Privacy Policy

1. Who We Are

Hashbyt (“Hashbyt”, “we”, “us”, or “our”) is a UI and frontend engineering consultancy. We operate this website and associated landing pages to offer a free UI Revenue Leak Report to qualified software companies.

For the purposes of applicable data protection law (including the UK GDPR, EU GDPR, and equivalent legislation), Hashbyt acts as the data controller in respect of personal data collected through this website.

Our contact details are set out in Section 18.

2. Data We Collect

2.1 Information You Provide Directly

When you submit our application form, we collect:

• Full name – to personalise your report and correspondence
• Work email address – to deliver your report and follow up
• Phone number – to schedule an optional walkthrough call
• Company website URL – to conduct the audit
• Biggest concern (selected category) – to focus the audit
• Free-text notes (optional) – any context you choose to share

2.2 Data Collected Automatically

When you visit our website, we and our third-party service providers may automatically collect:

• IP address and approximate geolocation (country/city level)
• Browser type, operating system, and device type
• Pages visited, time on page, and referring URL
• Click and scroll behaviour (where analytics are active)
• Google Ads click identifiers (gclid) and conversion signals
• YouTube embed interaction data (if you play an embedded video)

2.3 Data We Do Not Collect

We do not collect payment card details, government-issued ID numbers, passwords, or sensitive personal data (as defined by GDPR Article 9) through this website.

3. How We Use Your Data

We use the personal data you provide for the following purposes:

• Delivering the free audit – reviewing your app, preparing the written PDF report, and sending it to your email address
• Scheduling the optional walkthrough call – using your phone number only if you request the call
• Following up on your application – a single acknowledgement email plus up to two follow-up emails if we do not hear back
• Internal quality assurance – reviewing submissions to maintain audit quality standards
• Marketing communications – only with your prior consent; you may opt out at any time
• Legal compliance – complying with applicable laws and lawful requests from authorities
• Analytics and advertising optimisation – measuring ad performance and improving our pages (aggregated and anonymised where possible)

We will not use your data to make automated decisions that have legal or similarly significant effects on you without your explicit consent.

4. Legal Basis for Processing (GDPR)

If you are located in the UK or European Economic Area, we rely on the following lawful bases under UK/EU GDPR:

• Contract performance (Article 6(1)(b)) – processing your name, email, phone, and website URL is necessary to deliver the free audit you requested
• Legitimate interests (Article 6(1)(f)) – analytics, fraud prevention, and service improvement. Our legitimate interests do not override your rights
• Consent (Article 6(1)(a)) – where we send marketing communications beyond the scope of your original request, we rely on your freely given, specific, and informed consent
• Legal obligation (Article 6(1)(c)) – where we are required by law to retain or disclose data

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. Third-Party Services & Data Sharing

We share data with third parties only where necessary and under appropriate agreements. Current processors and recipients include:

5.1 Email & CRM

Your contact details may be stored in our CRM and/or email delivery platform (e.g., HubSpot, Notion, or equivalent) for the purpose of delivering and following up on your audit. These processors are bound by data processing agreements.

5.2 Google (Ads, Analytics, YouTube)

This page may use Google Analytics 4 and Google Ads conversion tracking. Google may set cookies and collect browsing data as described in Google’s Privacy Policy. Embedded YouTube videos are served by Google/YouTube and are subject to YouTube’s terms if you interact with them.

5.3 Hosting & Infrastructure

Our website is hosted on infrastructure that may process IP addresses and request logs as part of normal operations. Hosting providers are selected for their compliance with applicable data protection standards.

5.4 Legal and Regulatory Disclosure

We may disclose your personal data to courts, regulators, law enforcement, or other public authorities if required by law or to protect our legal rights.

5.5 No Sale of Data

We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes.

6. Cookies & Tracking Technologies

We may use the following categories of cookies and similar technologies:

• Strictly necessary cookies – required for the website to function. Cannot be disabled
• Analytics cookies – help us understand how visitors use our pages (e.g., Google Analytics). You may opt out via your browser settings or Google’s opt-out tools
• Advertising cookies – set by Google Ads to measure ad performance and conversion. You may opt out via Google Ads Settings
• Third-party cookies – YouTube may set cookies when you play an embedded video, even before you click play, in some browser configurations

Where required by law, we will present a cookie consent banner before placing non-essential cookies. You may change your preferences at any time via your browser settings.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Audit applicants (active engagement) – retained for 24 months from the date of application or last meaningful interaction
• Audit applicants (no engagement) – if you submit the form but we do not receive a response to our follow-up communications, your data is deleted or anonymised within 6 months
• Existing clients – retained for the duration of the engagement plus 7 years for legal and accounting purposes
• Analytics data – aggregated/anonymised analytics may be retained indefinitely
• Legal hold – data subject to a legal hold is retained until the hold is lifted

At the end of the applicable retention period, data is securely deleted or irreversibly anonymised.

8. Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Right of access – request a copy of the personal data we hold about you
• Right to rectification – request correction of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) – request deletion of your personal data where there is no legitimate reason for us to continue processing it
• Right to restrict processing – request that we restrict processing of your data in certain circumstances
• Right to data portability – receive your data in a structured, commonly used, machine-readable format
• Right to object – object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent – where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint – you have the right to complain to your national data protection authority (e.g., the ICO in the UK, or your local EU supervisory authority)

To exercise any of these rights, please contact us using the details in Section 18. We will respond within 30 days (or sooner where required by law).

9. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to know – the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell)
• Right to delete – request deletion of your personal information, subject to certain exceptions
• Right to correct – request correction of inaccurate personal information
• Right to opt out of sale or sharing – we do not sell or share personal information for cross-context behavioural advertising as defined by the CPRA
• Right to limit use of sensitive personal information – we do not collect sensitive personal information as defined by the CPRA
• Right to non-discrimination – we will not discriminate against you for exercising your CCPA/CPRA rights

To submit a verifiable consumer request, please contact us via the details in Section 18. We will respond within 45 days, extendable by a further 45 days with notice.

Categories of personal information collected in the last 12 months: Identifiers (name, email, phone, IP address); internet or other electronic network activity information (browsing/click data); professional information (company website, role-related concern).

Business purposes for collection: Delivering the free audit, service communication, analytics, and advertising measurement.

10. Children’s Privacy

Our services are directed exclusively at businesses and professional users. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

11. International Data Transfers

Your personal data may be processed in countries outside your home jurisdiction, including countries that may not offer the same level of data protection as your own. Where this occurs, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission or the ICO
• Transfers to countries with adequacy decisions under UK/EU GDPR
• Processor binding corporate rules where applicable

You may request details of the safeguards we use for international transfers by contacting us at the address in Section 18.

12. AI-Generated Content Disclosure

12.1 What May Be AI-Assisted

The following types of content on our landing pages may have been created with the assistance of AI writing, image generation, or video synthesis tools:

• Copywriting and page text – some or all marketing copy, headlines, sub-headlines, and body text may have been drafted or refined using large language model (LLM) tools such as Claude, ChatGPT, or similar
• Placeholder and illustrative images – any images that do not depict real, named individuals may be AI-generated or stock imagery
• Video content – some video testimonials, case study clips, or explainer videos displayed on our pages may be partially or fully AI-generated, including the use of AI voice synthesis, AI video avatars, or AI-edited footage. Where this is the case, such content is intended to illustrate representative outcomes and experiences, not to present fabricated factual statements
• Profile images – avatar images used alongside testimonials may be AI-generated representations rather than photographs of real individuals

12.2 What Is Not AI-Generated

The substantive audit work performed for clients is conducted by real, senior human engineers. No AI tool is used as a substitute for the human analysis described in our offer. The factual claims in our core offer (5-day delivery, written PDF report, senior engineer review) reflect genuine operational commitments.

12.3 FTC Compliance

In accordance with the United States Federal Trade Commission’s Guides Concerning Endorsements and Testimonials (16 C.F.R. Part 255, updated 2023) and equivalent international guidelines, we disclose that AI-generated or AI-assisted content exists on our website. We do not intend for any AI-generated content to constitute a false or misleading factual claim.

12.4 Questions About Specific Content

If you have a question about whether specific content on our pages is AI-generated or represents a real client, person, or outcome, please contact us at the address in Section 18.

