Privacy Policy - AI Hub

This Privacy Policy describes how byteoxo ("we," "us," or "our") collects, uses, and shares information when you use AI Hub ("the App"). We are committed to protecting your privacy and ensuring transparency about our data practices.

1. Data Collection Practices

1.1 Information You Provide

Data Type	Purpose	Storage Location
API Key	Authentication with OpenRouter	Encrypted local storage
Chat Messages	Conversation history	Local device storage
Model Preferences	User settings	Local device storage
App Settings	Personalization	Local device storage

1.2 Automatically Collected Information

Device Information: Device model, operating system version, unique device identifiers (for crash reporting only)
Usage Analytics: App feature usage, session duration, button interactions (anonymized)
Crash Reports: Technical logs when the app encounters errors
Performance Data: App load times, response times (aggregated)

1.3 Information We Do NOT Collect

Contents of your conversations with AI
Your API key in plain text
Personal identification documents
Financial information
Precise location data
Contact lists or phone records

2. Local Storage vs Cloud Data

2.1 Local-First Architecture

AI Hub is designed with a local-first architecture. This means:

Your chat history never leaves your device
API keys are encrypted using Android's EncryptedSharedPreferences
Settings and preferences are stored locally
No cloud backup of conversation data

2.2 Data That Leaves Your Device

When you send a message, the following data is transmitted to OpenRouter and the selected LLM provider:

Your message content (to generate a response)
Your API key (for authentication)
Model selection and parameters
Conversation context (if enabled)

⚠️ Important: Data transmitted to OpenRouter and LLM providers is subject to their respective privacy policies. We encourage you to review OpenRouter's privacy policy and the policies of the AI model providers you use.

3. Third-Party Data Sharing

3.1 Service Providers

Provider	Purpose	Data Shared
OpenRouter	API Gateway for LLMs	Messages, API key, model selection
LLM Providers	AI Response Generation	Message content (via OpenRouter)
Google Play	App Distribution	Standard store analytics
Firebase Crashlytics	Crash Reporting	Anonymized crash logs

3.2 We Do NOT Share Data With

Advertising networks or ad platforms
Data brokers or data resellers
Social media platforms
Marketing agencies

3.3 Legal Disclosures

We may disclose information if required by law, court order, or government request, or when necessary to protect our rights, safety, or the safety of others.

4. Your Privacy Rights

4.1 Universal Rights

All users have the right to:

Access: Know what data we collect and how it's used
Deletion: Delete your local data by uninstalling the app
Portability: Export your chat history (feature in development)
Objection: Opt-out of analytics collection

4.2 For European Users (GDPR)

Under the General Data Protection Regulation, EU residents have additional rights:

Right to rectification of inaccurate personal data
Right to restrict processing in certain circumstances
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process data based on legitimate interests (app functionality) and your consent (analytics).

4.3 For California Residents (CCPA/CPRA)

California residents have the right to:

Know what personal information is collected and disclosed
Delete personal information held by businesses
Opt-out of the sale or sharing of personal information
Non-discrimination for exercising these rights

Notice: We do not sell or share personal information as defined under CCPA/CPRA.

4.4 For Users in China (PIPL)

Under the Personal Information Protection Law of the People's Republic of China, you have the right to:

Know and decide about the processing of your personal information
Restrict or refuse processing (except as required by law)
Access and copy your personal information
Request correction of inaccurate information
Request deletion when processing purposes are achieved
Withdraw consent at any time
Request explanation of personal information processing rules

5. Data Retention and Deletion

5.1 Local Data Retention

Chat History: Retained until you delete conversations or uninstall the app
API Key: Stored until you remove it or uninstall the app
Settings: Retained until you reset them or uninstall the app

5.2 Server-Side Data Retention

Analytics: Aggregated for 24 months, then deleted
Crash Logs: Retained for 90 days
Support Tickets: Retained for 3 years for legal compliance

5.3 How to Delete Your Data

Delete Individual Conversations

Swipe left on any chat in the History tab and tap delete

Clear All Data

Go to Settings → Clear App Data to remove all local data

Complete Removal

Uninstall the app to remove all data from your device

6. Children's Privacy

6.1 Age Requirements

AI Hub is not intended for children under the age of 13 (or equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

6.2 COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), we:

Do not knowingly collect personal information from children under 13
Will delete any such information upon discovery
Encourage parents to monitor their children's online activities

6.3 Parental Rights

If you believe your child has provided us with personal information, please contact us at privacy@byteoxo.io. We will promptly delete such information from our records.

7. Cross-Border Data Transfers

7.1 International Data Flows

When you use AI Hub, your message data may be processed by OpenRouter and LLM providers in various countries, including the United States. These transfers are necessary to provide you with AI chat functionality.

7.2 Safeguards

For cross-border data transfers, we implement:

Standard Contractual Clauses approved by relevant authorities
Data processing agreements with all service providers
Technical measures (encryption in transit and at rest)
Regular security assessments of data handling practices

7.3 China-Specific Requirements

For users in China, in compliance with the Cybersecurity Law and Data Security Law:

We disclose that your message data is processed outside China through OpenRouter
By using the app, you consent to this cross-border data transfer
We implement security measures in accordance with Chinese cybersecurity standards
No "important data" as defined by Chinese law is collected or exported

8. Security Measures

8.1 Technical Safeguards

API keys encrypted using Android's EncryptedSharedPreferences
TLS 1.3 encryption for all data in transit
No plain-text storage of sensitive information
Regular security updates and vulnerability patching

8.2 Organizational Measures

Minimal data collection principle
Access controls and authentication requirements
Regular security audits and code reviews
Incident response procedures

8.3 Your Role in Security

You can help protect your data by:

Enabling device screen lock and biometric authentication
Keeping your device's operating system updated
Not sharing your device with untrusted individuals
Regularly updating AI Hub to the latest version

9. Policy Updates

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will notify you through the app or via email
Your continued use of AI Hub after changes indicates acceptance
We encourage you to review this policy periodically

Previous versions of this Privacy Policy are available upon request.

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights:

Privacy Inquiries: privacy@byteoxo.io
Data Protection Officer: dpo@byteoxo.io
General Support: developer@byteoxo.io

We will respond to all privacy-related inquiries within 30 days.

Our Privacy Commitment