Please rotate your device

Dlyte works best in portrait mode. Please rotate your phone to continue.

    DLYTE Logo

    Privacy Policy

    Last updated: March 1, 2026

    About This Policy

    Introduction

    This Privacy Policy is issued by Dlyte Pty Ltd (ACN 636 076 885) ("Dlyte," "we," "our," or "us"). Dlyte is committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the Australian Privacy Act 1988 (Cth), the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable.

    This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our platform at dlyte.io (the "Platform") — a two-sided marketplace connecting businesses with qualified product testers.

    Definitions

    In this Privacy Policy, we use the following terms:

    • "Business" refers to individuals or organisations that use the Platform to create testing projects, define audience criteria, and receive research signals about their digital products.
    • "Tester" refers to individuals who register on the Platform to participate in product testing opportunities and receive compensation for their contributions.
    • "Visitor" refers to anyone browsing our website or enquiring about our services without a registered account.

    You may belong to more than one of these groups, in which case multiple sections of this Privacy Policy will apply to you.

    Our Role

    Dlyte as data controller: We act as a data controller when we collect and process personal data directly from you — for example, when you register an account, build a tester profile, create a testing project, or contact us. As data controller, we determine the purposes and means of processing your personal data.

    Dlyte as data processor: When facilitating testing projects on behalf of Businesses, we may process Tester data on the Business's instructions. In these cases, the Business acts as the data controller and Dlyte acts as a data processor. We encourage you to review the privacy policies of any Business whose testing projects you participate in.

    Information We Collect

    For All Users

    • Email address and password (encrypted)
    • Authentication data (password or Google login if used)
    • Session information and login history
    • User preferences and dashboard settings
    • Returning user preference — your account type (business or tester) is stored in your browser so you are directed to the appropriate sign-in page on return visits. This can be cleared by deleting your browser data.

    For Testers

    We collect comprehensive profile information to help Businesses find qualified Testers. This data is used to match you with relevant testing opportunities and is only presented to Businesses in anonymised, aggregate form.

    Demographics & Location:

    • Date of birth (to determine age range: 18-25, 26-35, 36-50, 51-64, 65+)
    • Gender identity
    • Location (country, state/region)
    • Area type (metropolitan or regional)
    • Cultural background (optional, for diversity insights)

    Languages & Proficiency:

    • Languages spoken (up to 4 languages)
    • Proficiency level for each language (Native, Fluent, Conversational, or Basic)
    • Multilingual capability classification

    Family & Lifestyle:

    • Marital status
    • Household income range
    • Parental status (whether you have children under 18) and number of children
    • Home ownership status (renting, own outright, mortgage, or other)
    • Education level (high school, trade/vocational, undergraduate, postgraduate, or other)
    • Online shopping frequency (optional)

    Professional Information:

    • Employment status (Full-time, Part-time, Self-employed, Student, Retired, etc.)
    • Business affiliation (whether you are a business owner, employee of a business, or neither)
    • Company size and your role in the company (if applicable)
    • Employment industry sectors (if applicable)

    Accessibility & Inclusivity:

    • Functional access needs (vision, hearing, motor, cognitive support requirements)
    • Assistive technology usage (optional)
    • Note: All accessibility data collection includes "Prefer not to say" options

    Technology & Devices:

    • Web expertise level (Beginner, Intermediate, Advanced, Expert)
    • Devices owned (smartphones, tablets, laptops, desktops)
    • Browsers used (Chrome, Firefox, Safari, Edge, etc.)
    • Operating systems

    Industry Interests:

    • Industries you are interested in testing for
    • Product testing preferences

    Sector-Specific Behavioural Data:

    When you express interest in certain industry categories, you may be invited to complete additional profile questions specific to those sectors. Completing these optional modules improves your eligibility for more relevant — and often higher-paid — testing studies. The sector modules and the types of data collected are:

    • Housing & Real Estate — property ownership, investment property activity, home purchase timeline, and real estate behaviour
    • Telecommunications — current provider, plan type, switching history, monthly spend, and services used
    • Banking & Finance — primary bank, financial products held, banking preferences, switching history, and buy-now-pay-later usage
    • Insurance — insurance types held, primary provider, claims history, and comparison shopping behaviour

    These modules are entirely voluntary. You choose which sectors to complete based on your interests, and you can update or remove your responses at any time.

    Reliability & Quality Data:

    To maintain the quality of our testing community and ensure fair matching, we track platform usage patterns and response quality metrics. This includes study completion rates, response consistency, and engagement history. This data is used internally to prioritise reliable Testers for study opportunities and is not shared with Businesses.

    For Businesses

    • Company name and website
    • Business type (Startup, Agency, Enterprise, etc.)
    • Agency type (if applicable: Digital, Marketing, Consulting, etc.)
    • Primary industry or client industries served
    • Company size and location
    • Contact information

    For Visitors

    • Analytics data collected through cookies (see Cookies & Analytics below)
    • Enquiry details if you contact us

    Sensitive Data

    Some information we collect — such as accessibility needs, cultural background, and gender identity — may be considered sensitive or special category data under applicable data protection laws. We only collect this data with your explicit consent, and you always have the option to select "Prefer not to say" or leave these fields blank. This data is used solely for the purpose of matching you with relevant testing opportunities and providing anonymised, aggregated insights to Businesses.

    Lawful Basis for Processing

    We process your personal data under the following lawful bases:

    Contract:

    • Registering and managing your account
    • Matching Testers with relevant testing projects
    • Processing payments between Businesses and Testers (Dlyte retains a service fee from each transaction to cover platform operations, payment processing, and quality assurance)
    • Communicating about your account and active projects

    Legitimate Interest:

    • Improving our Platform and user experience (e.g., fixing bugs, optimising performance, refining UI — this does not include AI model training)
    • Ensuring platform security and preventing fraud
    • Generating anonymised, aggregated tester insights for Businesses
    • Analysing platform usage to develop better features (e.g., understanding which features are most used — this does not involve sharing your data with AI providers or third parties)

    Consent:

    • Collecting sensitive data (accessibility, cultural background, gender identity)
    • Sending marketing communications (you can withdraw consent at any time)
    • Using non-essential cookies and analytics

    Legal Obligation:

    • Complying with applicable laws and regulations
    • Responding to lawful requests from authorities

    How We Use Your Information

    We use the information we collect to:

    • Provide and maintain our marketplace services
    • Match Businesses with qualified Testers based on their requirements
    • Generate tester insights and analytics for Business users (anonymised and aggregated)
    • Power AI-assisted features such as audience segmentation analysis (using non-personal, aggregated criteria only)
    • Process and facilitate testing jobs and payments
    • Communicate with you about your account, jobs, and platform updates
    • Improve our Platform and user experience
    • Ensure platform safety and prevent fraud
    • Comply with legal obligations

    Consequences of Not Providing Data

    You are not obligated to provide personal information to us. However, if you choose not to provide certain information, we may not be able to register your account, match you with testing opportunities, process payments, or provide you with the full functionality of our Platform. Where data is optional (such as cultural background or accessibility needs), choosing not to provide it will not affect your ability to use the Platform.

    Tester Insights & Analytics

    For Business users, we provide aggregated tester insights showing demographic trends, technology distributions, accessibility needs, cultural diversity, and language capabilities across our tester pool. This data is anonymised and presented in aggregate form only— we never share individual Tester profiles or personally identifiable information without explicit consent.

    AI-Assisted Features & Automated Processing

    Dlyte uses artificial intelligence to enhance the Platform experience. We are committed to transparency about how AI is used and what data is involved.

    What AI features do

    AI-assisted features analyse criteria selections made by Business users (such as age ranges, location preferences, and device types) to help identify whether those selections represent one audience group or multiple distinct segments. These features are advisory — Businesses always make the final decision.

    What data is processed by AI

    • Only aggregated, non-personal criteria categories selected by Businesses (e.g. "Age Range: 18-25, 26-35" or "Area Type: Metro")
    • No personal Tester data — individual names, emails, profiles, or identifiable information are never sent to AI services
    • No biometric data, health data, or special category data is processed by AI

    Third-party AI providers

    AI processing is performed by OpenAI (see Third-Party Services below). Data sent to OpenAI is subject to their data processing terms and is not used by OpenAI to train their models. We select AI providers that offer enterprise-grade data protection and processing agreements.

    Your rights regarding automated processing

    AI-generated suggestions do not make binding decisions about individuals. They assist Business users in organising their audience criteria. You have the right to request information about how automated processing affects you, and to have any concerns addressed by contacting us (see Contact Us below).

    No AI Training on Your Data

    We want to be unambiguous on this point: Dlyte does not use any user data — from Businesses or Testers — to train, fine-tune, or improve AI or machine learning models, whether internally or through any third party. This includes:

    • Business-uploaded content (prototypes, briefs, research questions, screenshots, recordings, product strategy)
    • Tester feedback, responses, profiles, and testing results
    • Communications between users and the Platform
    • Analytics data, usage patterns, or behavioural data

    Our AI provider (OpenAI) operates under enterprise API terms that explicitly prohibit the use of API data for model training. We do not use data for "service improvement" in any way that involves AI training. If this policy ever changes, we will notify all users at least 60 days in advance and provide a clear opt-out mechanism before any change takes effect.

    Unmoderated Test Recordings (Video & Voice Responses)

    Certain unmoderated testing methods on the Platform allow Businesses to request video and voice responses from participants. When a test includes video and voice responses, participants record short video clips (using their device's camera and microphone) to answer each question. This section explains how we handle that data.

    What Is Captured

    • Camera video and microphone audio, recorded per question during the test session
    • Recording duration for each question
    • Recordings are initiated and stopped by the participant — no background or continuous recording occurs

    Consent

    Video and voice recording requires explicit opt-in consent before the test begins. Participants are clearly informed that the test includes camera and microphone recording, and must actively agree before proceeding. Participants who prefer not to record may decline video consent and provide written responses instead — declining video recording does not prevent participation in the test. Browser-level permissions for camera and microphone access are requested only when a participant opts in to video recording.

    How Recordings Are Processed

    • Recordings are uploaded directly to secure, encrypted Object Storage during the test session
    • After submission, the audio portion of each recording is sent to OpenAI's speech-to-text service for transcription. Only the audio is sent — no video frames are transmitted to OpenAI
    • The resulting transcript text is stored alongside the recording for the Business to review
    • Transcription is a one-time processing step — recordings are not re-processed or analysed further

    Storage & Access

    • Recordings are stored in encrypted Object Storage with AES-256 encryption at rest
    • Access is restricted to the Business that created the test and authorised Dlyte platform administrators
    • Recordings are not shared with any other party unless required by law
    • No recordings are made publicly accessible

    Retention

    Unmoderated test recordings and their transcripts are retained until the Business or participant requests deletion. Businesses may request deletion of recordings at any time. Participants may also request deletion of their video recordings via the data deletion process.

    No AI Training

    Consistent with our platform-wide policy, video recordings and their transcripts are never used to train, fine-tune, or improve any AI or machine learning models, whether internally or through any third party. OpenAI processes audio solely for one-time transcription under enterprise API terms that prohibit the use of data for model training.

    Moderated Session Recordings

    When a Business runs a moderated research session through the Platform, the live video conference between the moderator (Business) and the participant (Tester) is recorded. This section explains how we handle moderated session recording data.

    What Is Captured

    • Full video and audio of the live session, including both the moderator and the participant
    • Session duration and timing metadata
    • The recording is a composite view of all participants — individual streams are not stored separately

    Consent

    DLYTE collects explicit, informed consent from participants at three points in the session journey:

    • At study application — participants are notified that sessions are recorded before they apply for a study
    • Immediately before joining — participants must check two explicit consent boxes before the session room opens: one confirming consent to recording, and one confirming agreement to keep study materials confidential. The session room URL is only provided after this consent is submitted
    • During the session — a recording indicator is displayed in the platform interface while the session is active

    Consent records are stored against the participant's booking and include the consent timestamp, IP address, browser/device identifier, and the session identifier. Consent is re-confirmed on each join. The session is conducted via a third-party video conferencing service (Daily.co).

