Your trips are yours.
Plain-English summary first. Full policy below.
Five things, in plain English.
- Journeys are private by default. We never sell your data.
- We use your location, route history, and trip metadata to generate routes and narration — nothing else.
- You can export or delete everything at any time, no questions asked.
- We store data on U.S.-based cloud infrastructure, with encryption at rest and in transit.
- Payments are handled by Stripe. We never see your full card number.
Who we are
Byway Technologies LLC (“Byway”, “we”, “us”) is a U.S. company building the Byway AI scenic routing app. This policy covers the Byway mobile apps, web app, and www.byway.world.
What we collect
We collect only what we need to make Byway work:
- Account data — name, email, password hash, billing info (handled by Stripe).
- Location data — live location while you use the app, plus saved start/destination pairs for route generation.
- Trip content — journeys, photos, voice notes, receipts, and journal entries you create.
- Usage signals — which stops you visit, skip, or save, so routes get better over time.
- Device + diagnostic data — OS version, crash logs, and anonymized performance metrics.
How we use it
- Generate scenic routes, narration, and recommendations.
- Improve model quality using anonymized, aggregated data.
- Provide customer support and fulfill subscriptions.
- Detect fraud, abuse, and security threats.
- Send you transactional emails (receipts, password resets). We will never sign you up for marketing without explicit opt-in.
What we never do
- Sell personal data, location data, or usage data.
- Share your journeys with advertisers, data brokers, or third-party analytics platforms.
- Feed your private content into third-party AI training sets.
Cookies & browser storage
We don’t use advertising or cross-site tracking cookies, and there is no “accept all cookies” banner — because there is nothing non-essential to consent to. What we do use:
- Strictly-necessary cookies— your signed-in session and the investor-access gate. They’re required to log in and to reach gated pages; the site can’t work without them.
- Functional browser storage — small preferences kept on your own device (your light/dark theme, and in-app choices like trip time and route style). They stay in your browser, carry no identifier, and are never shared.
- Privacy-friendly analytics — we count page views with a cookieless analytics service: it stores nothing on your device and never tracks you across other sites.
Interactive maps and location features connect to third-party mapping providers (see Sub-processors) to draw the basemap and find places. Like any web request, those share your IP address with the provider to return the data, but they set no cookies and aren’t used to track you.
Sub-processors
Byway relies on a small set of service providers to run the app, each seeing only the data its function requires. We describe them by the function they perform; we name a provider only where it’s standard practice to, such as payments.
- Cloud hosting, database & file storage — encrypted, U.S.-based infrastructure
- Authentication — sign-in and session management
- Payments — Stripe (we never see your full card number)
- Mapping & places-data providers — basemap tiles and point-of-interest data
- AI routing provider — scenic route generation
- Voice synthesis — narration audio
- Transactional email — receipts and account messages
- Cookieless analytics — aggregate page-view counts
Your rights
You can access, correct, export, or delete your data at any time — from the app, or by emailing legal@byway.world. We respond to requests within 30 days. Residents of the EU, UK, and California have additional rights under GDPR, UK GDPR, and CCPA — all honored the same way.
Investor-prospect data
When you submit the attestation form at /investors/access, we collect and store:
- Full legal name.
- Email address.
- Firm or affiliation (if provided).
- Your self-attestation that you qualify as an accredited investor under Rule 501 of Regulation D.
- Your self-attestation that you have read and accept the disclaimers and risk factors.
- Your self-attestation that you understand the investor pages do not constitute an offer or solicitation.
- Your IP address and user-agent string.
- The timestamp at which the attestation was submitted.
We use this information as evidence of screening, to comply with the recordkeeping expectations under Rule 506 of Regulation D, to communicate with investor-prospects about the offering, and for any future accredited-investor verification required by securities counsel. We do not sell investor-prospect data, do not use it for consumer product marketing, and do not share it with advertising partners.
We retain investor-prospect records for five years from the date of submission, consistent with the recordkeeping expectations under Rule 506 of Regulation D. If you request earlier deletion, we will evaluate the request against our legal recordkeeping obligations and respond within 30 days.
Children
Byway is not directed at children under 13. We don’t knowingly collect data from them. If you believe a child has shared data with us, write to us and we’ll remove it immediately.
Changes
If we change this policy, we’ll post the updated version here and email existing members at least 30 days before it takes effect.
Contact
Questions or requests? Email legal@byway.world.
Byway is currently in beta. This policy is maintained in good faith and will be reviewed by counsel as we move toward general availability.