ByPath

Privacy Policy

Last updated: May 31, 2026

What we collect

When you create a ByPath account we store: your email address, hashed password, your niche/city/audience-description (from onboarding), your subscription tier, and your usage history (search queries, signals you saved or dismissed). We do NOT collect: your social-media passwords, your real name (unless you provide it), payment card details (Stripe handles those).

Public posts we surface

ByPath surfaces ONLY publicly visible posts from public profiles on social platforms (Instagram, Twitter/X, LinkedIn, Threads, Reddit, etc.). We do not access private accounts, private messages, or any content that requires login to view. Anything we show you, any user could find with the right search query — we just do the work for you.

Contact enrichment

When you click "Find contacts" we look for publicly available email addresses, phone numbers, and personal websites associated with the post author. These are gathered from public sources (the author's own bio, linked social profiles, public business directories). We do not use leaked databases, scraped private messaging APIs, or any non-public data source.

Your obligations

You must comply with each platform's own Terms of Service when contacting people surfaced by ByPath. Send warm, contextual outreach — not bulk spam. We expect you to write personalized messages (and we provide a draft DM to help). Mass automated outreach using ByPath data is forbidden and grounds for account termination.

GDPR / data deletion

You can request deletion of your ByPath account and all associated data at any time by emailing hello@bypath.app — we process deletion requests within 7 days. If a person whose public post we surfaced wishes to be excluded from future ByPath results, they can email opt-out@bypath.app with their handle/username, and we will add them to a global exclude list within 48 hours.

Cookies

We use one essential cookie: bypath_session — your login session. No tracking cookies. No third-party advertising cookies. No analytics that share data with Google/Meta/etc. Our analytics (PostHog) runs on our own server.

Third parties

We use these third-party services to run ByPath: Stripe (billing — they receive only your card details + email), OpenAI (AI classification of public posts — we send post text + your search criteria; no PII beyond what's in the public post), Apify (scraping public social posts), Resend (sending you transactional emails), Hetzner (server hosting in Germany), Vercel (frontend hosting). We sign DPA agreements where required.

Contact

Privacy questions: privacy@bypath.app