← Legal

Privacy Policy

Effective date: May 2026  ·  Entertainment Technologists Inc.

Botverse processes files — it does not store them. We collect the minimum data needed to operate the platform: account credentials, job metadata, and billing records. We do not read, index, or retain the contents of any file you submit for processing. This policy explains exactly what we hold and why.

1. Who we are

Botverse is operated by Entertainment Technologists Inc. (ETI), a company incorporated in Arizona, USA. ETI acts as the data controller for personal information you provide to us when creating or operating a Botverse account.

Contact our privacy team at privacy@botverse.cloud.

2. Information we collect

Botverse collects a limited set of personal information to operate the platform. We do not build user profiles, serve advertising, or sell data.

CategoryWhat we collectRetention
AccountEmail address; password hash (bcrypt via Supabase); 2FA enrollment status (no TOTP seed stored in plaintext)Life of account + 30 days after closure
BillingPayment method details (held by Stripe — we store only the last 4 digits and card type for display); wallet balance; top-up history7 years (legal/tax requirement)
API keysKey name, service scope, creation date, expiry date, last-used timestamp, last-4-character fingerprint. Full key never stored.Until revoked or account closure
Job metadataJob ID, service type, input/output format, file size (bytes), processing duration, status, timestamp, billing deduction amount. No file contents.90 days
Server logsIP address, request method, endpoint, HTTP status code, timestamp. Used for security monitoring and abuse detection.90 days
Support commsMessages you send to support@botverse.cloud. Used solely to resolve your request.2 years

What we do not collect. We do not collect: the contents of files you submit for processing (see Section 3); browsing history outside the Botverse dashboard; data from third-party services you may also use; or any information beyond what is listed above.

3. Files submitted for processing

The content of files you submit is not retained. Input files are automatically deleted from our infrastructure within 24 hours of upload. Output files are automatically deleted within 24 hours of becoming available for download. We do not read, index, analyse, or use file contents for any purpose other than completing the processing job you requested.

How it works. When your application or agent submits a file, it is uploaded to a temporary, private S3 object associated with your job ID. An isolated processing worker handles the job. The output is written to a separate temporary S3 object. Both objects are automatically deleted on a 24-hour timer regardless of whether you download the output. Job metadata (format, size, timing — not contents) is retained for billing and dispute purposes as described in Section 2.

We do not analyse your files. ETI does not inspect, read, classify, or extract information from file contents. Processing is fully automated. No human at ETI reviews the content of your files unless you explicitly share content with our support team as part of a technical issue report.

Third-party processing infrastructure. Processing jobs run on Amazon Web Services (AWS) infrastructure including S3 storage and compute services. AWS processes files only as a sub-processor under our direction; AWS does not use your file content for any independent purpose. See Section 5 for a full list of sub-processors.

Your responsibility. You are responsible for ensuring that content you submit complies with applicable intellectual property laws and does not violate these Terms. See the Terms of Service, Section 7, for the full file processing policy.

4. How we use your information

We use the information we collect to:

  • Create and manage your account and API keys
  • Authenticate your identity and enforce two-factor authentication requirements
  • Process payments, manage your wallet balance, and issue invoices
  • Execute processing jobs you submit via the API
  • Detect and prevent abuse, fraud, and violations of the Terms of Service
  • Respond to support requests
  • Send transactional communications: job completion notifications, billing confirmations, security alerts, and service status updates
  • Comply with legal obligations

We do not:

  • Sell your personal information to any third party
  • Share your data with advertisers or data brokers
  • Use your data for targeted advertising or profiling
  • Use file contents to train, fine-tune, or improve any AI model
  • Use job metadata to analyse the nature of your business beyond what is necessary for abuse detection and billing accuracy

5. Sharing and disclosure

Sub-processors. We use the following third-party services to operate Botverse. Each operates under a data processing agreement that restricts their use of data to providing services to ETI:

CategoryWhat we collectRetention
Amazon Web Services (AWS)S3 object storage (temporary file objects), Lambda and ECS Fargate compute for processing jobsUnited States
SupabasePostgreSQL database (account data, job metadata, billing records), authenticationUnited States
StripePayment processing, card storage, invoicingUnited States
VercelNext.js hosting for the Botverse website and dashboardUnited States / Global edge

Legal requirements. We may disclose personal information if required by law, regulation, or valid legal process (court order, subpoena). Where permitted, we will notify you before disclosing.

Safety. We may share information where we believe in good faith that disclosure is necessary to prevent imminent physical harm to a person.

Business transfer. If ETI is acquired by or merges with another company, your information may transfer as part of that transaction. We will notify you before any such transfer and ensure the acquiring entity agrees to equivalent privacy standards.

No sale of data. ETI does not sell personal information. Full stop.

