This notice supplements our Privacy Policy for individuals in the European Economic Area, the United Kingdom, and Switzerland (collectively, "EU/UK residents").
1. Controller and processor
BYOV.ai acts as a controller for personal data collected through our website and direct business relationships (e.g. prospect contact details, billing information). BYOV.ai acts as a processor for personal data we handle on behalf of a customer under a written engagement (typically described in a Data Processing Addendum, or "DPA").
2. Your rights
If you are an EU/UK resident, you have the following rights:
- Access — confirm whether we process your data and obtain a copy.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion ("right to be forgotten") where applicable.
- Restriction — limit our processing in certain circumstances.
- Portability — receive data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or direct marketing.
- Withdraw consent — where processing relies on consent, you may withdraw it at any time.
- Lodge a complaint — with your local supervisory authority.
To exercise any of these rights, email privacy@byov.ai. We will respond within 30 days, subject to verification of your identity.
3. Legal bases for processing
- Contract — to deliver services you have engaged us to provide.
- Legitimate interests — to operate, secure, and improve our website and business.
- Consent — for analytics cookies and opt-in communications.
- Legal obligation — to satisfy tax, accounting, and regulatory requirements.
4. International transfers
Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on lawful transfer mechanisms, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and adequacy decisions where applicable.
5. Data Processing Addendum (DPA)
Customers who process EU/UK personal data through our Services may execute our standard DPA, which incorporates the current Standard Contractual Clauses and details our sub-processors and security measures. Request a DPA at legal@byov.ai.
6. Sub-processors
We engage a limited number of vetted sub-processors to host infrastructure, send email, and perform analytics. A current list is available on request. We notify customers of material changes to our sub-processor list with reasonable advance notice.
7. Security and breach notification
We maintain administrative, technical, and organizational safeguards appropriate to the risk. In the event of a personal-data breach, we will notify affected controllers without undue delay, and supervisory authorities and data subjects where required by law.
8. AI-specific considerations
BYOV.ai builds AI capability around customer workflows. Where personal data is used to train, fine-tune, or evaluate AI components, we will document the lawful basis, minimize data used, and apply contractual and technical safeguards. We do not use customer data to train models that benefit other customers without explicit consent.
9. Contact
Data protection contact: privacy@byov.ai. For an EU representative request, contact the same address and we will route accordingly.
