ReleaseBytes

Privacy Policy

Last updated: 15 June 2026

This policy explains how ReleaseBytes (“we”, “us”) collects and uses your personal data when you use releasebytes.com. You can contact us via our contact page.

What we collect

  • Account & sign-in: we offer sign-in with Google only. When you sign in, we receive your email address, name and a Google account identifier. We do not store any password.
  • Session data: when you log in we record your IP address and browser user-agent to operate and secure your session.
  • Release alerts: the platforms, categories and release types you subscribe to, and the email address alerts are sent to.
  • Analytics: with your consent, Google Analytics collects usage data (pages viewed, approximate location, device/browser).
  • Messages: anything you send us via the contact form.

Why we use it and our legal basis

  • To provide your account and alerts - performance of a contract.
  • To send release-alert emails you’ve requested - consent.
  • To keep the service secure (e.g. session/IP records, rate limiting) - legitimate interests.
  • Analytics - consent (you can accept or reject via the cookie banner).

Cookies

We use two kinds of cookies:

  • Strictly necessary: session and security cookies (rb_session, rb_csrf) that keep you signed in. These are required and set without consent.
  • Analytics (optional): Google Analytics cookies are only set if you accept them in the cookie banner. Until then, no analytics cookies are placed.

Who we share it with

We don’t sell your data. We use a small number of service providers (processors) to run the service:

  • Google Cloud - hosting and database, stored in the UK (London region).
  • Google - “Sign in with Google” authentication.
  • Cloudflare - content delivery and security (processes requests/IPs).
  • Resend - sending account and alert emails.
  • Google Analytics - usage analytics (only with your consent).

Where your data is stored

Your account data is stored in Google Cloud’s London (europe-west2) region. Some processors (e.g. analytics, email) may process data outside the UK under appropriate safeguards.

How long we keep it

We keep your account data for as long as your account is active. If you delete your account, we delete your personal data within [30] days, except where we must retain it to meet legal obligations. Session records and tokens expire automatically.

Your rights

Under UK GDPR you have the right to access, correct, delete or export your data, to object to or restrict processing, and to withdraw consent at any time. To exercise any of these, email [email protected].

You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Changes

We may update this policy from time to time. We’ll update the “last updated” date above when we do.