DoseEdge Privacy Policy

1. Introduction

This Privacy Policy describes how BILLABYTE PTY LTD ("Billabyte," "we," or "us") collects, uses, stores, and shares information about you when you use the DoseEdge mobile application (the "App" or "Service"). Billabyte is the "data controller" of personal information processed through DoseEdge, meaning we are responsible for deciding how to handle your personal data.

We are committed to protecting your privacy and complying with applicable data protection laws, including the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), among others. By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

Our contact email for privacy inquiries is support@billabyte.au. Our mailing address is BILLABYTE PTY LTD, 81-83 Campbell Street Surry Hills NSW 2010, Australia. You may contact us with any questions or concerns about this Privacy Policy or your personal data.

2. Information We Collect

We collect several types of information from and about users of DoseEdge, including:

Information You Provide Directly

When you create an account or use the App, you may provide personal information such as your name, email address, and other profile details. You also provide information when you use the App's features, for example:

• Supplement Data: You may enter details about dietary supplements you take (e.g., names of products, dosage, frequency) to track your usage.
• Photos: If you upload a photo of a supplement product to identify it, we collect that image. (The App will request access to your device camera or photo library when you choose to use this feature.)
• AI Chat Queries: If you use our AI chat assistant to ask questions about supplements, the text of your queries and any information you volunteer in those chats are collected.
• Customer Support and Feedback: If you contact us (via email or in-app chat) for support or give feedback, we will collect the information you provide (such as your contact details and the content of your communications).

Information We Collect Automatically

When you use the App, we automatically collect certain information about your device and usage of the Service:

• Device and Log Information: We collect data about the device you use to access the App (such as device model, operating system version, unique device identifiers, and app version). We also collect log information about your use of the App, including the dates and times you log in, features or pages you access, crashes and error reports, and other usage statistics.
• Analytics Data: We use third-party analytics tools, including Google Analytics and Mixpanel, to gather information about how users interact with our App. These tools automatically collect information such as your device identifier, the screens or features you use, the time spent in the App, and other usage metrics. We use this information to analyze trends, administer and improve the App, and understand user engagement.
• Cookies and Similar Technologies: While the App itself may not use traditional web cookies, if our Service incorporates any web-based components or if you visit our website, we may use cookies or similar tracking technologies to remember your preferences and analyze usage. In a mobile app context, analytics tools may use device identifiers or software development kits (SDKs) for similar purposes.

Information from Third Parties

We may receive information about you from third parties when you use the App:

• App Store Platforms: If you purchase a subscription through Apple App Store or Google Play, we receive information such as confirmation of your subscription and basic account identifiers. (We do not receive your full payment information; payments are processed by the platform.)
• Authentication Services: If the App allows third-party sign-in (e.g., sign in with Apple or Google), we would receive your name, email, or other profile info from those services (according to what you consent to share).
• AI Service Providers: If our image recognition or chat AI features rely on third-party AI platforms, we may send your queries or images to those providers for processing.

We do not collect any sensitive personal information about you unless you choose to provide it. "Sensitive" data includes things like health information, racial or ethnic origin, precise location, etc. While DoseEdge deals with dietary supplements and wellness, we treat any health-related inferences (e.g., supplement usage data that might suggest health conditions or goals) as sensitive and handle it with care and appropriate safeguards.

3. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain the Service

• We process your registration data to create your account and allow you to log in.
• We use your supplement input data to present back to you your logged supplements and history.
• If you upload a photo of a supplement, we use it to identify the product and return results to you.
• If you ask the AI chat a question, we use your query to generate a response.

To Improve and Customize the App

We analyze how users interact with DoseEdge to improve the Service. For example, usage data and analytics help us understand which features are most popular, fix bugs, and make the user experience better. We may use feedback you provide to develop new features.

Analytics and Performance

As noted, we use Google Analytics and Mixpanel to collect information about app usage. This helps us troubleshoot issues and optimize performance. (These analytics providers only use your data as instructed by us and in accordance with their own privacy policies. We do not allow them to use your data for any purpose other than providing services to us.)

Communications

We may use your email or in-app notifications to send important updates or information related to the Service. For example, we may send you service-related emails (e.g., to verify your account or notify you of subscription status, security or privacy updates, or changes to this Policy or our Terms). We may also send promotional communications or newsletters if you have opted in to receive them (you can opt out at any time).

Subscription Management

If you are a premium user, we use your information to manage your subscription, such as tracking your subscription status, processing renewals (through the app store platform), and handling billing issues or inquiries.