6. Data retention

  • File input/output objects: deleted automatically within 24 hours of the job lifecycle endpoint (upload for inputs; download availability for outputs)
  • Job metadata: retained 90 days from job completion, then permanently deleted
  • Server logs: retained 90 days, then deleted
  • Account data (email, preferences, API key records): retained for the life of the account. Permanently deleted 30 days after account closure
  • Billing records (invoices, transaction history): retained 7 years as required by applicable tax and accounting law
  • Support communications: retained 2 years, then deleted

When you close your account, all account data and job metadata are scheduled for deletion. Deletion runs automatically 30 days after closure. Billing records are retained for the mandatory 7-year period regardless of account status. Following the 30-day deletion window, personal data recovery is not possible.

7. Your rights

Regardless of where you are located, you have the following rights:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Request correction of inaccurate data.
  • Deletion. Request deletion of your account and personal data. We will fulfil deletion requests within 30 days, subject to mandatory legal retention requirements (billing records).
  • Portability. Request your account data and job history in a machine-readable format (CSV or JSON).
  • Objection. Object to processing in certain circumstances, including for marketing communications.
  • Withdraw consent. Where processing is based on consent, you may withdraw it at any time by closing your account or contacting us.

To exercise any of these rights, contact privacy@botverse.cloud. We will respond within 30 days at no charge for reasonable requests.

8. GDPR and international data transfers

Legal basis for processing (EU/UK users). For account holders in the EEA, United Kingdom, or Switzerland, we process personal data on the following bases:

  • Contract performance — processing account data, billing records, and job metadata to provide the Services
  • Legitimate interests — security monitoring, abuse prevention, platform integrity
  • Legal obligation — retaining billing records as required by law

International transfers. Botverse is operated from the United States. Transfers of personal data from the EEA, UK, or Switzerland to the US are made under Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.

Data Processing Agreement. Enterprise customers requiring a DPA for GDPR compliance should contact privacy@botverse.cloud.

Supervisory authorities. If you are in the EU or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK).

Automated decision-making. Botverse uses automated systems to detect abuse patterns and enforce rate limits. These are operational security measures, not decisions with legal or similarly significant effects on you. Account termination decisions involve human review by ETI staff. If you believe an automated measure has been incorrectly applied to your account, contact privacy@botverse.cloud.

9. California residents (CCPA/CPRA)

California residents have the following additional rights under the CCPA as amended by the CPRA:

  • Know what personal information we collect and how it is used and shared
  • Delete personal information (subject to legal retention exceptions)
  • Correct inaccurate personal information
  • Opt out of the "sale" or "sharing" of personal information — ETI does not sell or share personal information for cross-context behavioural advertising
  • Non-discrimination for exercising your rights

To submit a CCPA request, email privacy@botverse.cloud with "CCPA Request" in the subject line.

10. Children

Botverse is not directed at individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, contact privacy@botverse.cloud and we will delete it promptly.

11. Territorial restrictions

In compliance with US export control laws and OFAC regulations, Botverse is not available to users in or from Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, and Luhansk regions of Ukraine. By creating an account, you confirm that you are not located in or acting on behalf of any person or entity in these territories.

12. Security

ETI implements industry-standard technical and organisational controls to protect personal information:

  • TLS encryption for all data in transit
  • Encryption at rest for database records containing personal data
  • Mandatory 2FA for all accounts before API key issuance
  • API keys are hashed before storage — ETI cannot recover a plaintext key after its initial display
  • S3 file objects are stored in private buckets with per-job access controls — no object is publicly accessible
  • Access to production infrastructure is limited to ETI staff with a demonstrable need
  • Regular security reviews of our infrastructure and access controls

No system is completely secure. In the event of a data breach that creates a risk to your rights and freedoms, we will notify you and applicable regulators as required by law.

13. A note on AI agents and bots

Botverse is designed to be used by automated systems and AI agents. This creates a privacy consideration worth stating explicitly: the account holder — not the bot — is the data subject whose personal information is held in the Botverse platform. The bot is a system consuming an API; it has no personal data of its own in our system.

If your bot submits files containing personal data about other individuals (e.g., an AI agent processing documents that include names, contact details, or other identifiable information belonging to third parties), you — as the account holder — are responsible for ensuring that processing is lawful under applicable data protection law. Botverse processes such files only as a technical intermediary; the data controller obligations for that third-party personal data rest with you.

If you are subject to GDPR or CCPA requirements in your operations and you process personal data of others via Botverse, you should review whether a Data Processing Agreement (DPA) with ETI is required. Contact privacy@botverse.cloud to request one.

14. Changes to this policy

We may update this policy from time to time. For material changes, we will notify you by email before the changes take effect. The effective date at the top of this page reflects the most recent update. Continued use of Botverse after a notified change constitutes your acceptance of the updated policy.

The current version is always available at botverse.cloud/legal/privacy.

15. Contact and complaints

Entertainment Technologists Inc.
Sedona, Arizona, USA
privacy@botverse.cloud

We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to complain to the relevant data protection authority in your jurisdiction.