Bawte

Privacy Policy

Last updated February 25, 2026

Bawte, Inc. (“Bawte,” “we,” “us,” or “our”) operates the Bawte platform, including the consumer application at app.bawte.com and the brand dashboard at dashboard.bawte.com (together, the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

  • Email address (required) — used for account creation, authentication, and communications
  • Phone number (optional) — used for SMS updates if you choose to provide it
  • Purchase date — when you bought the product you are registering
  • Retailer — where you purchased the product
  • Name — first and last name, if you choose to add it to your profile
  • Shipping address — if you claim a physical gift or add an address to your profile
  • Receipt photo — if you upload a purchase receipt to support a warranty claim

1.2 Information Collected Automatically

When you scan a QR code and register a product, we automatically collect:

  • Device type — whether you are using iOS, Android, or a desktop browser, derived from your browser's user-agent string
  • Approximate location — your city and state, determined by your browser's geolocation API (with your permission) or estimated from your IP address. We do not store precise GPS coordinates.

1.3 Behavioral Data

After you register a product, we collect first-party analytics about how you interact with that product's page within our Services. This includes page views, which resources you click (such as manuals or videos), whether you contact support, and approximate time spent on the page. We do not use third-party analytics or tracking services.

1.4 Third-Party Enrichment

When you register your first product with a brand, we may send your email address (and phone number, if provided) to third-party data services to supplement your profile with publicly available information. This may include:

  • Full name, gender, and approximate age range
  • Employment information (job title, company, industry)
  • General location (city, state, country)
  • Links to public social media profiles (LinkedIn, Twitter, etc.)
  • Phone carrier and line type (mobile, landline, VoIP)

This enrichment is performed server-side using People Data Labs and Twilio Lookup. Your data is never sold to these providers; it is used solely to look up publicly available information associated with your contact details.

1.5 Cookies and Local Storage

We use essential cookies to maintain your authenticated session. These are set and managed by our authentication provider (Supabase) and are necessary for the Services to function. We do not use advertising, marketing, or third-party tracking cookies.

We use your browser's local storage to save your text size preference and to temporarily hold form data during the registration process (automatically cleared after one hour).

2. How We Use Your Information

We use the information we collect to:

  • Provide the Services — register your products, track warranties, deliver incentives and rewards
  • Authenticate your identity — send one-time passcodes and magic links via email
  • Connect you with brands — share your registration information with the brand whose product you registered so they can honor your warranty, deliver incentives, and provide support
  • Improve our Services — understand usage patterns and improve the product experience
  • Communicate with you — send transactional emails related to your registrations, incentives, and account
  • Prevent fraud — detect and prevent duplicate or fraudulent registrations

3. How We Share Your Information

3.1 With Brands

When you register a product, the brand that manufactures that product receives the following information about you:

  • Your email address, phone number (if provided), and name (if provided)
  • Your purchase date and retailer
  • Your shipping address (if you claim a physical gift)
  • Behavioral analytics (page views, resource clicks, support contacts)
  • Third-party enrichment data (employment, location, social profiles, phone intelligence) as described in Section 1.4

Brands access this data through the Bawte dashboard, API, and real-time webhooks. Brands are contractually obligated to use your data only for the purposes of product support, warranty administration, and the specific incentives offered through our platform.

3.2 With Service Providers

We use the following third-party service providers to operate our Services:

  • Supabase (database, authentication, edge functions) — hosted on AWS in the United States
  • Vercel (application hosting, edge network) — United States
  • Resend (email delivery) — United States
  • People Data Labs (identity enrichment) — United States
  • Twilio (phone number intelligence) — United States

These providers process your data on our behalf and are bound by their own privacy policies and data protection obligations. We do not sell your personal information to any third party.

3.3 As Required by Law

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We take the security of your data seriously. Our measures include:

  • Encryption in transit — all connections use TLS (HTTPS). No unencrypted traffic is accepted.
  • Encryption at rest — database storage is AES-256 encrypted at the infrastructure level.
  • Row-Level Security — enforced on all database tables so that users can only access their own data.
  • Passwordless authentication — we use one-time email codes instead of passwords, eliminating password-related breaches.
  • Rate limiting — applied to authentication and API endpoints to prevent abuse.
  • Input validation — all inputs are validated server-side to prevent injection attacks.
  • Private receipt storage — receipt images are stored in a private bucket accessible only through time-limited signed URLs.

Bawte does not use end-to-end encryption. Data is decrypted and processed server-side to provide dashboards, analytics, and webhook delivery. For more details, see our Security Policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Specifically:

  • Account data — retained as long as your account exists
  • Product registrations — when you remove a registration, it is soft-deleted (marked as removed but retained in our database for warranty and audit purposes)
  • Receipt images — retained for the duration of the warranty period plus one year
  • Enrichment data — retained as long as your account is active
  • Behavioral analytics — retained for up to 24 months

If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law or for legitimate business purposes (such as resolving disputes or enforcing our terms).

6. Your Rights and Choices

6.1 All Users

  • Access your data — view your registrations, profile, and rewards in your account
  • Update your data — edit your profile, phone number, name, and addresses at any time
  • Remove registrations — remove individual product registrations from your account
  • Delete your account — contact us at privacy@bawte.com to request full account deletion
  • Text size — adjust the app's text size in your profile settings

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to know — request the categories and specific pieces of personal information we have collected about you
  • Right to delete — request deletion of your personal information
  • Right to correct — request correction of inaccurate personal information
  • Right to opt out of sale or sharing — we do not sell your personal information. We share information with brands as described in Section 3.1 as part of providing the Services you requested.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights

To exercise these rights, email us at privacy@bawte.com. We will verify your identity and respond within 45 days.

6.3 Location Data

You can prevent us from collecting your precise location by denying the browser's geolocation permission when prompted. We will still estimate your general location from your IP address for fraud prevention purposes.

7. Children's Privacy

Our Services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@bawte.com.

8. International Users

Our Services are operated in the United States. If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our Services, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at: