Privacy Policy

    This Privacy Notice for BOTRICAI INC ("we", "us", or "our") describes how and why we collect, use, store, share, and manage ("process") your personal information when you use our services ("Services"), including when you:

    • Visit our website at https://botric.ai or any linked BOTRICAI INC websites.
    • Engage with us through sales, marketing, events, or customer support interactions.

    Please read this notice carefully to understand your privacy rights and choices. If you disagree with our policies, please do not use our Services. For questions or concerns, contact us at privacy@botric.ai.

    Summary of Key Points

    • Information Collected: Personal details you voluntarily provide (name, contact details, billing information) and technical information automatically collected (IP address, browser type).
    • Sensitive Information: We do not collect sensitive personal information.
    • Third-party Information: We do not collect personal information from third-party sources.
    • Purpose of Information Processing: To deliver and enhance our Services, ensure security, improve customer support, and comply with legal requirements.
    • Data Sharing: We may share data in specific scenarios, including business transactions such as mergers or acquisitions.
    • Security Measures: We employ robust technical and organizational safeguards to protect your data.
    • Your Rights: Depending on your jurisdiction, you have the right to access, correct, delete, or manage your data.

    Table of Contents

    1. Information We Collect
    2. How We Process Your Information
    3. Legal Basis for Processing
    4. Information Sharing
    5. Cookies and Tracking Technologies
    6. Artificial Intelligence Products
    7. Email Assistant ("Mail Integration")
    8. Social Logins
    9. Data Retention
    10. Data Security
    11. Minors' Privacy
    12. Your Privacy Rights
    13. Do-Not-Track Controls
    14. US Residents' Specific Rights
    15. Regional Privacy Rights
    16. Updates to This Notice
    17. Contact Information

    1. Information We Collect

    We collect information you voluntarily provide when registering for or using our Services. This may include:

    1. Personal Information: Name, email, phone number, billing address, and payment details.
    2. Automatically Collected Information: Technical data (IP address, browser type) collected through cookies and similar technologies.

    2. How We Process Your Information

    We use your information to:

    1. Provide and improve Services
    2. Manage user accounts and interactions
    3. Ensure security and prevent fraud
    4. Comply with legal obligations

    3. Legal Basis for Processing

    We process your information based on:

    1. Your consent
    2. Legal obligations
    3. Protection of vital interests

    4. Information Sharing

    We may share your personal information:

    1. With service providers assisting us in delivering our Services
    2. During corporate transactions (mergers, acquisitions)

    5. Cookies and Tracking Technologies

    We use cookies and similar tools to enhance service performance, analytics, and user experience. You can control cookie preferences through your browser settings.

    6. Artificial Intelligence Products

    Our Services include AI-powered features designed to enhance customer support experiences. We partner with third-party AI providers (e.g., Mistral AI, OpenAI) and may share your input data to deliver these functionalities.

    7. Email Assistant ("Mail Integration")

    Our Email Assistant allows users to connect their Gmail or Microsoft Outlook accounts to enable AI-powered email management. This section explains how we collect, store, and protect your email data.

    7.1 What Information We Collect

    When you connect your email account, we collect the following data:

    • OAuth Tokens: Access token and refresh token (encrypted at rest)
    • Account Information: Email address, display name
    • Email Metadata: Subject, sender, recipients (To, Cc, Bcc), date, labels
    • Email Content: Plain text and HTML body content
    • Thread Information: Email threads and conversation history
    • Drafts: AI-generated email drafts you create or send
    • Push Notification Data: History IDs for incremental sync (Gmail watch/Microsoft webhook)

    7.2 How We Use This Information

    • Receive real-time email notifications via Gmail watch or Microsoft Graph webhooks
    • Sync and store email threads for AI analysis
    • Generate AI-powered email summaries and draft responses
    • Label and categorize emails based on content analysis
    • Create and manage email drafts in your connected mailbox
    • Send email replies on your behalf (after your approval)

    7.3 Encryption and Security

    We take extensive measures to protect your email data:

