and Services (excluding User Data) are exclusively owned by Bytes Mobile Inc. or its licensors.

• Model Ownership: The intellectual property of the Bytes Mobile AIoT platform, including its core AI models, algorithms, and the AI "brain," is owned exclusively by Bytes Mobile Inc.
• User Data Ownership: You retain all ownership rights to the data you collect, transmit, and store through our Services (referred to as "User Data"). Bytes Mobile acts as a data processor for such data, processing it solely on your behalf and according to your instructions.
• Restrictions: You agree not to copy, modify, adapt, reproduce, distribute, sell, lease, reverse engineer, decompile, or create derivative works from any part of our Services without explicit prior written permission from Bytes Mobile Inc.
• Trademarks: The Bytes Mobile® name, logo, and all related product and service names, design marks, and slogans are registered trademarks or trademarks owned by Bytes Mobile Inc. You may not use these marks without prior written consent.

7. Limitation of Liability & Disclaimer

Bytes Mobile strives to provide highly reliable and high-performing Services. However, our Services are provided on an "as is" and "as available" basis, without warranties or conditions of any kind, either express or implied.

• No Warranties: Bytes Mobile expressly disclaims all warranties, including but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement, and accuracy of data. We do not warrant that the Services will be uninterrupted, error-free, completely secure, or that any defects will be corrected.
• Limitation of Liability: To the fullest extent permitted by applicable law, Bytes Mobile Inc.'s total liability to you for any damages arising out of or related to these policies or the Services, whether in contract, tort (including negligence), or otherwise, shall not exceed the fees paid by you for the Services in the twelve (12) months preceding the event giving rise to the liability. Bytes Mobile Inc. shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data, or other intangible losses, arising out of or in connection with your access to or use of, or inability to access or use, the Services. This limitation applies regardless of the legal theory, and whether or not Bytes Mobile Inc. has been informed of the possibility of such damage.
• Your Responsibility: Your use of the Services is at your sole risk. You are solely responsible for ensuring the appropriateness of AIoT deployments for your specific use cases, the accuracy and legality of the data you collect, and compliance with all applicable laws and regulations in your operations.

8. Changes to These Policies

Bytes Mobile reserves the right to review and modify these policies at any time to reflect changes in our Services, legal requirements, or best practices. We will notify you of any significant changes by posting the updated policies on our official website, through direct email communication, or via other appropriate channels within the Bytes Mobile Platform. Your continued use of the Services after such modifications constitutes your acceptance of the revised policies. We recommend reviewing these policies periodically to stay informed.

9. AI Governance, Ethics, and Human Oversight

Bytes Mobile is deeply committed to the ethical and responsible development and deployment of our AIoT platform. Our AI models, autonomous rules engine, and AI agents are designed to operate under strict governance frameworks that prioritize transparency, accountability, and user safety.

• AI Ethical Principles: We are committed to developing and deploying AI in a manner that is fair, transparent, and beneficial. Our AI systems are designed to avoid bias, operate reliably, and be explainable.
• Human-in-the-Loop: Our platform's rules engine is designed to require a "human in the loop" for all critical and high-stakes autonomous actions. This ensures that you, as the user, maintain ultimate control and oversight over your deployments.
• Accountability: We hold ourselves accountable for the performance and decisions of our AI. In the event of a failure, we are committed to a transparent review process to diagnose and correct the issue.

10. Data Processing for AI/ML

To power our platform's AI capabilities and provide you with predictive insights, we process data in a secure and responsible manner.

• Data Training: We use aggregated and anonymized data from our platform to train and improve our AI models. This process ensures that no identifiable customer or personal data is used to train our general-purpose models, protecting your privacy.
• Unified RAG System: Our Unified RAG system processes data securely within your deployment's defined data space to provide real-time contextual awareness without exposing your data to other users or our general models.
• Third-Party AI Models: Our platform allows you to integrate your own or third-party AI models. The use of these models is subject to their own terms and conditions, and you are responsible for ensuring their compliance with relevant laws.

11. Third-Party LLMs & Generative AI

The Bytes Mobile platform is designed to be extensible, allowing for seamless integration with a choice of pre-integrated Large Language Models (LLMs) and other third-party generative AI services.

