Privacy Policy

How we handle your data, written in plain language.

Effective date: February 2, 2026 · Last updated: February 2, 2026

Introduction

KA13 Security Labs ("we", "us", "our") builds Baselyt, a privacy-first mobile security application. This policy covers our website at baselyt.com and the Baselyt mobile application (when available).

We believe privacy policies should be readable. If anything here is unclear, email us at privacy@baselyt.com.

What the Baselyt app collects

Baselyt collects metadata only, processed entirely on your device by default:

  • Network connection metadata (domains contacted, request frequency, timing patterns)
  • Permission usage events (which permissions each app holds and when they change)
  • App install and update metadata (package names, version numbers, install sources)
  • Behavioral patterns (background activity levels, resource usage trends)

All of this is analyzed on-device. Nothing is uploaded to our servers by default.

What we never collect

  • Message content (texts, emails, chat messages)
  • Browsing history or website content
  • Keystrokes or text input
  • Screen contents or screenshots
  • Decrypted network traffic (we do not perform TLS interception)
  • Precise location data (unless an app you monitor requests it, and only the metadata of that request)

Website data

When you interact with baselyt.com, we collect:

Waitlist

Your email address and optional device information (Android version, device brand, intended use case) are stored in a hosted database (Supabase). This data is used solely for beta access coordination and is never sold.

Contact form

Your name, email, and message are stored in a hosted database (Supabase) so we can respond to your inquiry.

Hosting

Our website is hosted on Cloudflare Pages. Cloudflare may collect standard access logs (IP address, browser type, pages visited) per their own privacy policy.

Third-party services

  • Supabase - Database hosting for waitlist and contact form data
  • Resend - Transactional email delivery (confirmation emails, notifications)
  • Cloudflare - Website hosting and CDN

We do not use analytics scripts, advertising trackers, or third-party cookies on our website.

Data retention

  • Waitlist data

    Retained until beta launch plus 90 days, or until you request deletion.

  • Contact messages

    Retained for up to 1 year.

  • App data (Baselyt)

    Stored locally on your device only. Deleted when you uninstall the app or use the in-app purge function.

Your rights

You can:

  • Request access to the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Unsubscribe from emails at any time

To exercise any of these rights, email privacy@baselyt.com. We respond within 30 days.

Children's privacy

Our services are not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will delete it.

Changes to this policy

We may update this policy as our product evolves. Changes will be posted on this page with an updated effective date. Material changes will be communicated via email to waitlist subscribers.

Contact

For privacy-related questions: privacy@baselyt.com

For general inquiries: Contact form