    • AES-256-GCM Encryption: All sensitive email data (subject, body, sender/recipient addresses, headers) is encrypted using AES-256-GCM before storage. Each encryption uses a unique Initialization Vector (IV) and authentication tag.
    • Encryption Key Derivation: Our encryption key is derived via SHA-256 hashing. This key is never stored in plaintext.
    • Token Encryption: OAuth access tokens and refresh tokens are encrypted using the same AES-256-GCM algorithm before being stored in our database.
    • Encrypted Fields Include:
      • Email subject lines
      • Email body (plain text and HTML)
      • From/To/Cc/Bcc email addresses
      • Email headers
      • OAuth tokens (access token, refresh token)
    • Data Isolation: Each organization and user has isolated data access. Email data is linked to your organization ID and user ID.
    • HTTPS/TLS: All data in transit is encrypted using HTTPS/TLS.

    7.4 Data Retention

    Email data retention policies:

    • Email Threads: Retained for a configurable period (default: 30 days) with automatic TTL-based expiration
    • OAuth Tokens: Stored until you manually disconnect your email account
    • AI Drafts: Retained in our database with status updated to 'sent' after successfully sending
    • Brief History: Daily email summaries stored indefinitely in MailBrief and MailBriefItem collections
    • When data expires, it is securely deleted from our database.

    7.5 Third-Party API Access

    We access your email data through official third-party APIs:

    • Google Gmail API: Used when connecting Gmail accounts. Requires OAuth 2.0 with specific scopes (gmail.modify, gmail.send). See Google's Terms of Service.
    • No Data Sales: We do not sell, rent, or share your email data with third parties for marketing purposes.
    • Subprocessors: Email data may be processed by:
      • OpenAI - For AI summarization, draft generation, labeling, and email classification

    7.6 Your Control Over Email Data

    You have full control over your connected email accounts:

    • Disconnect Account: You can disconnect your email account at any time, which revokes our OAuth access. You can also permanently delete your connection, which removes all stored email data.
    • Edit Drafts: You can edit any AI-generated drafts before sending.
    • Email Control: All email send operations require your explicit approval.
    • Revoke Access: You can revoke our access at any time via your Google or Microsoft account security settings.

    7.7 Google OAuth Verification Compliance

    For Google OAuth verification compliance, we disclose:

    • App Type: Full Android/iOS/Desktop application
    • Data Storage: MongoDB database with AES-256-GCM encryption
    • Minimum Access: Request only required scopes (gmail.modify, gmail.send)
    • Security Measures: Encryption at rest, token refresh, secure webhook endpoints
    • User Consent: Clear consent flow before OAuth authorization
    • Deletion: Complete data deletion available upon account deletion

    8. Social Logins

    Using social media logins may share certain profile information with us, depending on your privacy settings with the third-party provider.

    9. Data Retention

    We retain your personal information only as long as needed for the purposes outlined, or as required by law. When no longer needed, we securely delete or anonymize it.

    10. Data Security

    We employ robust security measures, including encryption, to protect your information. While we strive for maximum security, no method is entirely foolproof.

    11. Minors' Privacy

    Our Services are not intended for children under 18. We do not knowingly collect data from minors.

    12. Your Privacy Rights

    You have rights to access, correct, or delete your data depending on your jurisdiction. Contact us at privacy@botric.ai to exercise your rights.

    13. Do-Not-Track Controls

    We currently do not respond to Do-Not-Track browser signals. We will update this policy if standards for handling such signals are established.

    14. US Residents' Specific Rights

    US residents, depending on their state (e.g., California, Virginia, Colorado), may have additional rights such as:

    • Right to know what personal data is collected
    • Right to request deletion of personal data
    • Right to opt-out of sale of personal data
    • Right to non-discrimination for exercising privacy rights

    15. Regional Privacy Rights

    Depending on your location, additional privacy rights may apply:

    • Australia & New Zealand: Rights under the Australian Privacy Act and New Zealand Privacy Act.
    • European Union & UK: Rights under GDPR including access, rectification, erasure, and data portability.
    • Canada: Rights under PIPEDA including access and correction of personal information.

    16. Updates to This Notice

    We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new policy on this page. Changes are effective immediately upon posting.

    17. Contact Information

    If you have any questions about this Privacy Notice, please contact us:

    BOTRICAI INC

    166 GEARY ST STE 1500 606

    San Francisco, CA 94108, USA

    Email: privacy@botric.ai