Privacy Policy

ByteMentor AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered programming learning platform at bytementor.ai. By using ByteMentor AI, you consent to the practices described herein.

1. Data We Collect

We collect the following categories of information to provide and improve our services:

• Account Information: Name, email address, and profile picture provided by your OAuth provider (GitHub or Google) when you sign in. We do not store passwords.
• Onboarding Data: Years of experience, self-assessed coding expertise level, target company tier, target companies, preferred problem sheet, and primary learning goal. You provide this voluntarily during setup.
• Resume Text: If you use the Jobs feature, you may paste resume text for AI-powered job matching. This is stored in your account until you delete it.
• Learning and Practice Data: Lesson progress, practice scores, problem attempts (including difficulty, time spent, hints used, scores), code submissions, AI evaluations, interview simulation responses, behavioral session answers, and study plans.
• Skill Mastery Data: Our adaptive engine tracks mastery across 500+ micro-skills using skill evidence records, spaced repetition schedules, Bloom's taxonomy progression, and cognitive phase data. This powers personalized problem generation and learning recommendations.
• Chat History: Messages exchanged with the AI tutor (ByteGuide), including your questions and AI responses.
• Usage Data: Daily feature usage counts (practice problems completed, tutor messages sent, session time), pages visited, and interaction patterns used for streak tracking, XP calculation, and daily goal progress.
• Email Address (Newsletter): If you subscribe to our newsletter, we store your email address and subscription source. You can unsubscribe at any time.

2. Guest Visitors

Visitors without an account can try each practice tool once, for free. To enforce that one-try-per-tool limit without requiring signup, we derive a privacy-preserving server-side fingerprint from your HTTP request headers:

• The first three octets of your IPv4 address (the /24 network prefix) or the first 64 bits of your IPv6 address. We do not store your full IP address.
• Your User-Agent string (browser and operating system identifier).
• Your Accept-Language header (browser locale preference).
• Browser platform hints (sec-ch-ua-platform, sec-ch-ua-mobile) if your browser sends them.

These signals are combined and passed through SHA-256; we keep only the first 24 hexadecimal characters of the resulting hash. The hash itself is opaque. It cannot be reversed to recover your IP address, User-Agent, or any other input. We use this fingerprint exclusively to enforce the free-trial limit per practice tool and a daily cap per network prefix, both for abuse prevention.

Guest usage records are retained for 90 days, after which they are permanently deleted. Clearing your browser cookies does not reset the fingerprint because we do not read cookies to derive it. Creating an account is the simplest way to stop relying on fingerprinting. Authenticated usage is tied to your account, not to request headers.

Legal basis: legitimate interest in preventing abuse of free services (GDPR Art. 6(1)(f)). If you are in the EEA and object to this processing, please contact us. Note that we may refuse guest access to practice tools if we cannot apply the fingerprint.

3. AI Processing

ByteMentor AI uses third-party AI providers to deliver its core functionality. When you use features such as the AI tutor, code evaluation, practice exercises, or mock interviews:

• Your code submissions and prompts are sent to AI providers (Anthropic Claude, OpenAI GPT, and/or Google Gemini) for analysis and response generation.
• We transmit only the data necessary for the specific feature you are using. We do not send your full account profile, learning history, or credentials to AI providers.
• System prompts may be cached by AI providers for performance optimization. Cached prompts contain instructions only, not your personal data.
• AI provider responses are processed by our servers and returned to you. We store AI-generated evaluations and feedback alongside your progress data.
• Each AI provider has its own data handling and retention policies. We encourage you to review Anthropic's, OpenAI's, and Google's respective privacy policies.

4. Cookies, Analytics, and Session Management

We use cookies and similar technologies to manage your session and provide a seamless experience:

• Authentication Cookies: Secure, HTTP-only cookies managed by NextAuth to maintain your signed-in session. These are essential for the platform to function.
• Preference Storage: Your display preferences (theme, language) are stored in your browser's local storage.
• Google Analytics: We use Google Analytics to understand aggregate usage patterns. For users in the European Economic Area (EEA), analytics are loaded only after explicit consent via a cookie banner. Analytics data is anonymized and used solely to improve the platform.

We do not use third-party advertising or tracking cookies.

5. Data Retention

Your data is retained permanently while your account is active. This includes chat history, practice sessions, evaluations, code submissions, skill mastery records, study plans, and all other learning data.

You may request deletion of your account and all associated data at any time by contacting us. Upon deletion, we will remove your personal data from our active databases within 30 days. Residual copies in encrypted backups may persist for up to 90 days before being purged.

6. Third-Party Services

ByteMentor AI integrates with the following third-party services:

• Anthropic (Claude): Primary AI model provider for code analysis, tutoring, evaluations, and problem generation.
• OpenAI (GPT): Alternative AI model provider for code analysis and generation.
• Google AI (Gemini): Alternative AI model provider for code analysis and generation.
• Dodo Payments: Processes subscription payments for Pro tier. We do not store your payment card details. All payment data is handled by Dodo Payments under their own privacy policy.
• GitHub & Google OAuth: Used for authentication. We receive only the basic profile information (name, email, avatar) you authorize during sign-in.
• RapidAPI (JSearch): Used to fetch job listings in the Jobs feature. Only search keywords and location are transmitted. No personal data is sent.
• Google Analytics: Collects anonymized usage data with GDPR-compliant consent for EEA users.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Deletion: Request that we delete your account and all associated data.
• Right to Export: Request an export of your data in a portable, machine-readable format (JSON).
• Right to Correction: Request correction of inaccurate personal data.
• Right to Restrict Processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

ByteMentor AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy at any time, at our sole discretion, without prior notice. When we make changes, we will update the "Last updated" date at the top of this page. Changes take effect immediately upon posting. It is your responsibility to review this policy periodically. Your continued use of ByteMentor AI after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: