Introduction

Welcome to BTO IT (the "Service"), operated by BTO IT ("we," "us," or "our"), accessible at https://btoit.com. We provide AI-powered tools for creating viral videos, images, SEO-optimized posts, audio content, chatbots, and more, with over 52 specialized tools accessible via subscription plans. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. It applies to all users, including those in the European Economic Area (EEA) under GDPR and California residents under CCPA/CPRA.

By using the Service, you consent to the practices described here. If you do not agree, please do not use the Service. This policy complies with applicable laws, including GDPR and CCPA/CPRA. We may update this policy; changes will be posted here with the new effective date, and significant updates will be notified via email or in-app notices.

1. Information We Collect

We collect information to provide, improve, and secure our Service. This includes:

Personal Data

• Account Information: When you register for a free trial or paid plan, we collect your name, email address, phone number (optional), and billing details (e.g., payment method via third-party processors).
• User Inputs: Prompts, keywords, and content you provide to our AI tools (e.g., text for SEO posts, images for generation, or audio scripts). This may include sensitive details if you input them.
• Generated Content: Outputs from our tools, such as videos, images, or chatbots, which we temporarily store for your access.

Usage Data

• Automatically collected via logs: IP address, device type, browser info, pages visited, time spent, and interaction data (e.g., tool usage frequency).
• For analytics: How you use tools, like which AI models you select or export patterns.

Cookies and Tracking Technologies

We use essential cookies for functionality (e.g., session management) and analytics cookies (e.g., Google Analytics) for performance tracking. You can manage preferences via browser settings or our cookie banner. We do not support "Do Not Track" signals yet but honor opt-outs where required.

We do not collect sensitive personal data (e.g., health or racial info) unless you voluntarily provide it in prompts, in which case you are responsible for compliance.

2. How We Use Your Information

We use your data for legitimate business purposes, with your consent where required (e.g., marketing):

• Service Delivery: To create accounts, process payments, run AI tools via OpenRouter API, and deliver generated content.
• Improvement and Analytics: To analyze usage trends, enhance tools (e.g., better AI models), and debug issues.
• Communication: Send service updates, billing receipts, support responses, or promotional emails (you can opt out).
• Security and Compliance: Detect fraud, enforce terms, and meet legal obligations.
• Personalization: Tailor recommendations based on your tool usage.

Legal bases (GDPR): Contract performance, legitimate interests, or consent. Under CCPA/CPRA, we do not "sell" or "share" personal data for cross-context behavioral advertising.

3. Sharing Your Information

We share data only as necessary:

• Service Providers: With trusted partners like OpenRouter (for AI processing), Stripe (payments), AWS (storage), and analytics tools. They are bound by data processing agreements.
• Business Transfers: In mergers, acquisitions, or asset sales.
• Legal Requirements: To comply with laws, subpoenas, or protect rights/safety.
• With Consent: For other purposes, like sharing generated content publicly.

We do not share user prompts or generated content with third parties without your explicit permission, except as needed for tool functionality.

4. Data Retention and Deletion

• Personal Data: Retained as long as your account is active, plus 30 days post-deletion for backups. Billing data kept for 7 years for tax purposes.
• Usage and Inputs: Deleted after 90 days of inactivity or upon request; generated content stored per your plan (10-40 GB limits).
• Requests: We honor deletion requests within 45 days (GDPR) or 30 days (CCPA/CPRA), except for legal holds.

5. International Data Transfers

Data is processed in the US (our servers) and may be transferred to EEA users. We use Standard Contractual Clauses (SCCs) for GDPR compliance and ensure equivalent protections.

6. Security Measures

We implement reasonable safeguards: encryption (TLS for transit, AES-256 at rest), access controls, regular audits, and employee training. However, no system is infallible; we cannot guarantee absolute security. Report vulnerabilities to support@btoit.com.

7. Your Rights and Choices

You have control over your data:

• Access/Correction: View or update your info via account settings.
• Deletion/Portability: Request erasure or export (email privacy@btoit.com).
• Opt-Out: Unsubscribe from emails; withdraw consent anytime.
• GDPR Rights: Rectification, objection, restriction; contact our Data Protection Officer.
• CCPA/CPRA Rights: Know, delete, correct, opt-out of sharing (via "Do Not Sell/Share" link in footer); no discrimination for exercising rights.

For California residents: In the past 12 months, we collected categories like identifiers (email) and usage data; shared with service providers but not sold. Submit verified requests twice yearly.

8. Children's Privacy

Our Service is not for children under 13 (US) or 16 (EEA). We do not knowingly collect their data; parents can request deletion.

9. Third-Party Links

Our site may link to third parties (e.g., OpenRouter); we are not responsible for their practices.

10. Changes to This Policy

We may revise this policy; continued use constitutes acceptance. Check periodically.