Privacy Policy
Last updated: 13 April 2026
Bitir ("we", "us", "our") operates the Bitir mobile application and related services. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it.
Bitir is a privacy-first platform. We collect only what is necessary to provide the service and we do not sell, rent, or share your personal data with third parties for marketing purposes.
1. Data we collect
Account data. When you sign up, we collect your phone number to verify your identity via SMS. You may optionally provide a display name and profile photo.
Group data. Messages, photos, files, poll responses, goal progress, and other content you post within a group are stored to provide the service. This content is visible to other members and managers of that group.
Device data. If you enable push notifications, we store a device token to deliver notifications. We also collect basic device information (operating system, app version) for troubleshooting.
Usage data. We collect minimal usage data such as login times and feature interactions to maintain and improve the service. We do not use third-party analytics trackers.
2. How we use your data
- To verify your identity and manage your account.
- To deliver messages, notifications, and content within your groups.
- To operate, maintain, and improve the service.
- To send you transactional messages (OTP codes, group invitations).
- To enforce our Terms of Service and protect users from abuse.
3. Data storage and security
Your data is stored on servers located in the United Kingdom. Sensitive data including phone numbers, OTP codes, and session tokens are encrypted at rest using AES-256-GCM. Lookup fields are hashed with HMAC-SHA256 so that plaintext values are never stored.
All connections between the app and our servers use HTTPS/TLS encryption in transit.
We retain your data for as long as your account is active. If you delete your account, your personal data is removed. Group messages you sent may remain visible to other group members as part of the group history.
4. Data sharing
We do not sell or rent your personal data. We may share data only in the following circumstances:
- Within your groups. Content you post is visible to other members and managers of that group.
- Service providers. We use third-party services to operate Bitir, including cloud hosting (Microsoft Azure), SMS delivery (Twilio or AWS SNS), and push notifications (Firebase Cloud Messaging). These providers process data only as necessary to provide their services and are bound by their own privacy policies.
- Legal requirements. We may disclose data if required by law, regulation, or legal process.
5. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your account and associated personal data.
- Object to or restrict certain processing of your data.
- Request a portable copy of your data.
To exercise any of these rights, contact us at privacy@bitir.co.uk.
6. Children
Bitir is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
7. Cookies
The Bitir mobile app does not use cookies. If you access Bitir through a web browser, we may use essential cookies required for the service to function. We do not use advertising or tracking cookies.
8. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by other appropriate means. The "Last updated" date at the top indicates the most recent revision.
9. Contact
If you have questions about this Privacy Policy or your personal data, contact us at: