Privacy Policy

Last updated: October 25, 2025

This Privacy Policy explains how Boti collects, uses, and protects personal data when you use our services, request a demo, or interact with our website.

Depending on the context, we may act either as a data processor on behalf of our clients or as a data controller for our own marketing, billing, and support activities.

1. Scope and Data Roles

  • Service provider for businesses (clients): we act as a data processor when we handle data on behalf of customers.
  • Direct controller: we act as a data controller when we collect data for demos, marketing, billing, support, or website usage.

2. Data We Collect

  • Contact data: name, email, phone/WhatsApp, company, and role.
  • Usage data: messages sent/received, attachments, timestamps and channel; interaction metrics; technical logs (IP, device, browser).
  • Account and billing: user identifiers, encrypted credentials, plan, payment history, tax ID, billing address.
  • Website data: cookies and similar technologies.
  • Integrations: API identifiers and metadata (Meta/WhatsApp Business Platform), template states, webhooks.
  • Sensitive data: Boti does not seek to collect it. If an end user shares it via chat, processing is limited to delivering the service to the client.

3. Purposes

  • Operate the messaging and sales automation platform.
  • Security, abuse prevention, monitoring, and service continuity.
  • Support, billing, auditing, and legal compliance.
  • Analytics and service improvement (aggregated or de-identified when possible).
  • Marketing with your consent (you may opt out at any time).

4. Legal Basis

  • Contract performance to deliver the service.
  • Legitimate interest in security, improvement, and fraud prevention.
  • Consent for marketing and non-essential cookies, and WhatsApp opt-in requirements.
  • Legal obligations for accounting/tax retention and other requirements.

5. Data Sources

  • Provided by you or our clients.
  • Collected automatically through our websites and services.
  • Received from third-party integrations (Meta/WhatsApp, payment processors, cloud providers).

6. Data Sharing

  • Technology providers: hosting, databases, storage, monitoring, transactional email, analytics.
  • Meta (WhatsApp Business Platform): to route messages and comply with policies.
  • Payments: processors or gateways when applicable.
  • Advisors and authorities: when legally required.

We require agreements and security standards equivalent to ours.

7. International Transfers

We may process data outside your country. We apply reasonable contractual and technical safeguards (e.g., encryption in transit and at rest).

8. Retention

  • Conversations and logs: typically 12–24 months (or as agreed with the client). We may anonymize or aggregate for analytics.
  • Account and billing: for the duration of the relationship and the time required by law.

You may request deletion in accordance with applicable law and contracts with our clients.

9. Security

We apply organizational and technical controls (TLS encryption, access control, auditing, backups). We continuously work to mitigate risks.

10. Your Rights

Depending on your jurisdiction, you may request access, correction, deletion, restriction, or portability of your data. You can also object to certain processing. Contact us to exercise these rights.

11. WhatsApp Consent (Opt-in / Opt-out)

WhatsApp messaging requires valid opt-in per WhatsApp policies.
You can opt out at any time by replying “STOP” or the equivalent in your language.

12. Cookies

We use first- and third-party cookies for basic operation, analytics, and improvement.
You can manage cookies through your browser settings.

13. Minors

Our commercial services are not directed to individuals under 18 years of age.
If you believe a minor has shared data with us, contact us for deletion.

14. Limitation of Liability

At Boti, we implement reasonable security measures to protect information we process.

  • We cannot guarantee absolute protection against unauthorized access, data loss, or incidents caused by external factors.
  • We are not liable for direct, indirect, or consequential damages resulting from use of our services, identity theft, security breaches, outages, or data loss.
  • We commit to act in good faith and within our technical and legal capabilities to prevent and mitigate risk situations.

15. Changes to this Policy

We may update this policy from time to time. We will publish the updated version and revise the “last updated” date above.

16. Contact

For questions or requests about this policy, write to [email protected].