Privacy Policy

Welcome to BitEasy, operated by Webvana Inc. We build tools that help app developers manage referrals, track earnings, and pay partners — always with privacy at the core.

This policy explains what we collect, how we use it, and how we protect your information.

This policy is designed to comply with applicable data protection laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta's Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), and other applicable privacy legislation.

We do not sell your personal information. We never have, and we never will.

1. Information We Collect

We collect only what is necessary to operate the platform reliably.

Information You Provide

  • Account information (name, email)
  • App and workspace configuration
  • Referral links, partner setup, attribution settings
  • Payment card information provided via Stripe's secure payment elements for billing and payout processing

Note: BitEasy never sees full credit card numbers or bank details.

Information Stored by Stripe

When you add a payment method, Stripe stores your card details securely on our behalf. We also store your name, country, and company details in Stripe as part of your customer record for billing and payout purposes.

When partners onboard via Stripe Connect, Stripe may collect and store additional personal and financial information — including identity verification documents, date of birth, address, and bank account details — as required by Stripe's own onboarding and regulatory requirements. This data is collected and stored by Stripe under Stripe's Privacy Policy, not by BitEasy. We do not have access to your full card numbers, bank account details, or identity documents.

Automatically Collected

To keep the service fast, safe, and improving:

Service Logs

  • Timestamped request metadata
  • IP address and user agent
  • Internal IDs (userId, appId, requestId, installId)

Used to debug issues, prevent abuse, and maintain uptime.

Analytics & Product Usage (PostHog)

We track high-level event data such as:

  • Page views inside the dashboard
  • Feature usage (e.g. creating referral links)
  • Onboarding funnels and error states

PostHog runs without third-party trackers or external ad systems. For details on cookies and tracking, see our Cookie Policy on this website.

Error and Crash Reporting

  • Error context and stack traces
  • Environment/runtime metadata
  • No business data or secrets

2. What We Do Not Collect

BitEasy explicitly does not:

  • Perform device fingerprinting
  • Track users across unrelated websites or apps
  • Sell, rent, or trade customer data
  • Collect analytics tied to personal identity without consent

We believe your data belongs to you — not to us.

3. How We Use Data

Data we collect is used to:

  • Operate and improve the BitEasy platform
  • Provide referral, payout, and reporting features
  • Detect outages, errors, and abuse
  • Communicate service updates or maintenance notices

We do not use personal data for advertising or profiling.

3A. Legal Basis for Processing

Where data protection law requires a legal basis, we rely on the following:

Purpose Legal Basis
Operating the platform (account management, payouts, referral tracking) Performance of contract — necessary to provide the service you signed up for
Service logs, error tracking, abuse prevention Legitimate interests — maintaining security, uptime, and integrity of the platform
Analytics and product improvement (PostHog) Legitimate interests — understanding usage patterns to improve the product
Communicating service updates and billing alerts Performance of contract — transactional communications necessary for the service
Complying with legal obligations (tax records, law enforcement requests) Legal obligation — required by applicable law

You may object to processing based on legitimate interests by contacting us at legal@biteasy.co. We will assess and respond to your objection within 30 days.

4. Secret Storage

(RevenueCat, Apple, Stripe)

BitEasy uses a handful of sensitive secrets to verify trusted events:

  • RevenueCat Webhook Secret
  • Apple App Store Server Notifications Private Key
  • Stripe Webhook Signing Secrets

Storage & Protection

  • Secrets are stored in encrypted, access-controlled secret storage provided by our hosting platform.
  • They are not stored in plaintext in any database.
  • Runtime access is limited to the worker that needs them.
  • Decryption happens only in-memory, and values are never logged.

Rotation

You may rotate keys in your provider dashboard at any time, and BitEasy will immediately use the new values.

5. Sharing Data With Third Parties

We only share data with services required to run BitEasy.

Core processors include:

  • Cloudflare — hosting, security, networking
  • PostHog — analytics and product insights
  • Stripe — payment processing, subscription management, partner payouts via Stripe Connect

A full list of our subprocessors, including their purpose and location, is available on our Subprocessors page on this website. These processors have their own privacy safeguards in place.

If you require a Data Processing Agreement, our standard DPA is available on this website.

We may share limited contact information (name, email) with affected partners in cases of prolonged payout failure, as described in our Terms of Service.

We may also disclose information if legally required.

6. Data Storage & Security

BitEasy uses modern security practices:

  • HTTPS encryption for all network traffic
  • Role-based access controls
  • Regular backups and integrity checks

Data is primarily stored in regions supported by our cloud providers.

6A. International Data Transfers

BitEasy is operated by Webvana Inc., based in Alberta, Canada. Your data may be processed in:

  • Canada — recognized by the European Commission as providing adequate data protection under GDPR Article 45.
  • United States — where some of our infrastructure providers operate. Transfers to the US are protected by Standard Contractual Clauses (SCCs) maintained by our providers (Cloudflare, Stripe, PostHog).

Our Subprocessors page lists each vendor, its purpose, and its location. We only transfer data to jurisdictions where appropriate safeguards are in place.

7. Data Retention

We retain user data only as long as necessary for legitimate business and legal purposes:

  • Account data (name, email, app configuration) — retained while your account is active. Deleted or anonymized within 30 days of account closure.
  • Transaction and payout records — retained for a minimum of 7 years to comply with CRA record-keeping requirements.
  • Service logs (IP addresses, request metadata) — retained for up to 90 days for security and debugging purposes.
  • Analytics data — retained in aggregated or anonymized form and is not tied to individual accounts after deletion.

Upon account deletion, we remove or anonymize personal information where possible, subject to the retention periods above.

8. Children's Privacy

BitEasy is not intended for children under 13. If we learn we have collected data from a minor, we will delete it promptly.

9. Your Rights

Regardless of where you are located, we provide the following rights to all users:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we update or correct inaccurate information
  • Deletion — request deletion of your personal data and account
  • Portability — request your data in a structured, commonly used, machine-readable format
  • Restrict processing — request that we limit how we process your data in certain circumstances
  • Object to processing — object to processing based on legitimate interests (including analytics)
  • Withdraw consent — where processing is based on consent, withdraw it at any time
  • Lodge a complaint — you have the right to lodge a complaint with your local data protection authority

We do not sell personal information, and we never have. There is nothing to opt out of in this regard.

To exercise any of these rights, contact us at legal@biteasy.co. We will respond within 30 days. We may ask you to verify your identity before processing your request.

If we are processing your data on behalf of another party (for example, if you are a partner and the app owner is the data controller), we may need to redirect your request to the appropriate controller.

10. Changes to This Policy

We may update this privacy policy as the product evolves. If changes are material, we will notify you by email or inside the dashboard.

The latest version of this document will always be available here.

11. Contact

Questions or privacy concerns?

Webvana Inc. legal@biteasy.co

Thank you for trusting us to build a platform that puts privacy first.