ByteKodex Privacy Policy

ByteKodex LLC | Privacy Policy — Confidential

IMPORTANT: This Privacy Policy applies to clients and users of ByteKodex LLC's CRM platform. ByteKodex is registered in Wyoming and serves clients operating primarily in the United States, with particular operations in the states of Illinois and Wyoming. This document reflects applicable federal and state privacy laws in effect as of the date above.

1. Introduction
Welcome to ByteKodex LLC ("ByteKodex," "we," "our," or "us"). We are a limited liability company registered in the State of Wyoming, providing specialized Customer Relationship Management (CRM) software for the trucking and logistics industry in the United States.
This Privacy Policy explains how we collect, use, protect, disclose, and handle your information when you use our CRM platform and related services (collectively, the "Services"). It also explains your rights under applicable U.S. federal and state privacy laws, with specific attention to the laws of California, Illinois, Wyoming, Virginia, Colorado, Connecticut, Texas, and other states with active privacy legislation.
ByteKodex operates in a dual capacity:
* As a Data Controller regarding the Account Data (billing and contact information) we collect directly from our clients.
* As a Data Processor or Service Provider regarding CRM Service Data, which we process solely on behalf of and at the direction of our clients (the Data Controllers for that data).

2. Information We Collect
We collect only the information strictly necessary to provide our CRM functionalities. We do not collect data beyond what is described in this section.
2.1 Account & Billing Information (Data We Control)
When you create or maintain a ByteKodex account, we collect:
* Full legal name and business name
* Business email address and phone number
* Mailing address for invoicing and legal notices
* Invoice records for software subscription usage
We do not collect, store, or process any personal financial information. We do not handle credit card numbers, bank account details, ACH/routing numbers, or any payment instrument data. All payment processing is handled by our third-party payment processor (see Section 6.3).
2.2 CRM Service Data (Data You Control)
Data that you, the client, input into our CRM to manage your logistics business. This data is processed by ByteKodex exclusively on your behalf. It may include, but is not limited to:
* Business identifiers (e.g., USDOT numbers, MC numbers, EINs/Tax IDs)
* Personally Identifiable Information (PII) of your clients, drivers, or contractors, such as Social Security Numbers (SSNs), phone numbers, and email addresses
* Fleet information including Vehicle Identification Numbers (VINs) and unit details
* Third-party platform credentials stored in the "Users and Passwords" module
* Documents and files uploaded to the platform archive
Note on SSNs: The collection of Social Security Numbers (SSNs) within your CRM instance is done at your direction and under your control as the Data Controller. ByteKodex implements strict technical safeguards for this data as described in Section 7.

3. Cookies and Tracking Technologies
Our use of tracking technologies is strictly limited to what is operationally essential.
* Authentication Cookies Only: We use first-party session cookies exclusively to store authentication tokens required to securely log you into the platform and maintain your active session.
* No Third-Party Tracking: We do not use third-party cookies, tracking pixels, web beacons, analytics trackers (e.g., Google Analytics), behavioral advertising cookies, or session recording tools.
* No Cross-Site Tracking: We do not track your browsing activity across other websites or services.
You may disable cookies in your browser settings; however, doing so will prevent you from logging into the platform, as authentication cookies are essential for core functionality.

4. How We Use Your Information
We use the information collected strictly for the following operational purposes. We do not use your data for advertising, profiling, or any purpose not listed here.
* To provision, operate, maintain, and secure the ByteKodex CRM platform
* To enable you to manage your fleet, sales pipeline, clients, contractors, and documentation internally
* To generate administrative invoices for your software subscription
* To provide technical support, diagnose issues, and respond to user inquiries
* To send service-critical notifications (e.g., security alerts, scheduled maintenance, policy changes)
* To comply with our legal obligations under applicable federal and state law
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Sharing and Disclosure
5.1 General Principle: We Do Not Sell Your Data
ByteKodex does not sell, rent, lease, or trade your Personal Information or CRM Service Data to any third party. This includes "sales" as defined under the California Consumer Privacy Act (CCPA/CPRA), and similar definitions under other state laws.
5.2 No External API Integrations
Our software operates entirely within a closed infrastructure. We do not transmit, share, synchronize, or expose your data to any external third-party APIs, external GPS fleet tracking systems, external dispatch networks, or external accounting software.
5.3 Subprocessors
Although we do not integrate with third-party business applications, we use a limited number of infrastructure and operational vendors who may process data on our behalf as subprocessors. These include:
* Cloud Hosting Provider: Our platform is hosted on servers provided by a U.S.-based cloud infrastructure provider. All data remains hosted within the United States.
* Email Delivery Service: A transactional email provider is used exclusively to deliver system-generated notifications and invoices to your registered email address.
* Payment Processor: A PCI-DSS compliant third-party processor handles all subscription payment transactions. ByteKodex never receives or stores your payment card data.
All subprocessors are bound by contractual Data Processing Agreements (DPAs) that prohibit them from using your data for any purpose other than providing services to ByteKodex. A current list of subprocessors is available upon written request at info@bytekodex.com.
5.4 Legal Disclosure
We may disclose your information when legally compelled to do so, specifically in response to: a valid subpoena, court order, warrant issued by a court of competent jurisdiction, or a binding request from a federal, state, or local law enforcement authority with proper jurisdiction. When legally permitted, we will notify you of such a request before complying.

6. Data Security
Given that our platform handles highly sensitive information including SSNs, EINs, and third-party access credentials, we implement robust, layered security controls. Our security program includes the following specific measures:
6.1 Encryption
* Data in Transit: All communications between your browser and our servers are encrypted using TLS 1.2 or higher, ensuring that data cannot be intercepted during transmission.
ByteKodex does not currently implement application-level encryption for data at rest. Data stored within the platform is protected through the physical and logical security controls provided by our U.S.-based hosting infrastructure provider. We are actively evaluating additional at-rest encryption measures as part of our ongoing security roadmap.
6.2 Access Controls
* User Roles: The platform supports user role configuration. Access controls, including which users may view sensitive data fields such as SSNs and third-party credentials, are configured by the client administrator according to their own internal access policies. ByteKodex provides the tooling; the client is responsible for defining and enforcing access scope within their instance.
* Client Responsibility: As the Data Controller for CRM Service Data, clients bear responsibility for configuring appropriate access permissions for their staff and for ensuring that access to sensitive fields is granted only to authorized personnel.
* Administrative Access: ByteKodex personnel access to production systems is restricted to authorized staff for the purpose of maintenance and support only, and is subject to internal access controls.
Important: ByteKodex does not currently offer multi-factor authentication (MFA) or application-level masking of sensitive identifiers such as SSNs within the platform interface. We strongly recommend that clients restrict access to sensitive data fields through their role configuration settings and implement organizational access controls appropriate to the sensitivity of the data they manage.
* 6.3 Infrastructure
* Our hosting infrastructure is located entirely within the continental United States.
* We conduct regular security vulnerability assessments and patch critical vulnerabilities within 72 hours of identification.
* Data backups are encrypted and stored in a geographically separate location within the United States.
No system is 100% secure. While we implement industry-leading safeguards, no electronic storage or transmission over the Internet can be guaranteed to be completely secure. In the event of a breach, we will follow the notification procedures described in Section 7.

7. Data Breach Notification
In the event of a security incident involving unauthorized access to, or disclosure of, Personal Information or CRM Service Data, ByteKodex will:
* Contain and assess the incident within 24 hours of discovery.
* Notify affected clients without unreasonable delay, and in no event later than the applicable state-mandated deadline (see below).
* Provide a written incident report describing: the nature of the breach, the categories and approximate number of individuals affected, the data categories involved, the likely consequences, and the remediation measures taken.
* Report to the appropriate state Attorney General or regulatory authority as required by law.
7.1 State-Specific Notification Timelines
ByteKodex complies with the following applicable state breach notification laws:
* Wyoming (Wyo. Stat. §40-12-501 et seq.): Notification within 45 days of discovery of a breach affecting Wyoming residents.
* Illinois (815 ILCS 530, Personal Information Protection Act): Notification in the most expedient time possible and without unreasonable delay following discovery and investigation.
* California (Cal. Civ. Code §1798.29 / §1798.82): Notification within a reasonable timeframe; California AG must be notified if breach affects more than 500 California residents.
* Virginia (Va. Code §18.2-186.6): Notification without unreasonable delay, and within 60 days of discovery.
* All Other States: We comply with the breach notification law of each state in which an affected individual resides, applying the most stringent applicable deadline.