    How Recordings Are Processed

    • Sessions are recorded via Daily.co, our video conferencing provider, and transferred to our own cloud infrastructure (Google Cloud) for secure storage
    • After the session, the audio portion of the recording is sent to ElevenLabs' speech-to-text service for transcription. Only the audio is sent — no video frames, participant names, or identifying information are transmitted to ElevenLabs
    • The resulting transcript is stored in the Platform database for the Business to review
    • Transcription is a one-time processing step — recordings are not re-processed or analysed further

    Storage & Access

    • Recordings are stored in our cloud infrastructure (Google Cloud, US-based data centres)
    • Access is restricted to the Business that created the study and authorised Dlyte platform administrators
    • Recordings are not shared with any other party unless required by law
    • No recordings are made publicly accessible
    • Access links to recordings are temporary and expire — a fresh link is generated each time a Business opens the session review

    Retention

    Moderated session video recordings are subject to a 75-day retention policy. After 75 days, the video recording is permanently deleted from our servers. This policy exists to limit the storage of sensitive participant data and to align with responsible research data practices.

    • Businesses receive an email warning 14 days before a recording is due to expire
    • A second warning is sent 3 days before expiry
    • Businesses may download recordings at any time before expiry via the Session Review panel
    • Once deleted, the video cannot be recovered — Businesses are responsible for downloading copies if they wish to retain recordings beyond 75 days

    Transcripts are not affected by video deletion. Session transcripts, notes, and highlights remain available indefinitely and are not subject to the 75-day retention window.

    No AI Training

    Consistent with our platform-wide policy, moderated session recordings and their transcripts are never used to train, fine-tune, or improve any AI or machine learning models, whether internally or through any third party. ElevenLabs processes audio solely for one-time transcription and does not use data for model training.

    Data Sharing

    We do not sell your personal information. We may share your information only in these limited circumstances:

    • With your explicit consent
    • To fulfill testing jobs you've accepted (sharing relevant profile information with the hiring Business)
    • With service providers who assist in operating our Platform (under strict confidentiality agreements)
    • When required by law or to protect our rights and safety

    Data Security

    We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure database storage, and regular security reviews.

    Cookies & Analytics

    When you visit our Platform, we may collect data through cookies and similar technologies. This includes:

    • Essential cookies: Required for the Platform to function (e.g. session management, authentication). These cannot be disabled.
    • Analytics cookies: Help us understand how users interact with the Platform so we can improve the experience. You may disable these in your browser settings.

    Data collected through cookies may include your IP address, browser type, pages visited, time spent on pages, and approximate location. Disabling certain cookies may affect your ability to use some features of the Platform.

    Third-Party Services and Subprocessors

    We believe you should know exactly who handles your data. Below is a complete list of third-party services (subprocessors) we use, what data they access, and why:

    Cloud Infrastructure

    • Neon (Database hosting) — Stores all Platform data including user accounts, project data, and transaction records. Located in US data centres. Subject to SOC 2 Type II compliance.
    • Replit (Application hosting) — Hosts the Platform application and serves web traffic. Does not have direct access to database contents.

    Payment Processing

    • Stripe — Processes credit purchases from Businesses. Receives: name, email, billing address, payment card details. Stripe is PCI DSS Level 1 certified. Dlyte does not store card details.
    • Direct bank transfer (Testers) — Tester payouts are processed directly by the Dlyte team via Australian bank transfer. No third-party payout processor is used. To facilitate this, Dlyte collects and stores the Tester's bank account name, BSB, and account number. This data is encrypted at rest, accessible only to authorised Dlyte staff, and used solely for the purpose of processing approved payout requests.

    Authentication

    • Google OAuth — Optional sign-in method. Receives: authentication request. Returns: name and email address. Google does not receive any Platform usage data.

    Communications

    • Resend — Sends transactional emails (verification, password reset, notifications). Receives: recipient email address and email content.
    • ActiveCampaign — Marketing automation (only for users who opt in to marketing communications). Receives: email address, name, and user type.