Safety and Security

We may use information (including automated monitoring of usage) to protect the security of the Service, our company, and other users. This includes detecting and addressing fraud, abuse, security incidents, and other harmful activities. For instance, we might detect multiple failed login attempts or monitor for content that violates our Terms of Service.

Legal Compliance

We may process your personal information as required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For example, we can retain and disclose certain data where we believe in good faith it is necessary to satisfy law enforcement requests or to exercise or defend legal claims.

Other Purposes with Your Consent

If we intend to use your data for any purpose not covered above, we will explain that to you at the time of collection and obtain your consent if required. For instance, if we ever wanted to use certain data for research or marketing beyond the scope of providing the Service, we would let you know and give you the choice to allow it.

4. How We Share Your Information

We value your privacy and only share personal information in limited situations, outlined below. We do not sell your personal information to third parties for profit. We may share information:

With Service Providers

We employ trusted third-party companies and individuals to help us operate, analyze, and improve the Service. These third parties perform services on our behalf, such as:

• Analytics Providers: As noted, we share certain usage data with Google Analytics and Mixpanel to understand how our App is used and improve it. These providers may receive your device identifiers and usage info, but not your name or account password. They act as our data processors and are contractually obligated to protect your information.
• Cloud Storage and IT Providers: We may use cloud infrastructure (servers or databases) provided by third parties (for example, Amazon Web Services or other hosting providers) to store data securely. Personal data (including your supplement logs, photos, and account info) may be stored on their servers, but always under our control and subject to strict security measures.
• AI Processing Partners: If our image recognition or chat AI features use external AI services, we share the necessary data (like the photo or query text) with those AI service providers to get the result. We only partner with providers that have privacy and security commitments, and we do not allow them to retain or use the content beyond serving our requests.
• Email/Notification Services: If we send emails, we might use an email delivery service. If we send push notifications, we use Apple's or Google's push notification systems. These services process your contact info or device tokens to deliver messages on our behalf.

All service providers are given access to only the information necessary to perform their functions, and they are not permitted to use it for other purposes. We ensure that such partners are bound by confidentiality and data protection obligations consistent with this Policy and applicable law.

With Business Partners (for Optional Features)

If DoseEdge integrates with or links to other services (for example, if you choose to export your supplement data to another health app, or link DoseEdge with a fitness tracker), we will share data only when you direct us to and with your consent. Such data sharing will be limited to what is necessary to fulfill your request and will be subject to the third party's own privacy terms.

In App Store Transactions

When you make purchases or subscribe through Apple App Store or Google Play, those platforms process your payments. They may receive information such as your name, email, and purchase details. We share necessary information with them to validate and fulfill transactions, and we abide by their required disclosures.

For Legal Reasons

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with a legal obligation, such as a subpoena, court order, or search warrant; (b) protect and defend the rights, property, or safety of Billabyte, our users, or the public; (c) investigate or assist in preventing any violation of law or our Terms of Service, including fraud or security issues.

Business Transfers

If Billabyte is involved in a merger, acquisition, sale of assets, or reorganization (or during due diligence for such transactions), your information may be transferred to the successor or acquiring entity as part of that transaction. If such a transfer occurs, we will ensure that your personal data remains subject to confidentiality obligations and this Privacy Policy (unless you are notified of changes and given a chance to opt out).

With Your Consent

In cases other than those above, we will share your personal information only with your consent. For example, if we ever want to share testimonials or user content for promotional purposes, we would ask for your permission.

5. International Data Transfers

DoseEdge is operated by Billabyte in Australia, but we utilize services and technical infrastructure that may be located in other countries (for example, the United States). As a result, the personal information we collect may be transferred to and stored on servers in countries outside of your home country, including Australia, the United States, or other jurisdictions.

When we transfer and store information internationally, we take steps to ensure your data is given adequate protection under the laws of the destination country as well as your country of residence:

If you are in Australia

Your personal information may be transferred overseas (for example, to the U.S. for analytics processing or cloud storage). We will take reasonable steps to ensure that any overseas recipients do not breach the Australian Privacy Principles in relation to your information. In practice, this means we will only transfer data to organizations in countries which have strong data protection laws (such as the GDPR in Europe) or where we have agreements in place to protect your information.

If you are in the European Union (or UK/EEA)

Whenever we transfer your personal data out of Europe, we will ensure a similar degree of protection by implementing at least one of the following safeguards:

• Transferring to countries that have been deemed to provide an adequate level of protection for personal data under GDPR.
• Using specific contracts approved by the European Commission (such as Standard Contractual Clauses) which give personal data the same protection it has in Europe.
• Relying on your explicit consent in limited cases, or other legal transfer mechanisms as allowed by GDPR.

If you are in the United States

Data collected through the App may be processed in or transferred to servers located outside your state, province, or country. We will protect your data in accordance with this Privacy Policy wherever it is processed, and we comply with U.S. privacy laws such as the CCPA as described below.

For other regions

We will similarly ensure compliance with applicable data transfer restrictions and use safeguards to protect your information when it is transferred across borders.

Please note that different countries may have different data protection laws, which might not be as protective as those in your jurisdiction. However, our handling of your personal information will always be governed by this Privacy Policy. By using the App or providing us with information, you consent to the transfer of your personal data to other countries as described, subject to these protective measures.

6. Your Rights and Choices

You have certain rights and choices regarding your personal information. We have outlined key rights below. Depending on your location (for example, if you are an EU/EEA resident or a California resident), you may have specific legal rights, which we also explain below. We will honor the rights applicable to you:

Access and Correction

• You have the right to request access to the personal data we hold about you and to ask for corrections of any inaccuracies.
• You can ask us to provide a copy of the information we have about you, and you can request that we update or correct your data if it is inaccurate or incomplete.
• Most of your basic profile and supplement information can be reviewed and edited by you directly in the App. For anything you cannot correct yourself, please contact us.

Data Portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another service provider (when technically feasible). This typically applies to information you provided to us, where processing is based on your consent or a contract.

Deletion (Right to Erasure)

• You can request that we delete your personal information.
• If you want to delete your DoseEdge account and associated data, you may do so through the App (if that feature is available) or by contacting us at support@billabyte.au.
• Upon receiving a verified deletion request, we will remove or anonymize your personal data from our records, except for information we are required or permitted to retain by law. For example, we might keep certain transaction records or communications to comply with financial reporting or legal obligations, even after account deletion.
• Once your data is deleted, your account will be deactivated and you will lose any stored supplement data (so please export any data you wish to keep before requesting deletion).

Withdrawal of Consent

Where we rely on your consent to process personal data (such as if you gave consent to use a health-related data feature or to receive marketing emails), you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing that occurred before you withdrew consent. For example, you can opt out of marketing emails by clicking the "unsubscribe" link in those emails or adjusting your App settings.

Opt-Out of Marketing and Analytics

If we send you marketing communications (such as newsletters or promotional offers), you can opt out of receiving them. You can also contact us to opt out of certain analytics or tracking if required by law. (For instance, California residents have the right to opt out of the "sale" of personal information. As noted, we do not sell data, and we do not share personal data for targeted advertising without your consent. If that ever changes, we will update this Policy and provide opt-out mechanisms.)

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the CCPA (as amended by the CPRA), including:

• The right to know what personal information we have collected about you in the past 12 months, including the categories of information, the sources, the business purposes for collection, and the categories of third parties with whom we shared it.
• The right to access the specific pieces of personal information we have about you (you can request a copy of the data).
• The right to request deletion of your personal information, subject to certain exceptions.
• The right to correct inaccurate personal information that we maintain about you.
• The right to opt out of the "sale" or "sharing" of your personal information. (As stated, we do not sell personal data to third parties. We also do not share your personal information for cross-context behavioral advertising except with your consent, so an opt-out is typically not necessary. Nevertheless, if you send us a "Do Not Sell or Share My Info" request, we will honor it.)
• The right not to receive discriminatory treatment for exercising any of these rights. We will not deny you our services or provide a different level of service because you exercised your privacy rights.

To exercise California privacy rights, you (or your authorized agent) can contact us at support@billabyte.au with your request. We may need to verify your identity (for example, by confirming information associated with your account) before fulfilling certain requests.

European Union/EEA Residents (GDPR)

If you are in the EU, EEA, UK, or another jurisdiction with similar laws, you have the following rights regarding your personal data:

• The right of access, rectification, or erasure (as described above).
• The right to restrict processing of your data, or object to certain processing (for example, you can object to processing for direct marketing or in some cases when we process based on legitimate interests).
• The right to data portability (to receive a copy of your data in a usable format and transfer it to a different service).
• The right to object to automated decision-making, including profiling, if applicable (though DoseEdge does not make any legal or similarly significant decisions based solely on automated processing without human involvement).
• The right to lodge a complaint with a supervisory data protection authority in your country. If you believe we have infringed your data protection rights, you have the right to contact your local Data Protection Authority or the lead supervisory authority in Australia (the OAIC) or in the EU (as applicable). We encourage you to contact us first so we can address your concerns directly.

Legal Bases for Processing

We only process your personal data when we have a legal basis to do so under GDPR and similar laws. Our legal bases include:

• Contract: we process data to provide the Service you requested under our Terms of Service (e.g. using your data to identify supplements or maintain your account is necessary for our contract with you).
• Legitimate Interests: we process data for our legitimate interests in improving and securing our App (we balance these interests against your data protection rights).
• Consent: where we ask for it, such as for processing any sensitive health-related information or sending marketing communications. If we rely on consent, you can withdraw it at any time as noted above.