8. Data Retention
8.1 Account Data
We retain Account Data (billing contacts, invoices) for the duration of your active subscription plus seven (7) years, as required for standard U.S. business and tax record-keeping obligations under federal and state law (including IRS regulations).
8.2 CRM Service Data
CRM Service Data is retained according to your instructions as the Data Controller. Upon account termination for any reason:
* You will receive a final data export in a machine-readable format (CSV/JSON) within 14 calendar days of account termination.
* All live CRM Service Data will be permanently deleted from active production systems within 30 calendar days of account termination.
* Encrypted backup copies containing your CRM Service Data will be purged within 90 calendar days of account termination.
* We will provide written confirmation of deletion upon request.
You may also request permanent deletion of specific data fields at any time during your active subscription by submitting a written request to info@bytekodex.com. We will process such requests within 30 calendar days.

9. Children's Privacy (COPPA Compliance)
Our Services are intended strictly for business use by adults aged 18 or older. We do not knowingly collect, maintain, or use Personal Information from children under the age of 13, in accordance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §6501 et seq.
If you are a parent or guardian and believe that we have inadvertently collected information from a child under 13, please contact us immediately at info@bytekodex.com. We will promptly and securely delete such information from our systems.

10. U.S. State Privacy Rights
ByteKodex is committed to honoring privacy rights under all applicable state laws. The following sections describe your rights depending on your state of residence or operation. These rights apply to Account Data that ByteKodex holds about you as a direct client. For rights regarding data within your CRM instance, please refer to Section 10.7.
10.1 General Rights (Applicable in All States We Serve)
Regardless of your state of residence, ByteKodex recognizes the following baseline rights for Account Data we hold about you:
* Right to Know: You may request a copy of the personal information we hold about you.
* Right to Correct: You may request correction of inaccurate personal information.
* Right to Delete: You may request deletion of your personal information, subject to our legal retention obligations.
* Right to Non-Discrimination: We will not deny you service, charge you a different price, or provide a degraded level of service because you exercised a privacy right.
To exercise any of these rights, submit a written request to info@bytekodex.com. We will acknowledge your request within 10 business days and fulfill it within 45 calendar days (extendable by an additional 45 days with notice if necessary).
10.2 California (CCPA/CPRA) — Cal. Civ. Code §1798.100 et seq.
California residents have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
* Right to Know (Detailed): The specific categories of personal information collected, the purposes for collection, and the categories of third parties with whom it is shared.
* Right to Opt-Out of Sale/Sharing: Although ByteKodex does not sell or share personal information for cross-context behavioral advertising, you may submit an opt-out request at any time (see Section 12).
* Right to Limit Use of Sensitive Personal Information: You may request that we limit processing of sensitive data (e.g., SSNs) to purposes strictly necessary for the service.
* Right to Correct: Request correction of inaccurate personal information.
* Right to Delete: Request deletion of personal information subject to applicable exceptions.
* Right to Non-Retaliation: We will not retaliate against you for exercising your CCPA/CPRA rights.
Authorized Agent: You may designate an authorized agent to submit CCPA requests on your behalf by providing written authorization or a power of attorney. We may require verification of your identity and the agent's authorization before processing the request.
10.3 Illinois — 815 ILCS 530 (PIPA) & 740 ILCS 14 (BIPA)
Illinois residents have specific rights under the Illinois Personal Information Protection Act (PIPA) and, where applicable, the Biometric Information Privacy Act (BIPA):
* Under PIPA: Illinois residents are entitled to timely notification in the event of a data breach involving their Personal Information (see Section 7). "Personal Information" under Illinois law specifically includes first name or initial plus last name, combined with SSN, driver's license number, account numbers, medical information, or username/email plus password.
* Under BIPA: ByteKodex does not collect, store, or process any biometric identifiers or biometric information (including fingerprints, retina or iris scans, voiceprints, or face geometry scans). BIPA therefore does not currently apply to our platform. Should we ever introduce features requiring biometric data, we will update this Policy and obtain explicit written consent from affected Illinois residents before collection.
* Illinois residents may exercise the General Rights described in Section 10.1 by contacting us at info@bytekodex.com.
10.4 Wyoming — Wyo. Stat. §40-12-501 et seq.
Wyoming residents have rights under Wyoming's data privacy and breach notification framework:
* ByteKodex is registered in Wyoming and fully complies with the Wyoming Consumer Protection Act and the Wyoming Data Security Breach Notification Act.
* In the event of a breach, Wyoming residents will be notified within 45 days of discovery as required by Wyo. Stat. §40-12-502.
* Wyoming residents may exercise the General Rights described in Section 10.1 by contacting us at info@bytekodex.com.
10.5 Virginia (VCDPA) — Va. Code §59.1-575 et seq.
Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a portable copy of their personal data, and the right to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of solely automated decisions with legal effects. ByteKodex does not engage in any of these activities.
10.6 Other States with Active Privacy Legislation
ByteKodex applies the following general approach for residents of other states with enacted or effective privacy laws, including but not limited to Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Montana (MCDPA), Oregon (OCPA), Delaware (DPDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), New Hampshire, and New Jersey:
* We honor access, correction, deletion, and portability requests from residents of all states with enacted privacy legislation.
* We do not sell personal data or conduct targeted advertising.
* We do not engage in automated profiling with legal or significant effects.
* We do not discriminate against users who exercise their privacy rights.
The absence of your state in the specific sections above does not mean your rights are not recognized. Submit any privacy request to info@bytekodex.com and we will respond in compliance with your state's applicable law.
10.7 Rights Regarding CRM Service Data
Because ByteKodex processes CRM Service Data as a Data Processor on behalf of our clients (the Data Controllers), we are not in a position to directly fulfill individual privacy requests from third parties whose data may appear within a client's CRM instance (e.g., a driver or contractor whose information was entered by a logistics company client). If you are such an individual seeking to exercise your rights, you must contact the logistics company directly. ByteKodex will cooperate with our client to assist in fulfilling valid requests as required by applicable law.

