Privacy Policy

Last updated: April 28, 2026

Botline (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains how we collect, use, and protect your data when you use our platform.

1. Information We Collect

2. How We Use Your Data

• Deliver AI-powered WhatsApp replies to your customers
• Search your knowledge base to find relevant answers (RAG)
• Score leads and track analytics on your dashboard
• Process billing and enforce fair usage limits
• Send you service notifications (never marketing without consent)
• Improve our platform's reliability and performance

3. What We NEVER Do

4. AI Model Data Processing

When your AI agent replies to a customer, the conversation is sent to your chosen AI provider (Anthropic, OpenAI, DeepSeek, etc.) for processing. Each provider has their own data policies:

• Botline-managed keys: We use API keys with “no training” agreements. Your data is not used to train models.
• BYOK (your own key): Data is processed under your own agreement with the AI provider. Botline is only the intermediary.

5. Data Storage & Security

• All data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Database hosted on AWS (Singapore region) with automated backups
• Knowledge base embeddings stored in PostgreSQL with pgvector
• API keys and secrets encrypted with AES-256-GCM
• Self-hosted deployments: you control where data is stored

6. Data Retention

7. Your Rights

You can at any time:

• Export all your data (conversations, knowledge base, analytics)
• Delete your account and all associated data
• Modify your personal information from the dashboard
• Opt out of non-essential communications

8. Support Access & Workspace Impersonation

Many of our customers are non-technical small businesses who rely on us to install, configure, and troubleshoot their workspace. When you explicitly enable “Support Access” in Settings → Profile, or when you submit a support ticket asking for our help, you grant named Botline support engineers permission to access your workspace data on your behalf.

When Support Access is enabled, we may:

• View your conversations, contacts, knowledge base, AI prompts, integrations, and configuration — only when actively investigating or fixing an issue.
• Make temporary edits to your AI prompts, knowledge base entries, agent settings, or integration configuration to resolve a specific issue you have raised.
• Access logs and audit data generated by your workspace.

We will never:

• Share your data with third parties (beyond the listed sub-processors in our DPA).
• Use your end-customer conversations to train third-party foundation models.
• Access your payment, billing, or account-recovery details through Support Access.
• Send messages to your end customers from your workspace without your explicit per-incident approval.
• Continue accessing your workspace after you toggle Support Access OFF.

Every Support Access session is logged and attributable to the specific Botline engineer who accessed your workspace, with timestamp, IP address, and a record of any changes made. You can review this audit log at any time from Settings → Profile → Support Access → Activity Log. Support Access automatically expires after 30 days unless you re-authorize it; turning the toggle OFF terminates any active session immediately.

Botline employees with access to production systems are bound by written confidentiality obligations and our internal Employee Data Access Policy.

9. Cookies

We use only essential cookies for authentication and session management. No tracking cookies, no third-party analytics cookies, no advertising cookies.