Australian Users

If you are in Australia, in addition to the rights above (which we provide to you as a courtesy where feasible), you have the right to access the personal information we hold about you and request corrections if needed under the Australian Privacy Principles. We will normally provide access or make corrections upon request as required by law. If you have a complaint about how we handle your information, please contact us. We will endeavor to address any issues. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Exercising Your Rights

To exercise any applicable rights, please contact us at support@billabyte.au. We will respond to your request as soon as reasonably possible, and in any case within the timeframes required by law. Please note that some rights may be subject to exceptions or require verification of identity. If we cannot fulfill a request (due to a legal exception, or if we cannot verify your identity), we will provide an explanation.

7. Data Security and Retention

Security Measures

We take the security of your personal information seriously. Billabyte implements industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (e.g., SSL/TLS when data is sent between your device and our servers) and encryption at rest for sensitive data where appropriate. We also limit access to personal data to authorized personnel and contractors who need it to operate our Service, and they are subject to strict confidentiality obligations.

Retention Period

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

• We keep your profile information and data in your account (such as your supplement logs and chat history) for as long as your account is active.
• If you delete your account or request deletion, we will promptly delete or anonymize your personal data (and instruct our processors to do the same), except for information we are required to keep for legal or compliance reasons. For example, we may retain certain financial transaction records or communications to comply with tax laws, audits, or to resolve disputes.
• Analytics data may be retained in aggregate or anonymized form after your account is deleted, which means it will not be linked to your identity.
• Backup copies of data: Our systems may maintain backup or archival copies of your data for a period of time (e.g., in routine backups). If we delete your data, it may not be immediately removed from all backup systems, but it will not be used for any active purpose and will be deleted in the normal course of backup rotation.

We regularly review our data retention practices to ensure we are not keeping data longer than necessary. When we no longer need personal information, we delete it or anonymize it so that it can no longer be associated with you.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old. If you are under 13, please do not use DoseEdge or provide any personal information to us. If we learn that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as soon as possible.

For teens between 13 and 18, we recommend parental supervision and that such users use DoseEdge with parental permission. If you are a parent or guardian and believe that a minor has provided us with personal information without consent, please contact us at support@billabyte.au. We will investigate and remove the information if needed.

(Note: For users in certain jurisdictions, such as the European Union, different age limits may apply (e.g., 16 years under GDPR unless member state law sets a lower age like 13). We do not knowingly collect data from minors under the applicable age of consent in those jurisdictions, and if we become aware of it, we will delete it.)

9. Health Information

The supplement information you track in DoseEdge may be considered health-related data. We treat this information with special care:

• We do not share health information with advertisers or marketers
• We use health data only to provide our services and improve our app
• We apply additional security measures to protect sensitive health information
• We comply with applicable health data protection laws

10. Cookies and Tracking Technologies (Website)

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. This section applies only to our website at doseedge.app, not our mobile application.

10.1 Types of Cookies We Use

• Essential Cookies: Required for the website to function properly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information (Google Analytics, Mixpanel).
• Marketing Cookies: Used to track visitors across websites to display relevant advertisements (currently not in use, but may be enabled with consent).
• Functional Cookies: Enable enhanced functionality and personalization features.

10.2 Your Cookie Choices

Depending on your location, we provide different cookie controls:

• EU/UK/Brazil/Quebec residents: We require your explicit consent before placing non-essential cookies
• California residents: We honor the Global Privacy Control (GPC) signal and provide opt-out options
• All users: Can manage preferences anytime via the "Cookie Settings" link in our website footer

10.3 Third-Party Services

We use the following services that may set cookies:

• Google Analytics (analytics)
• Mixpanel (analytics)

For more information about how these services use cookies, please refer to their respective privacy policies.

11. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we collect or use your personal information, we will notify you by means appropriate to the significance of the changes. This may include a notice within the App, an email notification, and/or an update to the "Last Updated" date at the top of this Policy.

We encourage you to review this Privacy Policy periodically for any updates. Your continued use of DoseEdge after any changes to this Privacy Policy constitutes your acceptance of those changes, to the extent permitted by law. If you do not agree with any updated Policy, you should stop using the App and may request that we delete your data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We will be happy to answer your questions or address your concerns. If you contact us, please provide sufficient detail about your query or concern, and we will endeavor to respond promptly.

By using DoseEdge, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting DoseEdge with your supplement tracking needs and information.