11. Do Not Sell or Share My Personal Information
ByteKodex does not sell, share, or otherwise disclose your Personal Information for monetary or other valuable consideration, and does not share your data for cross-context behavioral advertising purposes.
Notwithstanding the above, you may submit a formal Do Not Sell or Share request at any time by:
* Emailing us at info@bytekodex.com with the subject line: "Do Not Sell Request"
* Writing to us at: ByteKodex LLC, 30 N Gould St Ste R, Sheridan, WY 82801
We will process your request within 15 business days and will not discriminate against you for exercising this right.

12. International Data Transfers
ByteKodex's servers and infrastructure are located entirely within the continental United States. We do not currently transfer personal data outside of the United States.
If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. U.S. privacy laws may differ from the laws of your country. By using our Services, you consent to the transfer of your information to the United States as described in this Policy.
In the event that ByteKodex expands operations and begins transferring data internationally in the future, we will update this Policy and implement appropriate safeguards, including Standard Contractual Clauses (SCCs) or equivalent mechanisms, as required.

13. Data Processing Agreements (DPAs)
Enterprise clients, or clients operating in regulated industries or under contracts that require it, may request a formal Data Processing Agreement (DPA) with ByteKodex. A DPA supplements this Privacy Policy and contractually defines the specific terms under which ByteKodex processes CRM Service Data on your behalf, including:
* The subject matter, duration, nature, and purpose of processing
* The types of personal data and categories of data subjects involved
* Your obligations as Data Controller and ByteKodex's obligations as Data Processor
* Specific security requirements and subprocessor authorization
* Breach notification procedures
To request a DPA, please contact info@bytekodex.com with the subject line: "DPA Request."

14. Changes to This Privacy Policy
ByteKodex reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational structure.
For material changes (i.e., changes that meaningfully affect your rights, the categories of data we collect, or our data sharing practices), we will:
* Notify you via email to your registered account address at least 30 calendar days before the changes take effect.
* Display a prominent notice on our platform login page.
* Update the "Effective Date" and "Last Reviewed" date at the top of this document.
For non-material changes (e.g., typographical corrections, clarifications that do not alter your rights), we will update the "Last Reviewed" date without advance email notice.
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree with the updated Policy, you should discontinue use of our Services and contact us to exercise your data deletion rights.
We maintain an archive of all prior versions of this Privacy Policy. You may request any prior version by contacting us at info@bytekodex.com.

15. Contact Information
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data handling practices, please contact us through any of the following channels:

Company: ByteKodex LLC
Privacy Contact: Privacy & Compliance Team
Email: info@bytekodex.com
Subject Line for Privacy Requests: "Privacy Request — [Your Name]"
Mailing Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States

We are committed to resolving privacy concerns promptly. You will receive an acknowledgment of your inquiry within 5 business days and a substantive response within the timeframes specified in this Policy.
If you are not satisfied with our response, you may have the right to lodge a complaint with your state's Attorney General office or relevant data protection authority, depending on your state of residence.