This Privacy Policy describes how Botaroid ("Company", "we", "us"), operated by Antigravity, collects, uses, stores, and protects information when you use our AI bot platform and related services (the "Services"). We are committed to protecting your privacy and handling your data responsibly.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, phone number, and role when creating an account
- Inquiry & Request Data: Information submitted through contact forms, bot request wizards, and consultation requests
- Payment Information: Billing details processed through our secure payment provider (we do not store full card numbers)
- Bot Configuration Data: Business rules, workflows, response templates, and integration credentials you provide during bot setup
- Communication Data: Messages, emails, and support tickets exchanged with our team
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, bot performance metrics, and interaction patterns
- Device Information: Browser type, operating system, IP address, and device identifiers
- Log Data: Server logs including timestamps, request/response data, and error reports
- Cookies & Tracking: Essential cookies for session management and optional analytics cookies (with consent)
1.3 Bot Operational Data
When your bots interact with end users, conversation data, queries, and responses are processed and stored in your isolated tenant environment. This data is treated as Client Data and governed by Section 4 below.
2. How We Use Your Information
We use collected information for the following purposes:
- Service Delivery: To provide, maintain, and improve the AI bot platform and related services
- Account Management: To create and manage your account, authenticate access, and process billing
- Communication: To respond to inquiries, provide technical support, and send service-related notifications
- Security: To detect, prevent, and address fraud, abuse, and security threats
- Analytics: To understand usage patterns, improve performance, and develop new features
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
We do NOT: sell your personal data to third parties, use Client Data to train general-purpose AI models, or share your information for third-party marketing purposes.
3. Data Storage & Security
We implement industry-standard security measures to protect your data:
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access Controls: Role-based access control (RBAC) with the principle of least privilege
- Infrastructure: Production systems hosted on enterprise-grade infrastructure with redundancy and DDoS protection
- Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
- Backups: Regular encrypted backups with point-in-time recovery capability
- Auditing: Comprehensive audit logs for all data access and administrative actions
- Penetration Testing: Regular security assessments and vulnerability scanning
4. Client Bot Data Isolation
We take data isolation seriously. Each client's bot operates in a fully isolated environment:
- Dedicated database schemas with tenant-level access controls
- Logical separation of all bot conversations, training data, and configurations
- No cross-tenant data access — Client A's data is never accessible to Client B
- Data processed by your bot belongs exclusively to you
- We do not access, analyze, or use your bot's operational data for any purpose beyond providing the contracted Services
- Employees access Client Data only when necessary for support, with full audit trail
5. Data Retention
- Active Accounts: Data is retained for the duration of your service agreement
- Post-Termination: Client Data is available for export for 30 days after termination, then permanently deleted
- Inquiry Data: Contact form submissions are retained for up to 24 months
- Audit Logs: Security and access logs are retained for 12 months
- Legal Obligations: Certain data may be retained longer if required by law or to resolve disputes
6. Third-Party Services
We use trusted third-party services to deliver our platform. These providers are bound by data processing agreements and process data only as instructed:
| Provider | Purpose | Data Processed |
|---|
| PostgreSQL (self-hosted) | Primary Database | All application data |
| Postfix (self-hosted) | Email Delivery | Email addresses, message content |
| Resend | Transactional Email (fallback) | Email addresses, notification content |
| Stripe | Payment Processing | Billing information, transaction data |
7. International Data Transfers
If your data is transferred to servers located outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant data protection authorities. We comply with applicable data transfer regulations including GDPR requirements for transfers outside the EEA.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request your data in a structured, machine-readable format
- Restriction: Request limitation of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at privacy@botaroid.com. We will respond within 30 days (or sooner if required by applicable law).
9. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 16, we will promptly delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and posted on our website at least 30 days before taking effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions, data requests, or to report a concern:
Botaroid Privacy Team
Email: privacy@botaroid.com
Operated by Antigravity
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority in your jurisdiction.