    Video Conferencing

    • Daily.co — Hosts live moderated research sessions and cloud-records the video conference
      • Data received: Participant and moderator audio/video during live moderated sessions
      • Storage: Recordings are transferred to and stored in our cloud infrastructure (Google Cloud, US-based) for up to 75 days, then permanently deleted
      • Data NOT sent: Participant names, emails, profiles, or any other Platform data — Daily.co receives only the real-time media stream
      • Purpose: Video conferencing and session recording for moderated research studies

    AI Processing

    • OpenAI — AI-assisted audience segmentation analysis and unmoderated test response transcription
      • Data sent (segmentation): Aggregated, non-personal criteria categories only (e.g. age ranges, location types, device categories)
      • Data sent (transcription): Audio extracted from unmoderated video responses for speech-to-text conversion. Only audio is sent — no video frames, participant names, or identifying information
      • Data NOT sent: Individual Tester names, emails, profiles, business prototypes, uploaded materials, or any personally identifiable information
      • Purpose: Audience segmentation analysis and one-time transcription of unmoderated video responses
      • Training: OpenAI does not use data sent via enterprise API for model training. Dlyte does not use your data for AI training (see No AI Training sections above)
    • ElevenLabs — Speech-to-text transcription for moderated session recordings
      • Data sent: Audio extracted from moderated session recordings. Only the audio portion is sent — no video frames, participant names, or identifying metadata
      • Data NOT sent: Video content, participant profiles, Business data, or any personally identifiable information
      • Purpose: One-time speech-to-text transcription of moderated research sessions
      • Training: ElevenLabs does not use data sent via its API for model training. Dlyte does not use your data for AI training

    All subprocessors operate under data processing agreements that require them to protect your data to standards at least as stringent as this Privacy Policy. We review our subprocessor list regularly and will update this page if changes occur. If we add a new subprocessor that materially changes how your data is handled, we will notify affected users in advance.

    Data Retention

    We retain your personal information only for as long as necessary. Below is our retention schedule by data category:

    Account data (profile, preferences, settings)

    Deleted within 30 days of account closure

    Business-uploaded content (prototypes, briefs, research materials)

    Deleted within 30 days of account closure, unless associated with an active or completed testing project

    Unmoderated test data (results, feedback, signals, video recordings, transcripts)

    Retained until the Business or participant requests deletion

    Moderated session recordings (video)

    Automatically deleted after 75 days. Businesses receive email warnings 14 days and 3 days before deletion. Businesses may download recordings before expiry

    Moderated session transcripts

    Retained indefinitely and unaffected by video deletion. Deleted upon Business or participant request

    Financial records (transactions, invoices, payment history)

    Retained for 7 years as required by Australian tax law

    Anonymised and aggregated data

    May be retained indefinitely (cannot be linked back to any individual)

    System backups

    May contain your data for up to 90 days after deletion, then rotated and overwritten

    You may request deletion of your account and associated data at any time through your account settings or by contacting us. We will confirm deletion within 30 days and notify you when the process is complete. For full details on the deletion process, see Section 8.3 of our User Agreement.

    Your Rights

    Depending on your location and applicable law, you may have the right to:

    • Access your personal information
    • Correct inaccurate or incomplete information
    • Request deletion of your information
    • Export your data in a portable format
    • Restrict or object to processing of your personal data
    • Withdraw consent for optional data collection at any time
    • Opt-out of marketing communications
    • Not be subject to solely automated decision-making that produces legal effects
    • Lodge a complaint with a supervisory authority (see Complaints below)

    To exercise these rights, please contact us through your account settings or via the details in the Contact Us section below.

    Complaints

    If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable law, you have the right to lodge a complaint:

    • With us first: and we will investigate and respond within 30 days.
    • Australia: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
    • EU/UK: Your local data protection authority or supervisory authority under the GDPR.
    • California (USA): The California Attorney General's office.

    Children's Privacy

    Our Platform is intended for users aged 18 and older. We do not knowingly collect information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

    International Data Transfers

    Your information may be transferred to and processed in countries other than your country of residence, including Australia and the United States (where our service providers operate). Where we transfer personal data internationally, we ensure appropriate safeguards are in place — such as standard contractual clauses or reliance on adequacy decisions — to protect your personal information in accordance with applicable data protection laws.

    Contact Us

    If you have questions about this Privacy Policy or how we handle your information, please contact us. When you submit a message through our contact form, you will receive an automated confirmation email with a copy of your message, subject, and submission date and time for your records.

    Dlyte Pty Ltd (ACN 636 076 885)

    Email:

    Website: dlyte.io

    For data deletion requests, please visit our Data Deletion page.

    Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. We encourage you to review this Privacy Policy periodically.