Privacy Policy

This Privacy Policy explains how ByteSoul Ltd (“ByteSoul”, “we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use our websites, products, and services. We operate multiple brands and platforms, including without limitation: OpenHosst, Renttrr, Homatto, and AxoonAI (collectively, the “Services”).

We act as a Data Controller when we decide why and how your personal data is processed. For some activities (e.g., hosting or analytics for business customers), we may act as a Data Processor on a customer’s instructions.

If you have questions or wish to exercise your rights, contact: mail@bytesoul.co.uk

Registered office: ByteSoul Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Company No. 16802211.

1. What data we collect

• Identity data: name, username/handle, account IDs.
• Contact data: email address, phone number, postal address.
• Account and profile data: passwords (hashed), preferences, support history.
• Transaction data: purchase details, subscription status, invoices, partial payment metadata. Payment card data is handled by our PCI‑compliant payment processors; we do not store full card details.
• Technical data: IP address, device and browser type, operating system, language, time zone, referral URLs.
• Usage data: pages viewed, features used, clickstream, approximate location (country/region), performance metrics, error logs.
• Content you provide: posts, messages, uploaded files, listings (e.g., Renttrr/Homatto), configuration data (e.g., OpenHosst), feedback and survey responses.
• Marketing and communications data: your consents, preferences, and interaction with our emails and campaigns.
• Job application data: CV/resume details, cover letters, interview notes.
• Special category data: We do not intentionally collect special category data. If you submit such data unintentionally, we will delete it where feasible.

2. How we collect data

• Directly from you when you create an account, fill forms, make a purchase, submit listings, contact support, or participate in research.
• Automatically via cookies, SDKs, and similar technologies when you browse or use the Services.
• From third parties, such as payment providers, identity verification services, anti‑fraud vendors, analytics and ad partners, or when you sign in with a third‑party account.

3. Legal bases for processing (UK GDPR)
   We process personal data under one or more of the following legal bases:

• Contract: to provide and administer the Services you request.
• Legitimate interests: to operate, secure, improve, and market our Services, provided these interests are not overridden by your rights and interests.
• Consent: for optional activities like certain cookies/analytics, marketing emails, or when required by law. You may withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, anti‑fraud, or other legal requirements.
• Vital interests or public task: only where applicable.

4. How we use your data

• Provide, operate, and maintain the Services (account creation, authentication, customer support, service communications).
• Process transactions, subscriptions, and invoicing via our payment processors.
• Personalise content, settings, and recommendations.
• Monitor performance, fix bugs, ensure security and prevent fraud or abuse.
• Conduct research, analytics, and product improvement.
• Communicate important service updates and respond to enquiries.
• Send marketing communications where permitted and in line with your preferences.
• Comply with legal obligations and enforce our terms.

5. Cookies and similar technologies
   We use:

• Strictly necessary cookies for core functionality and security.
• Preference cookies to remember settings.
• Performance/analytics cookies (e.g., page views, feature usage) – set only with your consent where required.
• Marketing/advertising cookies to measure campaigns – set only with consent where required.

You can manage cookie preferences through our cookie banner and your browser settings. Blocking certain cookies may impact functionality.

6. Sharing your data
   We may share personal data with:

• Service providers and processors acting on our behalf (e.g., hosting, cloud infrastructure, email/SMS delivery, analytics, payments, anti‑fraud, customer support tools).
• Business customers where you use an enterprise or team account administered by your organisation.
• Other users, when you choose to make information public (e.g., marketplace listings, profiles, reviews).
• Professional advisers, auditors, and insurers.
• Authorities, regulators, or law enforcement where required by law or to protect rights, safety, and security.
• In connection with a corporate transaction (merger, acquisition, asset sale) subject to appropriate protections.

We do not sell personal data.

7. International transfers
   We may transfer personal data outside the UK/EEA to countries that may not provide the same level of data protection. Where we do so, we rely on appropriate safeguards such as:

• UK Addendum to the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
• Adequacy regulations or equivalent mechanisms.
  You can request details of applicable safeguards by contacting us.

8. Data retention
   We retain personal data only as long as necessary for the purposes described in this Policy, including to satisfy legal, accounting, or reporting requirements. Typical retention examples:

• Account data: retained while your account is active and for a reasonable period thereafter for record‑keeping, dispute resolution, and legal compliance.
• Transaction records: retained for up to 6–7 years for tax and accounting.
• Support tickets and logs: retained for operational and security purposes for a limited period.
  We will securely delete or anonymise data when no longer needed.

9. Security
   We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least‑privilege practices, monitoring, and secure development processes. No method of transmission or storage is completely secure; we continuously improve our safeguards.
10. Your rights (UK data subjects)
    Subject to conditions and exemptions under UK GDPR, you have the right to:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data in certain circumstances.
• Restrict processing: limit how we use your data.
• Data portability: receive your data in a structured, commonly used, machine‑readable format and transfer it to another controller where technically feasible.
• Object: object to processing based on legitimate interests or direct marketing.
• Withdraw consent: where processing is based on consent.
• Complaint: lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. We encourage you to contact us first so we can address your concerns.

To exercise your rights, email mail@bytesoul.co.uk. We may need to verify your identity before fulfilling your request. We aim to respond within one month.

11. Children’s privacy
    Our Services are not intended for children under 13 (or the equivalent age as defined by local law). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us to remove it.
12. Third‑party links and integrations
    Our Services may include links to third‑party websites, plugins, or integrations. Those providers operate under their own privacy policies, and we are not responsible for their practices. Review their policies before using their services.
13. Brand‑specific notes
    Because ByteSoul operates multiple platforms:

• OpenHosst may process server, domain, and configuration metadata you supply to deliver hosting features.
• Renttrr and Homatto may process listing content, location, and communications between users.
• AxoonAI may process your tool preferences, saved items, and newsletter subscriptions.
  Platform‑specific notices and controls may be presented in‑product and form part of this Policy.

14. Marketing preferences
    You can opt out of marketing emails by using the unsubscribe link in those emails or updating your account preferences. We may still send service and transactional communications.
15. Automated decision‑making
    We do not make decisions producing legal or similarly significant effects solely based on automated processing. We may use automated systems for fraud detection, abuse prevention, and content moderation with human oversight.
16. Changes to this Policy
    We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, notify you through the Services or by email.
17. How to contact us

• Data Controller: ByteSoul Ltd, United Kingdom
• Email: mail@bytesoul.co.uk
• Company No.: 16802211

If you are unhappy with our response, you can contact the UK Information Commissioner’s Office at ico.org.uk or by telephone as listed on their site.