Privacy Policy
Your privacy matters to us. This policy explains how BotnFlow collects, uses, stores, and protects your personal information.
Last updated: April 15, 2026 • Effective: April 15, 2026
1. Introduction
Welcome to BotnFlow ("we," "our," or "us"). BotnFlow is an AI-powered chatbot automation platform that enables businesses to build, deploy, and manage conversational experiences across multiple channels including WhatsApp, Email, SMS, and Voice.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website botnflow.com, use our application at app.botnflow.com, or interact with any of our services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Services.
Data Controller:
BotnFlow (operated by Bidups Technologies)
Email: privacy@botnflow.com
2. Data We Collect
2.1 Information You Provide Directly
| Data Type | Examples | When Collected |
|---|---|---|
| Account Information | Name, email address, phone number, company name, password | Registration & profile setup |
| Billing Information | Payment method details, billing address, tax ID | Subscription & payment |
| User Content | Chatbot flows, templates, media uploads, automation rules | Platform usage |
| Communication Data | Support tickets, emails, feedback, survey responses | When you contact us |
| Integration Credentials | API keys, OAuth tokens for connected third-party services | When connecting integrations |
2.2 Information Collected Automatically
- •Device Information: IP address, browser type & version, operating system, device type, screen resolution
- •Usage Data: Pages visited, features used, click patterns, session duration, time stamps
- •Log Data: Server logs including access times, error logs, referral URLs
- •Location Data: Approximate geographic location based on IP address (country/city level only)
2.3 Customer End-User Data (Processed on Your Behalf)
When you use BotnFlow to communicate with your customers, we process data on your behalf as a Data Processor. This may include:
- •Customer phone numbers, email addresses, and names
- •Message content (text, images, documents, voice recordings)
- •Conversation metadata (timestamps, channel, delivery status)
- •Any custom data fields you configure in your chatbot flows
Important: You are the Data Controller for your end-user data. You are responsible for obtaining appropriate consent from your customers and ensuring compliance with applicable data protection laws.
3. How We Use Your Data
We use the information we collect for the following purposes:
Service Delivery
To create and manage your account, provide the chatbot platform, process messages, execute automations, and deliver the core features of BotnFlow.
Billing & Payments
To process subscriptions, send invoices, manage billing cycles, and handle payment-related communications. Payment processing is handled by Stripe.
Communication
To send service updates, security alerts, product announcements, and respond to your support requests and inquiries.
Analytics & Improvement
To analyze usage patterns, monitor performance, diagnose technical issues, and improve our platform features and user experience.
AI & Machine Learning
To train and improve our AI models for natural language understanding, intent recognition, and response generation. We use aggregated and anonymized data only. Your individual conversation data is never shared or used to train models for other customers.
Security & Fraud Prevention
To detect and prevent unauthorized access, abuse, fraud, and other harmful activities on our platform.
Legal Compliance
To comply with applicable laws, regulations, legal processes, and government requests.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing our Services | Performance of contract (Art. 6(1)(b) GDPR) |
| Processing payments | Performance of contract (Art. 6(1)(b) GDPR) |
| Service updates & security alerts | Legitimate interest (Art. 6(1)(f) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) |
| Analytics & product improvement | Legitimate interest (Art. 6(1)(f) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
| Security & fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
5. Data Sharing & Third Parties
We do not sell your personal data to third parties. We share data only in the following circumstances:
Service Providers
We work with trusted third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Hosting & data storage | All platform data (encrypted) |
| Stripe | Payment processing | Billing & payment information |
| Meta (WhatsApp) | WhatsApp Business API | Messages & phone numbers |
| Email Service Providers | Transactional & marketing emails | Email address, name |
| Analytics Tools | Usage analytics | Anonymized usage data |
Other Disclosures
- •Legal Requirements: When required by law, subpoena, court order, or government request
- •Safety & Protection: To protect the rights, property, or safety of BotnFlow, our users, or the public
- •Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, with continued confidentiality protections
- •With Your Consent: When you explicitly authorize us to share data with a specific third party
6. Data Retention
We retain your data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 30 days after deletion | Service delivery & recovery period |
| Conversation data | As configured by you (default: 12 months) | Your business requirements |
| Billing & transaction records | 7 years | Legal & tax requirements |
| Analytics data | 26 months (aggregated) | Product improvement |
| Server logs | 90 days | Security & debugging |
| Support communications | 3 years after resolution | Quality assurance |
After the retention period expires, data is permanently deleted or anonymized. You can request earlier deletion of your data at any time (see Section 8).
7. Data Security
We implement industry-standard security measures to protect your data:
Encryption
- • TLS 1.2+ for data in transit
- • AES-256 for data at rest
- • End-to-end encryption for sensitive fields
Infrastructure
- • SOC 2 Type II compliant hosting
- • Multi-region deployment
- • DDoS protection & WAF
Access Control
- • Role-based access controls (RBAC)
- • Two-factor authentication available
- • Audit logging of all access
Monitoring
- • 24/7 infrastructure monitoring
- • Regular penetration testing
- • Automated vulnerability scanning
For more details, visit our Security page.
8. Your Rights
For EEA/UK Residents (GDPR)
Under the General Data Protection Regulation, you have the following rights:
Right to Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data
Right to Restriction
Limit how we process your data
Right to Portability
Export your data in a machine-readable format
Right to Object
Object to processing based on legitimate interest
Right to Withdraw Consent
Withdraw consent at any time
Right Against Automated Decisions
Not be subject to solely automated decision-making
For California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:
- •Know what personal information we collect, use, and disclose
- •Request deletion of your personal information
- •Opt-out of the sale or sharing of your personal information (we do not sell your data)
- •Non-discrimination for exercising your privacy rights
To exercise any of these rights, email us at privacy@botnflow.com. We will respond within 30 days (GDPR) or 45 days (CCPA). Visit our GDPR Rights Center for more information.
10. International Data Transfers
BotnFlow operates globally, and your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:
- •Standard Contractual Clauses (SCCs): EU-approved contractual frameworks with all data processors
- •Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions
- •Encryption: All data is encrypted in transit and at rest, regardless of location
11. Children's Privacy
BotnFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us at privacy@botnflow.com, and we will take steps to delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- •We will update the "Last updated" date at the top of this page
- •We will notify you via email and/or a prominent notice on our platform
- •For material changes, we will provide at least 30 days' notice before the changes take effect
We encourage you to review this policy periodically to stay informed about how we protect your data.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
Privacy Team: privacy@botnflow.com
Data Protection Officer (DPO): dpo@botnflow.com
General Inquiries: hello@botnflow.com
If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.
Related: Terms of Service • Security • GDPR Rights Center