Privacy Policy

Effective Date: February 12, 2026

1. Introduction

Welcome to BotHero.ai ("BotHero," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal information with care and transparency.

BotHero.ai provides a platform that enables small businesses to create and deploy AI-powered Telegram bots for customer engagement, lead capture, and automated support. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services.

2. Data Controller

BotHero.ai is the data controller responsible for your personal information. You can contact us at:

Email: [email protected]
Privacy Contact: [email protected]
Address: BotHero.ai (address TBD)

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

Full name
Email address
Company name (optional)
Password (encrypted and hashed)
Account preferences and settings

3.2 Bot Configuration Data

When you create and configure bots, we collect:

Bot names, descriptions, and personality settings
Telegram bot tokens (encrypted before storage)
Knowledge base content you upload
Custom prompts and instructions
Integration configurations

3.3 Conversation Data

When your bots interact with users on Telegram, we collect and process:

Message content (text, voice, images)
Telegram user IDs (anonymized)
Timestamps and metadata
Bot responses and AI-generated content
Conversation context and history

3.4 Usage and Analytics Data

We automatically collect information about how you use our service:

Pages visited and features used
Time spent on our platform
Click patterns and navigation paths
Device information (browser type, OS, screen resolution)
IP address and approximate location (city/country level)
Message volume and bot performance metrics

3.5 Payment Information

Payment processing is handled by Stripe. We collect:

Billing name and address
Subscription plan and billing cycle
Payment method type (last 4 digits of card)
Transaction history and invoices

Note: We do not store full credit card numbers. All payment card data is handled securely by Stripe in compliance with PCI-DSS standards.

4. How We Use Your Information

We use your information for the following purposes:

Service Delivery

Process and route messages to your bots
Generate AI responses using LLM providers
Store conversation history for context and analytics
Provide bot management and configuration tools

Service Improvement

Analyze usage patterns to improve features
Monitor system performance and reliability
Debug issues and provide technical support
Develop new features based on user needs

Communication

Send service-related notifications and updates
Respond to support requests and inquiries
Provide account and billing information
Send product updates and feature announcements (optional)

Security and Compliance

Detect and prevent fraud and abuse
Enforce our Terms of Service
Comply with legal obligations
Protect user safety and platform integrity

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data under the following legal bases:

Contract Performance: Processing necessary to provide our services under our Terms of Service (account management, bot operation, message processing).
Consent: You provide explicit consent for optional features like marketing communications, advanced analytics, or data sharing with third-party integrations.
Legitimate Interest: We have a legitimate interest in improving our service, preventing fraud, and ensuring security, balanced against your privacy rights.
Legal Obligation: Processing required to comply with applicable laws, regulations, or legal requests.

7. Data Retention

We retain your data for the following periods:

Account Data: Retained until you delete your account, plus 30 days for backup purposes.

Conversation Data: Default retention is 90 days. You can configure custom retention periods (7-365 days) based on your subscription tier.

Analytics and Logs: Aggregated analytics retained for 12 months. Server logs retained for 90 days.

Billing Records: Retained for 7 years to comply with tax and accounting regulations.

Deleted Data: Permanently deleted within 30 days of retention period expiration, except where legally required to retain longer.

8. Your Rights (GDPR)

If you are in the EEA, UK, or Switzerland, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you. We will provide this in a structured, commonly used format within 30 days.

Right to Rectification

Request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. We will comply unless we have a legitimate reason to retain it (e.g., legal obligations, pending disputes).

Right to Data Portability

Export your data in JSON format, including account details, bot configurations, and conversation history (where applicable).

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds.

Right to Restrict Processing

Request limitation of processing in certain circumstances (e.g., while we verify data accuracy).

Right to Withdraw Consent

Withdraw consent for processing based on consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise CCPA rights, contact [email protected] or call our toll-free number (TBD). We will verify your identity before processing requests.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information.

Types of cookies we use:

Essential Cookies: Required for authentication and core functionality (cannot be disabled).
Analytics Cookies: Help us understand usage patterns and improve our service (can be disabled).
Preference Cookies: Remember your settings and preferences (can be disabled).

You can control cookies through your browser settings or our cookie preference center.

11. International Data Transfers

BotHero.ai operates globally. Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union.

When we transfer data outside the EEA, UK, or Switzerland, we ensure adequate protection through:

Standard Contractual Clauses (SCCs): Approved by the European Commission for data transfers.
Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection.
Processor Agreements: Binding agreements with third-party processors ensuring GDPR compliance.

12. Children's Privacy

BotHero.ai is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

If you believe we have inadvertently collected information from a child under 16, please contact us immediately at [email protected], and we will promptly delete such information.

13. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

Access Controls: Role-based access controls (RBAC) limit who can access your data. Multi-factor authentication (MFA) is available for all accounts.

Token Security: Telegram bot tokens are encrypted before storage using application-level encryption with key rotation.

Infrastructure: Hosted on SOC 2 Type II certified infrastructure with regular security audits and penetration testing.

Monitoring: 24/7 security monitoring and automated threat detection.

Backups: Daily encrypted backups with 30-day retention stored in geographically diverse locations.

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Effective Date" at the top of this policy
Notify you via email (to your registered email address)
Display a prominent notice on our website for 30 days
For significant changes affecting your rights, request your consent where required by law

Your continued use of BotHero.ai after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email:

General inquiries: [email protected]

Privacy-specific: [email protected]

Mailing Address:

BotHero.ai
(Address TBD)

Data Protection Officer:

[email protected]

We aim to respond to all privacy-related inquiries within 30 days.

This Privacy Policy was last updated on February 12, 2026.
Thank you for trusting BotHero.ai with your data.