13. Testimonials, Reviews & Results Disclosure

13.1 Nature of Testimonials

Testimonials, quotes, and case study results displayed on this website and associated landing pages represent a range of experiences from past clients and contacts. These may include:

• Direct quotes from real clients provided voluntarily
• Quotes edited for length or clarity with the client’s knowledge
• Representative composite summaries of common client experiences
• AI-generated illustrative testimonials intended to reflect typical outcomes (see Section 12)
• Reviews that were solicited, incentivised, or facilitated (see Section 14)

13.2 Results Are Not Guaranteed

Any results, metrics, or outcomes referenced in testimonials (e.g., deal close rates, drop-off reduction, development velocity) reflect the specific circumstances of individual clients and are not typical results. Your results will vary depending on your product, market, team, implementation, and other factors. Nothing on this website constitutes a guarantee of any specific outcome.

13.3 Third-Party Review Platforms

Where reviews from third-party platforms (such as GoodFirms, Clutch, Google, or similar) are displayed, we endeavour to display only genuine reviews. We are not responsible for the accuracy of reviews submitted by third parties to independent platforms.

13.4 Ratings and Star Scores

Any star ratings, numerical scores, or aggregate review counts displayed on our pages are either sourced from verified third-party platforms or are illustrative representations. Where illustrative, they are labelled accordingly or disclosed in this policy.

14. Online Reputation Management (ORM) Disclosure

14.1 Use of ORM Services

Hashbyt has engaged, or may in the future engage, Online Reputation Management (ORM) agencies or reputation consultancies. These firms may have:

• Solicited reviews from past or current clients on our behalf
• Facilitated the submission of reviews to third-party platforms (including GoodFirms, Clutch, Google Business Profile, or similar)
• Incentivised review submission through service discounts, gifts, or other benefits provided to reviewers
• Drafted or edited review content in collaboration with the reviewing party
• Managed the publication and display of review content on our own pages

14.2 Reviewer Independence

Where reviews were solicited or incentivised, we have required that reviewers express only genuine opinions based on their actual experience with Hashbyt. We do not knowingly publish fabricated reviews from individuals who have not engaged with our services.

14.3 Identifying ORM-Influenced Content

We acknowledge that it may not always be immediately apparent to a reader which reviews were organically provided versus solicited through ORM activities. This policy constitutes our blanket disclosure that some reviews on our pages may have been influenced by ORM engagement. If you have a specific question about a particular review, please contact us.

14.4 FTC and ASA Compliance

This disclosure is made in compliance with:

• The FTC’s Guides Concerning Endorsements and Testimonials (16 C.F.R. Part 255), as updated in 2023, which require disclosure of material connections between endorsers and the company being endorsed
• The UK Advertising Standards Authority (ASA) CAP Code rules on testimonials and endorsements
• The EU Omnibus Directive and Unfair Commercial Practices Directive requirements regarding consumer reviews

15. Results Disclaimer

References on this website to specific outcomes such as “40%+ reduction in demo drop-off”, “closed stalled enterprise deals”, or “4× faster delivery” are based on reported experiences of specific clients under specific circumstances and are not a representation that you will achieve the same or similar results.

Individual results depend on a wide range of factors including but not limited to: the nature of your product, your market and competitive environment, your team’s capacity to act on recommendations, the quality of implementation, external market conditions, and factors beyond our control.

Nothing on this website constitutes a warranty, representation, or guarantee of any specific business or commercial outcome.

16. Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

• HTTPS/TLS encryption for all data in transit
• Access controls limiting data access to authorised personnel only
• Regular review of our data handling practices

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you become aware of a security vulnerability or believe your data may have been compromised, please notify us immediately at the address in Section 18.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (as required by UK/EU GDPR Article 33) and will notify affected individuals where required by Article 34.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• If you are an existing client or have submitted your contact details, we may notify you by email of significant changes

Your continued use of our website after changes are posted constitutes your acknowledgement of the updated policy. We encourage you to review this policy periodically.

18. Contact & Data Controller

For any privacy-related queries, to exercise your rights, or to report a concern, please contact:

We aim to respond to all privacy-related requests within 30 calendar days. For complex requests, we may extend this by a further 60 days with written notice.

If you are not satisfied with our response, you have the right to complain to the relevant supervisory authority:

• UK: Information Commissioner’s Office (ICO) — ico.org.uk
• EU: Your local national data protection authority (find yours at edpb.europa.eu)
• USA: Federal Trade Commission — ftc.gov