Privacy Policy

1. Who we are

BHTN Technologies Inc. ("BHTN", "we", "us", "our") is a Delaware C-Corporation operating the website bhtn.io (the "Site") and developing the ZeRDA product family. This policy covers the Site and the business email mailbox info@bhtn.io. It does not cover the ZeRDA runtime itself, which is deployed by customers in their own AWS accounts and is governed by the terms of their commercial agreement with BHTN.

2. What we collect

We practice data minimization. The Site is a static marketing site with no user accounts, no login, no forms that persist to a database, and no third-party advertising or tracking cookies.

• Email you send us. When you email info@bhtn.io, we receive whatever you include: your email address, name, organization, message body, and any attachments. This inbox is monitored by BHTN staff and is hosted by our corporate email provider.
• Server-side request logs (CloudFront). As of the date above, CloudFront access logging is disabled. If we re-enable it in the future (for security or performance analysis), standard CDN fields would be retained: timestamp, IP address, requested URL, HTTP status, user-agent, referrer. Retention would be 30 days unless needed for an active security investigation.
• Privacy-preserving analytics (optional, opt-out by default today). We may deploy Plausible Analytics, a cookieless, IP-anonymized analytics service that does not track individuals across sites and does not set cookies. If and when enabled, we will update this policy and the disclosure on the Site. No personal data is collected by Plausible by design.
• No cookies we set ourselves. The Site does not set first-party cookies or use localStorage for tracking.

3. What we do not collect

• No ad-tech, retargeting pixels, or third-party marketing cookies.
• No fingerprinting.
• No session recording.
• No sale of personal information. We do not sell personal information under any definition, including CCPA's.

4. How we use information you send us

We use email you send to info@bhtn.io to:

• Respond to your inquiry (pilot, technical briefing, investor, press, or general).
• Keep context for follow-up communication on the same thread.
• Maintain an audit trail of inbound business correspondence as part of ordinary corporate records.

We do not add inbound emailers to any marketing list. We do not send newsletters or campaigns. If we later operate a subscriber list, it will be explicit opt-in only.

5. How long we keep information

• Email correspondence: retained for the duration of the business relationship and for a reasonable period afterward as a corporate record, in line with standard business-records practice.
• CloudFront logs (if enabled): 30 days, except where required for a security investigation.
• Analytics aggregates (if enabled): aggregate, non-personal counts may be retained indefinitely. No individual-level data is retained because none is collected.

6. Who we share information with

We do not sell, rent, or trade personal information. We share information only with the service providers that operate the infrastructure behind the Site and the mailbox, and only to the extent necessary for them to provide their service:

• Amazon Web Services — CloudFront, S3, Route53, ACM (Site hosting and delivery).
• Corporate email provider — for the bhtn.io mailbox.
• GitHub — repository and CI for the Site's source code (no user data stored here).
• Plausible Analytics — only if and when enabled; cookieless, aggregate only.

We may also disclose information if required by valid legal process, or to protect the rights, property, or safety of BHTN, our customers, or the public.

7. Security

The Site is served over HTTPS only (HSTS preload), with a strict Content Security Policy, frame-deny, and SRI where applicable. See Trust & Security for the full set of response headers we enforce. Mail in transit uses STARTTLS where supported by the sender's provider. Organizational access to the inbox is limited to BHTN personnel with a business need.

No system is perfectly secure. If you believe you have found a vulnerability in the Site, please email info@bhtn.io with the subject line "Security".

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port the personal information we hold about you (for example, under the GDPR, UK GDPR, or CCPA/CPRA). To exercise these rights, email info@bhtn.io with the subject line "Privacy request", from the address you contacted us from. We will respond within the timeframe required by applicable law.

You may also lodge a complaint with your local data protection authority.

9. International transfers

BHTN is incorporated in the United States. Email you send us is processed in the United States. If you contact us from outside the United States, you consent to the transfer of your information to the United States, subject to appropriate safeguards where required by law.

10. Children

The Site is intended for business audiences and is not directed at children under 16. We do not knowingly collect personal information from children.

11. Changes to this policy

We will update this page when practices change, and we will revise the "Last updated" date at the top. Material changes will be called out clearly. Continued use of the Site after an update constitutes acceptance of the revised policy.

12. Contact

All inquiries — privacy, security, or general — go to info@bhtn.io. Use a subject line that reflects the topic ("Privacy request", "Security", etc.) so we can route appropriately.

BHTN Technologies Inc.
Delaware, United States