Privacy Policy

Last Updated: May 4, 2026

Introduction

Bythen Pte. Ltd. ("Company," "we," "us," or "our") operates an AI-powered creative platform that enables you to generate digital content, including virtual characters, KOLs, videos, marketing materials, and other media through text prompts and related inputs (the "Services").

This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal information when you use the Services. In some cases, we may provide additional privacy notices applicable to specific products or features. Where we process personal information on behalf of business customers, those customers may act as the controller of such data, and their privacy policies may also apply.

This Privacy Policy should be read together with our Terms of Use and any applicable Additional Terms, which govern access to and use of the Services and operate together with this Privacy Policy.

By accessing or using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy and that your use of the Services is also subject to the Terms of Use and any applicable Additional Terms.

1. Information We Collect

We may collect the following categories of personal information:

1.1 Information You Provide

We may collect personal information you provide directly to us, including your name and contact details, account registration information, billing and subscription information, prompts, instructions, uploads and other inputs submitted through the Services as well as communications you have with us.

1.2 Generated Outputs

We may collect and store information related to content generated through your use of the Services, including AI-generated outputs, where necessary to operate, maintain, improve, secure, and support the Services.

Ownership, usage rights, and responsibilities relating to Outputs are governed by our Terms of Use.

1.3 Automatically Collected Information

We may automatically collect certain information about how you access and use the Services, including your IP address, device and browser information, usage activity and log data, cookie identifiers, analytics information and other information automatically collected or generated through your access to or use of the Services.

1.4 Information from Third Parties

In certain circumstances, we may receive information about you from third-party sources, which may be combined with information collected through the Services to help us operate, secure, and improve the Services.

1.4.1 Third-Party Account Providers

If you choose to sign in or register using a third-party account provider (such as a social login or identity provider), we may receive certain information from that provider, such as your name, email address, or profile information, depending on the permissions you grant.

1.4.2 Payment Processors

If you purchase subscriptions, credits, or other paid Services, payment transactions may be processed by third-party payment providers, such as Stripe or other payment processors.

We may receive limited information related to those transactions, such as payment confirmations, billing details, and subscription status, but we do not receive or store full payment card information.

Payment processing is subject to the privacy policies and terms of the applicable payment provider.

1.4.3 Analytics and Infrastructure Providers

We may receive information from third-party service providers that support analytics, hosting, cloud infrastructure, security, and other technical services used to operate, maintain, secure, and improve the Services.

1.4.4 AI Model and Technology Providers

We may work with third-party artificial intelligence model providers, APIs, and technology partners to help power certain features of the Services, including content generation, media processing, and related functionality.

These providers may process prompts, inputs, reference materials, or other content submitted through the Services solely for the purpose of delivering requested outputs and supporting functionality of the Services.

We require such providers to handle data in accordance with applicable contractual obligations, legal requirements, and their applicable privacy practices.

1.5 Sensitive Information

We ask that you do not submit sensitive personal information through the Services unless specifically requested for a feature we provide. Sensitive personal information may include information relating to health, biometric data, government identifiers, racial or ethnic origin, religious beliefs, criminal history, or other categories of sensitive data under applicable law. You should also avoid submitting confidential or proprietary information in prompts unless necessary and appropriately authorized. If you submit any such information, you are responsible for ensuring you have a lawful basis and any necessary authorization to do so.

2. How We Use Information

We may use personal information to:

provide and operate the Services
manage accounts and subscriptions
process prompts and generate outputs
improve, develop and maintain our products and AI systems
personalize your experience
provide support and communicate with you
detect fraud, misuse and security incidents
comply with legal obligations
enforce our Terms and policies

We seek to collect and process personal information that is relevant, limited, and reasonably necessary for these purposes.

3. Use of Prompts and AI Content

We process prompts, inputs, outputs, and related usage information as necessary to provide, operate, maintain, secure, and improve the functionality of the Services, including generating requested outputs and supporting platform performance.

We do not use your prompts, inputs, or outputs to train or develop our own artificial intelligence models. However, third-party artificial intelligence providers used to deliver the Services may process such content in accordance with their own terms and privacy practices.

Where the Services rely on third-party artificial intelligence providers or technology partners, those providers may process prompts, inputs, or related content solely for the purpose of delivering requested outputs and supporting the functionality of the Services, in accordance with applicable contractual obligations and their privacy practices.

Where the Company processes content on behalf of business customers under separate contractual arrangements, such content will be handled in accordance with those arrangements.

3.1 Human Review and Safety Monitoring

We may review prompts, inputs, or outputs, including through automated and, where reasonably necessary, human review, for purposes such as safety monitoring, abuse prevention, security, legal compliance, investigating violations of our policies, and providing support.

Any human review is limited to circumstances reasonably necessary for safety monitoring, abuse prevention, legal compliance, support, or related operational purposes, and is conducted subject to appropriate safeguards.

3.2 Content and Sharing Responsibility

You are responsible for ensuring you have all necessary rights, permissions, and lawful basis for any personal data or content you submit, upload, share, export, or otherwise disclose through the Services.

You are responsible for not submitting content that violates applicable law, infringes third-party rights, or is processed without proper authorization.

To the extent permitted by law, the Company is not responsible for disclosures, transfers, or uses of data made by you outside the Services or outside our reasonable control.

4. Legal Bases for Processing

Where required under applicable law, we process personal information based on one or more lawful bases, including:

Performance of a contract
Legitimate interests, including operating, securing, and improving the Services, provided those interests are not overridden by your rights and freedoms.
Legal obligations
Consent, where required

5. Cookies and Tracking Technologies

We use cookies and similar technologies for (i) Essential functionality, (ii) Authentication and security, (iii) Preferences, (iv) Analytics, and (v) Improving the Services. Where required, we obtain consent for non-essential cookies. You may manage or disable cookies through browser settings or available cookie controls. Blocking certain cookies may affect availability or functionality of some Services.

6. How We Share Information

We may share personal information in the following circumstances:

6.1 Service Providers

We may share personal information with trusted service providers and subprocessors that support hosting, cloud infrastructure, analytics, payments, security, support, and delivery of the Services. These providers may process personal information only on our instructions and subject to appropriate contractual, confidentiality, and security protections.

6.2 Business Customers

Where you use the Services through an organization, information may be shared with that organization as necessary to provide the Services.

6.3 Legal Requests and Protection

We may disclose personal information to courts, regulators, law enforcement authorities or government bodies where required by law or reasonably necessary to protect rights, safety or security.

6.4 Corporate Transactions

We may disclose or transfer personal information in connection with mergers, acquisitions, financing or asset sales. We do not sell personal information or share personal information with third parties for their own direct marketing or advertising purposes. We do not sell or share personal information for cross-context behavioral advertising as those terms may be defined under applicable privacy laws.

7. International Data Transfers

7.1 General

The Company operates globally and may transfer, store, access, or process personal information in countries outside the country where you reside, including jurisdictions that may have different data protection laws.

Our Services and infrastructure are operated globally. Personal information may be stored and processed in jurisdictions where we or our service providers operate, including, for example, Singapore and the United States, as well as other countries where our infrastructure or service providers are located.

Such transfers are made only as necessary for legitimate and relevant purposes, including providing, operating, maintaining, securing, and improving the Services, and supporting our service providers, infrastructure, and global operations.

We seek to limit transfers of personal information to what is necessary for those purposes.

7.2 Safeguards for International Transfers

We are committed to maintaining a high standard of personal data protection in connection with international transfers.

Where required under applicable law, we implement appropriate safeguards for cross-border transfers, including through:

Standard Contractual Clauses adopted by the European Commission or other legally recognized transfer mechanisms under applicable data protection laws;
contractual protections with service providers, subprocessors, and business partners (including data processing agreements and confidentiality obligations); and/or other safeguards permitted under applicable law.

These measures are designed to help ensure personal information transferred internationally remains adequately protected.

7.3 Service Providers and Global Processing

Some of our service providers, vendors, and partners may process personal information in multiple jurisdictions in support of hosting, infrastructure, analytics, payments, security, and support functions. Where such processing involves international transfers, we take steps designed to ensure personal information remains protected through appropriate technical, organizational, and contractual safeguards.

7.4 Business Transfers

Personal information may be disclosed or transferred in connection with actual or prospective corporate transactions, including investments, financings, mergers, acquisitions, asset sales, reorganizations, insolvency proceedings, or similar transactions. Where personal information is transferred as part of such a transaction, we will seek to ensure that such information remains subject to appropriate protections.

8. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, and comply with applicable legal obligations.

8.1 Retention of Account Data

We retain account-related information for as long as your account remains active or as necessary to provide the Services. In certain circumstances, we may retain such information longer where required to (i) comply with legal obligations; (ii) resolve disputes; (iii) enforce our agreements; or (iv) protect our legal rights.

8.2 Retention of Generated Content

Information related to prompts, inputs, and generated outputs may be retained for operational purposes, including maintaining functionality of the Services, improving system performance, ensuring platform integrity, and supporting security and abuse prevention. Retention periods may vary depending on technical requirements, usage patterns, and operational needs.

8.3 Legal Retention Requirements

We may retain certain information longer where required by applicable law, regulation, legal process, accounting, tax, fraud prevention, security monitoring, or compliance purposes. When information is no longer needed, we may delete or anonymize it.

9. Security

We maintain reasonable technical and organizational safeguards designed to protect personal information, including (i) Access controls; (ii) Encryption where appropriate; (iii) Security monitoring; (iv) Incident response procedures. However, no system can be guaranteed completely secure, and events beyond our reasonable control may still occur despite these measures.

10. Your Privacy Rights and Choices

Depending on applicable law, you may have rights to: (i) Access your personal data (ii) Correct inaccurate information (iii) Request deletion (iv) Object to certain processing (v) Request data portability (vi) Withdraw consent where processing is based on consent. All requests may be submitted to: legal@bythen.ai and we may verify your identity before responding.

You may opt out of receiving certain promotional communications by following unsubscribe instructions or adjusting account settings where available. You may still receive service-related communications necessary for account administration or operation of the Services.

11. Automated Processing

Our Services may involve automated processing, including AI-driven functionality and, where applicable, forms of profiling used to provide, personalize, or improve the Services.

Where required by law, you may have rights relating to certain automated decision-making and profiling.

AI-generated outputs may not always be accurate, complete, or suitable for every use case and should be independently reviewed where appropriate. You are responsible for reviewing and verifying outputs before relying on them.

You should not rely on AI-generated outputs, including videos or related content, as legal, medical, financial, or other professional advice without independent verification.

12. Data Breach Response

We take reasonable steps to detect, investigate, manage, and respond to security incidents or personal data breaches.

If a personal data breach occurs that requires notification under applicable law, we will provide notice as required and take reasonable steps to mitigate and remediate the impact of the incident.

13. Third-Party Services

Third-party links or integrations are provided for convenience only and do not imply endorsement. Use of third-party services may be subject to their own privacy policies and terms, which we encourage you to review.

14. Children and Users Lacking Legal Capacity

The Services are not intended for individuals who are not of legal age to form a binding contract under applicable law. We do not knowingly collect personal information from individuals who are not legally permitted to use the Services.

If we become aware that personal information has been collected from an individual who is not legally permitted to use the Services, we may take reasonable steps to delete such information.

15. Notice to European Users

If you are located in the European Economic Area or United Kingdom, you may have additional rights under applicable data protection laws, including rights relating to access, correction, deletion, objection, restriction and portability, as well as the right to lodge a complaint with a supervisory authority. Where required, international transfers are subject to appropriate safeguards.

15.1 Complaints and Supervisory Authorities

If you are located in the European Economic Area, United Kingdom, or another jurisdiction providing similar rights, you may have the right to lodge a complaint with the competent data protection supervisory authority.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or operational needs. We will update the "Last Updated" date when changes are made and may provide additional notice where appropriate. Continued use of the Services following updates constitutes acknowledgment of the most current revised version of this Privacy Policy.

17. Contact Us

If you have questions regarding this Privacy Policy or our data practices, contact us:

Email: legal@bythen.ai

Company: Bythen Pte. Ltd.

We will make reasonable efforts to respond to inquiries and requests in accordance with applicable data protection laws.