1. Information We Collect
Information You Provide
Account Information- Name and email address
- Company name and billing information
- API keys and webhook configurations
- Audio recordings uploaded through the API
- Transcriptions and summaries generated from recordings
- EndUser information you create (external IDs, metadata)
- Device registration information
Information Collected Automatically
Usage Data- API request logs (endpoints called, response times, errors)
- Device pairing and sync events
- Transcription and summarization job metrics
- IP addresses
- Request headers and user agents
- Authentication tokens (hashed)
2. How We Use Information
We use collected information to:- Provide Services — Process audio, generate transcriptions, deliver webhooks
- Maintain Security — Detect fraud, prevent abuse, enforce rate limits
- Improve Services — Analyze usage patterns, optimize performance
- Communicate — Send service updates, security alerts, support responses
- Comply with Law — Respond to legal requests, enforce our terms
AI Training
We do not use Customer Data (recordings, transcriptions, summaries) to train AI models unless you explicitly opt in to a training program.3. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Until account deletion |
| Audio Recordings | Per your project retention settings (default: 90 days) |
| Transcriptions | Per your project retention settings |
| API Logs | 30 days |
| Billing Records | 7 years (legal requirement) |
4. Data Sharing
We share information only in these circumstances:Service Providers
We use third-party providers to help deliver our Services:| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Hosting, storage | All Customer Data (encrypted) |
| ASR Providers | Transcription | Audio recordings |
| Payment Processors | Billing | Payment information |
| Analytics | Usage metrics | Anonymized usage data |
Legal Requirements
We may disclose information if required by law, court order, or government request. We will notify you when legally permitted.Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.5. Data Security
We implement industry-standard security measures:| Measure | Implementation |
|---|---|
| Encryption in Transit | TLS 1.2+ for all API communication |
| Encryption at Rest | AES-256 for stored data |
| Access Controls | Role-based access, audit logging |
| Key Management | Hardware security modules for key storage |
| Network Security | VPC isolation, DDoS protection |
6. Your Rights
Depending on your location, you may have rights to:- Access — Request a copy of your data
- Correction — Update inaccurate information
- Deletion — Request deletion of your data
- Portability — Receive data in a portable format
- Objection — Object to certain processing activities
Exercising Your Rights
To exercise these rights, contact us at [email protected]. We will respond within 30 days.EndUser Rights
If you receive a data rights request from one of your EndUsers, you can:- Use the API to retrieve their data (
GET /end-users/{id}) - Use the API to delete their data (
DELETE /end-users/{id})
7. International Data Transfers
Bota is based in the United States. If you are located outside the US, your information will be transferred to and processed in the US. For transfers from the European Economic Area (EEA), we rely on:- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
8. GDPR Compliance
For customers subject to GDPR:| Role | Description |
|---|---|
| Data Controller | You control your EndUser data |
| Data Processor | Bota processes data on your behalf |
9. CCPA Compliance
For California residents:- We do not sell personal information
- You have the right to know what information we collect
- You have the right to request deletion
- You have the right to non-discrimination for exercising your rights
10. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately.11. Cookies and Tracking
Our documentation site and dashboard use cookies for:- Essential Cookies — Authentication, security
- Analytics Cookies — Usage patterns, performance monitoring
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via:- Email to your registered address
- Notice in the dashboard
- Update to this page
13. Contact Us
For privacy-related questions or concerns: Email: [email protected] Mail: Bota, Inc. Attn: Privacy Team [Address]Last updated: January 15, 2025