• Customer Responsibility: You are responsible for configuring and using any third-party LLM or generative AI service on our platform. Your use of these services is governed by the terms of service, privacy policies, and security practices of the respective third-party provider.
• Data Transmission: We facilitate the secure and encrypted transmission of data from your deployment to the third-party LLM for processing, but we do not store or retain this data beyond the necessary transaction. We will never share your data with a third party without your explicit consent and configuration.
• No Endorsement: Bytes Mobile does not endorse or take responsibility for the content, accuracy, security, or practices of any third-party LLM or generative AI service.

12. Dynamic Pricing and Billing

Our dynamic pricing engine provides unparalleled transparency and precision. We will provide you with a transparent breakdown of all costs associated with your deployment, including platform access, hardware, services, and usage-based metrics.

• Transparent Billing: Our billing system automatically calculates your monthly costs based on a clear and auditable pricing structure.
• Dispute Resolution: In the event of a billing dispute, we will provide you with a detailed report of all usage and costs to facilitate a fair and transparent resolution.

13. Intellectual Property Rights

All intellectual property rights, including copyrights, trademarks, patents, and trade secrets, in the Bytes Mobile AIoT Platform, underlying software code, documentation, designs, and Services (excluding User Data) are exclusively owned by Bytes Mobile Inc. or its licensors.

• Model Ownership: The intellectual property of the Bytes Mobile AIoT platform, including its core AI models, algorithms, and the AI "brain," is owned exclusively by Bytes Mobile Inc.
• User Data Ownership: You retain all ownership rights to the data you collect, transmit, and store through our Services (referred to as "User Data"). Bytes Mobile acts as a data processor for such data, processing it solely on your behalf and according to your instructions.
• Restrictions: You agree not to copy, modify, adapt, reproduce, distribute, sell, lease, reverse engineer, decompile, or create derivative works from any part of our Services without explicit prior written permission from Bytes Mobile Inc.
• Trademarks: The Bytes Mobile® name, logo, and all related product and service names, design marks, and slogans are registered trademarks or trademarks owned by Bytes Mobile Inc. You may not use these marks without prior written consent.

14. Vendor & Partner Policy

Bytes Mobile is a powerful and open ecosystem, and our success is dependent on our partners. We are committed to fostering a secure and trustworthy environment for all third-party vendors and partners. This policy outlines our standards and expectations for all partners who integrate with our platform.

14.1. Partner Obligations:

• Product Quality: All hardware and software products provided by our partners must meet Bytes Mobile's standards for quality, performance, and reliability.
• Data Security: Partners must adhere to Bytes Mobile's security protocols and are contractually obligated to protect customer data with the same diligence as we do.
• Compliance: Partners must comply with all applicable local, national, and international laws and regulations.

14.2. Partner IP & Data:

• Partner IP: Partners retain all ownership of their intellectual property, including their hardware designs, software, and AI models.
• Customer Data Access: Partners may only access customer data with explicit customer consent and only for the purpose of providing their service through the Bytes Mobile platform.

15. Third-Party Warranties & Disclaimer

Bytes Mobile operates an open ecosystem that integrates with numerous third-party products, services, and AI models. It is crucial to understand the limitations of liability and warranties in this context.

• No Third-Party Warranty: Bytes Mobile expressly disclaims all warranties, either express or implied, for any hardware, software, services, or APIs provided by third-party vendors. We are not the manufacturer of third-party products and do not assume liability for their performance, quality, or compliance.
• Passthrough Warranties: To the extent possible, we will pass through to you any warranties provided by the original manufacturer or service provider. However, the resolution of any warranty claim is the sole responsibility of the third-party provider, and you must address any issues directly with them.
• Third-Party Terms: Your use of any third-party product or service, including pre-integrated LLMs, APIs, or hardware from our ecosystem, is subject to the terms and conditions set forth by the respective provider. You are solely responsible for reviewing and complying with those terms.
• Disclaimer of Liability: To the fullest extent permitted by law, Bytes Mobile Inc. shall not be liable for any damages or losses arising from the use of third-party products or services integrated into our platform. This includes failures, security breaches, or performance issues attributable to third-party offerings.