Back to Home

Privacy Policy

Last updated: April 14, 2026

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password. If you sign in with Google, we receive your name and email from Google.

Documents & Content: We collect and process documents you upload (PDF, DOCX, TXT, CSV) and any content you provide (FAQs, URLs) for the purpose of creating your chatbot's knowledge base.

Usage Data: We collect information about how you use the Service, including chatbot interactions, API usage, feature usage, and performance metrics.

API Keys: If you provide your own AI provider API keys, they are stored using AES-256 encryption and are never exposed in plaintext.

2. How We Use Your Information

  • Service Delivery: To process documents, create embeddings, power chatbot responses, and provide the core Service functionality
  • Account Management: To authenticate your identity, manage your subscription, and communicate service updates
  • Analytics: To provide you with usage statistics and insights about your chatbots' performance
  • Improvement: To improve the Service's reliability, security, and user experience (using aggregated, anonymized data only)

3. Document Processing & Storage

Your documents undergo the following processing pipeline:

  1. Upload: Documents are uploaded over TLS-encrypted connections and stored in encrypted cloud storage
  2. Parsing: Documents are parsed to extract text content. Original files are retained for reference
  3. Chunking: Text is split into manageable segments for optimal retrieval
  4. Embedding: Text chunks are converted to vector embeddings using your selected AI provider
  5. Storage: Embeddings are stored in your isolated vector database space with row-level security

Important: Your documents and embeddings are isolated per account using row-level security (RLS). No other user can access your data. We never use your documents to train AI models.

4. Data Sharing

We do not sell, trade, or rent your personal information. We share data only in these circumstances:

  • AI Providers: Chat queries and relevant context are sent to your selected AI provider (OpenAI, Anthropic, or Google) to generate responses
  • Infrastructure: We use Supabase for database and authentication, and cloud storage providers for document storage
  • Legal Requirements: When required by law, court order, or governmental regulation

5. Your Rights (GDPR)

Under the GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct any inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing of your personal data
  • Objection: Object to processing of your personal data
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@bhotforge.ai. We will respond within 30 days.

6. Security Measures

  • AES-256 encryption for sensitive data at rest
  • TLS 1.3 encryption for all data in transit
  • Row-level security (RLS) for database isolation
  • Regular security audits and vulnerability scanning
  • SOC 2 compliant infrastructure (via Supabase)
  • Encrypted API key storage using industry-standard encryption
  • Access controls and audit logging for all data access

7. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Analytics data is collected in aggregate and anonymized form only.

Cookie Types:

  • Essential: Authentication tokens, session identifiers, CSRF tokens (required for the Service to function)
  • Preference: Theme settings, language preferences (stored locally)

You can manage cookie preferences through our cookie consent banner displayed on first visit.

8. Your Rights (CCPA)

If you are a California resident, under the California Consumer Privacy Act (CCPA), you have additional rights:

  • Right to Know: Request what personal information we have collected, used, disclosed, and sold
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information to third parties
  • Non-Discrimination: We will not discriminate against you for exercising any CCPA rights

9. POPIA Compliance (South Africa)

In accordance with the Protection of Personal Information Act (POPIA) of South Africa:

  • Accountability: Bhotforge AI is the responsible party for the processing of your personal information
  • Purpose Limitation: We process your personal information only for purposes directly related to providing the Service
  • Further Processing: We do not use your data for any purpose incompatible with the original collection purpose
  • Information Quality: We take reasonable steps to ensure personal information is complete, accurate, and up to date
  • Openness: This privacy policy documents all processing activities. You may request details at any time
  • Security Safeguards: We implement appropriate technical and organizational measures to protect personal information
  • Data Subject Rights: You have the right to access, correct, delete, or object to the processing of your personal information

To exercise your POPIA rights, contact our Information Officer at privacy@bhotforge.ai.

10. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Personal data is deleted within 30 days
  • Uploaded documents and embeddings are permanently deleted within 30 days
  • Encrypted backups are purged within 90 days
  • Aggregated, anonymized analytics data may be retained indefinitely

11. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top indicates the most recent revision.

13. Contact Us

For privacy-related questions or to exercise your data protection rights:

Email: privacy@bhotforge.ai