LicenseSeal Privacy Policy

This Privacy Policy explains how BytesGlue (DSO / Dtec) ("BytesGlue," "we," "us") collects, uses, discloses, and protects information in connection with BytesGlue and LicenseSeal products, websites, SDKs, portals, and services (collectively, the "Services").

If you have questions, contact privacy@licenseseal.com.

1) Important Notes About This Policy

This Policy describes our general practices. Specific features, deployments, regions, integrations, and configurations may vary by product, environment (SaaS vs self-hosted), and customer choices.

We may update our data practices as our Services evolve. We will update this Policy as required and revise the "Last Updated" date.

This Policy is not a contract and does not create any additional obligations beyond those required by applicable law and any written agreement you have with us (such as an Order Form).

2) Who We Are; Roles

Controller. BytesGlue acts as a controller for personal data we collect for our own purposes (for example, marketing site analytics and account administration).

Processor. When business customers use the Services to process data about their own users/end users, those customers typically act as controllers and BytesGlue acts as a processor to provide the Services, subject to customer instructions and any applicable data processing terms.

3) Scope

This Policy applies to:

• BytesGlue and LicenseSeal websites and documentation.
• Customer portal / dashboard.
• Hosted (SaaS) operation of licensing and entitlement services.
• SDKs, downloads, binaries, and related tooling.

Self-hosted/on-prem. Customers operating self-hosted/on-prem deployments control their hosting environment and most processing. We do not receive telemetry by default from self-hosted/on-prem systems, unless a customer explicitly enables it (if offered) or provides data to us for support.

4) Information We Collect

We collect information from you, automatically through your use of the Services, and from third parties (such as a Merchant of Record).

4.1 Information you provide

• Account and contact information: name, email, company name, job title, phone number (if provided).
• Communications: content of emails, calls, or other communications with us (including attachments you send).
• Customer configuration and administrative inputs: licensing policies, entitlements, and settings you configure in the Services.

4.2 Information collected automatically

Depending on the Service and configuration, we may collect:

• Identifiers and device data: IP address, device identifiers, user agent, OS/browser type, approximate location derived from IP.
• Usage data: pages/screens viewed, clicks, session timing, feature usage, referrer URLs.
• Logs and diagnostics: timestamps, endpoints/URLs accessed, error traces, performance metrics, security signals, and event records.

We may record or log certain request metadata and limited request content as necessary for security, reliability, debugging, fraud prevention, and support. We aim to minimize collection of sensitive content and do not intentionally collect regulated data unless we expressly agree in writing.

4.3 Licensing-related data (LicenseSeal)

In the hosted model, the Services may process:

• License and entitlement records and related identifiers.
• Activation/validation events (including results, timestamps, and enforcement outcomes).
• Device/machine identifiers ("fingerprints") used to enforce license rules. These may be hashed, pseudonymized, or otherwise minimized where feasible.
• Audit logs of sensitive administrative actions (for example, changes to licensing policies, key rotation, credential changes, and other security-relevant actions).

4.4 Payment and billing (Merchant of Record)

Payments may be processed by a Merchant of Record (for example, Paddle). We do not intentionally store full payment card details. We may receive limited transaction and subscription information from the Merchant of Record (for example, plan, status, renewal, country, tax/VAT fields, transaction IDs, invoice references, and refund/chargeback status). The exact fields depend on the Merchant of Record and your transaction.

5) How We Use Information

We use information to:

• Provide, secure, and operate the Services (including licensing/entitlement features).
• Authenticate users, administer accounts, and manage tenants.
• Monitor performance, debug issues, and improve the Services.
• Prevent abuse, fraud, and security incidents; enforce usage limits and protect our Services and customers.
• Communicate with you (transactional messages, security notices, and product updates).
• Send marketing communications (where permitted; you can unsubscribe at any time).
• Comply with law, protect legal rights, and resolve disputes.

6) Cookies and Similar Technologies

We may use cookies or similar technologies for essential functionality, analytics, and marketing. Where required by law, we will provide a mechanism to accept/reject non-essential cookies. You can also control cookies via your browser settings; disabling cookies may impact functionality.

Important: If we use third-party analytics or marketing tools, those providers may set their own cookies or collect certain device/usage data subject to their policies.

7) How We Share Information

We may share information in the following circumstances:

7.1 Service providers (processors)

We may share information with vendors who help us operate the Services (for example, hosting, databases, content delivery, email delivery, analytics, monitoring, support tooling). They may process data only on our behalf and under contractual obligations to protect it.

7.2 Merchant of Record / payment processing

We share necessary information with payment and billing partners to process transactions, handle taxes, prevent fraud, and manage subscriptions.

7.3 Legal, safety, and enforcement

We may disclose information if we believe in good faith that it is reasonably necessary to:

• Comply with law, regulation, legal process, or lawful requests.
• Protect the security or integrity of the Services.
• Protect rights, property, and safety of BytesGlue, customers, or others.
• Investigate or prevent suspected fraud, abuse, or security incidents.

7.4 Business transfers

If we are involved in a merger, acquisition, reorganization, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and security measures.

7.5 With your instructions

We may share information when you direct us to do so (for example, enabling integrations or adding collaborators).

8) International Processing and Transfers

BytesGlue operates from the UAE. To provide performance and resilience, we may process and store data in multiple regions, including the United States and the European Union, and route traffic to the nearest available region. Failover may result in processing outside a user's primary region.

Where GDPR/UK GDPR applies, we use appropriate transfer safeguards (such as Standard Contractual Clauses) and other lawful mechanisms as required.

9) Data Retention

We retain information only as long as reasonably necessary for the purposes described in this Policy, including security, fraud prevention, compliance, dispute resolution, and enforcing agreements.

Typical retention in the hosted (SaaS) model:

• Operational logs: typically up to 7 days, unless longer retention is reasonably required for security investigations, dispute handling, or legal compliance.
• Audit logs: retained according to policy and configuration and may be retained longer to support security accountability and compliance.
• License/entitlement records: retained for the duration of the customer relationship and as needed for legitimate business purposes (for example, license validity, reporting, fraud prevention, and auditability).
• Marketing records: retained until you unsubscribe or we no longer need them.

Self-hosted/on-prem. We do not retain self-hosted system data by default because it is processed in your environment, except information you provide to us for support or professional services.

10) Security

We use safeguards designed to protect information, including:

• Encryption in transit (TLS).
• Encryption at rest (where applicable).
• Access controls and role-based permissions.
• Audit logging for sensitive actions.
• Monitoring and incident response practices.

No method of transmission or storage is completely secure. We cannot guarantee absolute security. You are responsible for protecting your credentials, keys, tokens, and access to your own systems.

11) Your Rights and Choices

Marketing

You can opt out of marketing emails at any time via the unsubscribe link. You may still receive essential transactional or security communications.

GDPR/UK GDPR and similar rights (where applicable)

Depending on applicable law, you may have rights to access, correct, delete, restrict, object, or port your personal data, and to withdraw consent where processing is based on consent. To exercise rights, contact privacy@licenseseal.com. We may need to verify your identity and may refuse or limit requests where permitted by law (for example, to protect others' rights or comply with legal obligations).

12) Children

The Services are not intended for children, and we do not knowingly collect personal data from children.

13) Third-Party Services

The Services may link to or integrate with third-party services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.

14) Changes to This Policy

We may update this Policy from time to time. If changes are material, we will post an updated Policy and update the "Last Updated" date. Continued use of the Services after the effective date means you accept the updated Policy where permitted by law.

15) Contact Us

Email: privacy@licenseseal.com