Privacy Policy

1 Who We Are

BynarTek is a software development company incorporated in Vietnam. We provide custom software solutions, mobile and web application development, IT consulting, and digital products including the Faces Memory application.

2 Information We Collect

2.1 Information You Provide Directly

• Account information: name, email address, password (hashed), and profile photo when you register.
• Profile and memory data: names, photos, birthdays, relationships, personal notes, tags, and any other content you add to the Faces Memory application.
• Communication data: messages you send us via email, contact forms, or support tickets.
• Business inquiry data: company name, project description, and contact details submitted through our website forms.
• Payment information: billing name, address, and card details (processed by our payment provider; we do not store raw card numbers).

2.2 Information Collected Automatically

• Device and usage data: IP address, device type, operating system, browser type, app version, and session duration.
• Log data: pages visited, features used, timestamps, and error reports.
• Cookies and similar technologies: session tokens, preference cookies, and analytics identifiers (see Section 9).
• Crash and performance reports: anonymized diagnostic data to help us fix bugs and improve stability.

2.3 Information from Third Parties

• Authentication providers (Google, Apple) when you sign in using those services — limited to name, email, and profile picture as authorised by you.
• Analytics platforms that provide aggregated, anonymized usage statistics.

3 How We Use Your Information

We use your personal information to:

• Create and manage your account and authenticate your identity.
• Provide, operate, and improve our services and the Faces Memory application.
• Synchronise your data securely across your devices.
• Respond to your support requests and communicate service-related updates.
• Process payments and issue invoices for our services.
• Send optional product updates, feature announcements, and newsletters (with your consent; unsubscribable at any time).
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Comply with legal obligations under Vietnamese law and applicable international regulations.
• Conduct anonymized analytics to understand how our products are used and to improve them.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

4 Legal Basis for Processing

Where applicable (e.g., for users in the EU/EEA or other jurisdictions with similar requirements), we process your personal data under the following legal bases:

• Contract performance: to provide the services you signed up for.
• Legitimate interests: to improve our products, maintain security, and prevent abuse, where these interests are not overridden by your rights.
• Legal obligation: where we must comply with applicable law.
• Consent: for optional communications and non-essential cookies, which you may withdraw at any time.

For users in Vietnam, processing is conducted in accordance with Nghị định 13/2023/NĐ-CP on Personal Data Protection.

5 Sharing Your Information

We share your personal data only in the following circumstances:

• Service providers: trusted third-party vendors (cloud hosting, payment processors, email delivery, analytics) who are contractually bound to use data only as directed by us and to maintain appropriate security.
• Collaboration features: when you explicitly invite other users to share a family tree or memory group, their access is limited to the content you choose to share.
• Legal requirements: when required by law, court order, or government authority in Vietnam or another applicable jurisdiction.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
• With your consent: for any other purpose explicitly agreed to by you.

We never sell, rent, or trade your personal data with advertisers or data brokers.

6 Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services. Specifically:

• Account data: retained while your account exists and for up to 90 days after deletion to allow account recovery.
• Memory and profile data: permanently deleted within 30 days of account deletion, unless you export it first.
• Support communications: retained for up to 3 years for service improvement and dispute resolution.
• Financial records: retained for 7 years as required by Vietnamese accounting law.
• Log and analytics data: anonymized after 12 months.

You may request deletion of your data at any time (see Section 8).

7 Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

• AES-256 encryption for data stored at rest.
• TLS 1.2+ encryption for all data in transit.
• Hashed and salted passwords (bcrypt or equivalent).
• Role-based access controls limiting who can access production systems.
• Regular security audits and vulnerability assessments.
• Incident response procedures with mandatory breach notification timelines.

No system is completely secure. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify affected users and relevant authorities as required by law.

8 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Portability: request your data in a structured, machine-readable format.
• Restriction: request that we restrict processing of your data under certain circumstances.
• Objection: object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@bynartek.com. We will respond within 30 days. We may request identity verification before processing your request.

9 Cookies & Tracking Technologies

Our website uses cookies and similar technologies:

• Essential cookies: required for authentication, session management, and security. Cannot be disabled.
• Preference cookies: remember your settings (e.g., language, theme). Optional.
• Analytics cookies: anonymized usage statistics to improve our website. Optional; you may opt out.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features from functioning.

10 Children's Privacy

Our services are not directed at children under the age of 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will delete it promptly.

If you believe we have inadvertently collected data from a child, please contact us at support@bynartek.com.

11 International Data Transfers

BynarTek is based in Vietnam. If you are located outside Vietnam, your data may be transferred to and processed in Vietnam or in other countries where our service providers operate. We ensure that any such transfers are made under appropriate safeguards, including data processing agreements that meet applicable legal standards.

12 Third-Party Links & Services

Our website and application may contain links to third-party websites or integrate third-party services (e.g., app stores, payment processors). This Privacy Policy does not cover those third parties. We encourage you to review the privacy policies of any third-party services you use.

13 Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a prominent notice in the application at least 14 days before they take effect. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

We recommend reviewing this page periodically. The "Last Updated" date at the top of this page indicates when the most recent revision was made.

14 Contact Us

For privacy-related questions, requests, or concerns, please contact our Data Protection Officer: