messenger

Introduction

Welcome to BotSailor (https://botsailor.com). We take your privacy seriously and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, and how you can exercise your rights.

This policy applies to all users of our platform including website visitors, customers, and partners (you or users).

Who We Are

BotSailor is a global SaaS platform specializing in advanced messaging automation and conversational marketing. We empower businesses of all sizes to engage with their customers across popular messaging platforms such as WhatsApp, Facebook Messenger, Instagram, Telegram, and Website Live Chat—using intelligent chatbot workflows, AI capabilities, and integrated marketing tools.

Our platform enables brands to generate leads, automate conversations, support sales, broadcast promotions, and build customer relationships—while complying with modern privacy and data protection standards.

We operate with a strong commitment to user privacy, data transparency, and responsible data management practices. Whether you`re using BotSailor to run campaigns, train AI assistants, or build powerful automation flows, your privacy is one of our top priorities.

Information We Collect

We collect various types of information to provide and improve our services, ensure security, comply with legal requirements, and offer a personalized user experience. The types of data we collect fall into the following categories:

A. Information You Provide to Us Directly

When you use BotSailor, you may provide us with personal information, including:

Account Registration Data : Name, email address, phone number, password, and language preference.

Profile Information : Business name, industry, company size, website URL, time zone, social profiles, and brand logo.

Billing & Payment Details : Billing name, address, credit/debit card details (handled securely by third-party processors), tax ID, and transaction history.

Customer Support Interactions : Any information you provide when you communicate with us via email, support tickets, or live chat (e.g., questions, feedback, screenshots, attachments).

Content You Generate : Message templates, chatbot flows, automation logic, AI training datasets, labels, tags, and subscriber notes created or uploaded by you on the platform.

Consent Preferences : Communication opt-in/opt-out preferences, cookie consent selections, and privacy settings.

B. Information We Collect Automatically

When you interact with BotSailor (e.g., visit the website, log in to your dashboard, or use any feature), we automatically collect:

Device & Technical Data

  • • IP address
  • • Browser type and version
  • • Operating system
  • • Device type and identifiers (e.g., User Agent, screen size)
  • • Referral URLs

Usage Data

  • • Pages visited
  • • Features accessed
  • • Time spent on pages or campaigns
  • • Error messages or performance metrics

Location Information

Approximate location derived from your IP address

Log Files

System logs generated when using our APIs or back-end systems, which may include timestamped metadata, request headers, and usage traces.

C. Information from Third Parties and Integrations

If you connect third-party services to BotSailor, we may collect information from those platforms, such as:

Social Platforms : Facebook Page ID, Instagram account data, WhatsApp business number, Telegram bot token, user profile data, permissions granted, and access tokens (encrypted and secured).

E-commerce Platforms : Shopify or WooCommerce store name, order data, product catalog, customer names/emails, cart status (used only for automation or notification flows you set up).

Email and CRM Tools : Email lists, tags, contact records, or event logs from tools like Sendinblue, Mailgun, or Google Sheets (only if you explicitly connect these).

Authentication & Identity Services : OAuth tokens or user metadata from single sign-on or social login providers (if supported).

D. Cookies and Tracking Technologies

We and our partners use cookies, pixels, and similar technologies to collect data about how users interact with our platform.
Read more about our : Cookie Policy

E. Aggregated and De-Identified Data

We may generate aggregated, anonymized, or de-identified data by removing personally identifiable elements. This data is used for platform performance optimization, analytics, and reporting purposes and is not linked to any individual.

How We Use Your Information

We use the information we collect to provide, improve, and protect the services you use. Here`s a breakdown of how and why we process your data:

To Provide and Operate the Services

  • • Register and manage your BotSailor account
  • • Authenticate your access and ensure account security
  • • Enable you to build, deploy, and manage chatbot automations across supported channels (e.g., WhatsApp, Facebook, Instagram, Telegram)
  • • Process payments and manage billing-related communications
  • • Deliver customer support and respond to your inquiries
  • • Maintain platform uptime, performance, and functionality

To Personalize and Improve Your Experience

  • • Recommend relevant features or tools based on your usage
  • • Remember your language, timezone, and interface preferences
  • • Customize onboarding and training flows
  • • Test new features, perform A/B testing, and gather user feedback

To Communicate With You

  • • Send important service-related communications (e.g., feature updates, account changes, security alerts)
  • • Notify you about scheduled maintenance, downtime, or system changes
  • • Deliver product announcements, educational content, newsletters, and marketing messages (only if you opt-in)
  • • Invite you to participate in surveys or product research

For Analytics and Performance Monitoring

  • • Monitor system performance and fix bugs or issues
  • • Understand user behavior across the platform
  • • Measure effectiveness of product features and marketing campaigns
  • • Generate usage statistics to inform business strategy

All analytics are performed in compliance with applicable data protection laws and, where required, using de-identified or aggregated data.

To Ensure Platform Security and Prevent Abuse

  • • Detect, prevent, and respond to fraud, abuse, or violations of our Terms of Service
  • • Investigate suspicious activity and monitor access logs
  • • Comply with legal obligations and law enforcement requests
  • • Enforce our internal policies and user agreements

To Develop and Train AI Features (Where Applicable)

We may use anonymized data from your chatbot flows and AI training campaigns to: We do not use Google Workspace API data, sensitive customer records, or personally identifiable subscriber data to train generalized AI or machine learning models.

  • • Enhance our natural language processing models
  • • Improve system intelligence and automation accuracy
  • • Support new product development

To Comply With Legal Obligations

We may process your personal data to: Respond to lawful requests by public authorities Comply with data retention, tax, or accounting regulations Fulfill contractual obligations with users and partners

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We process your data based on legal bases including performance of a contract, your consent, legitimate interests, legal obligations, and protection of vital interests.

For detailed information about our GDPR compliance, responsibilities, and supported features, please visit our GDPR Policy.

Sharing Your Data

  • • We share data only when it is needed. We do not sell your personal information.
  • • Payment processors (e.g., Stripe, Paddle)
  • • Email and CRM services (e.g., Sendinblue, Mailgun)
  • • Cloud providers and analytics tools (e.g., Google Analytics)
  • • WhatsApp, Facebook, Instagram, Telegram APIs
  • • Law enforcement if legally required

International Data Transfers

BotSailor is based in Bangladesh, but we serve users globally. Therefore, your personal information may be transferred to, stored, and processed in countries other than your own — including the United States, the European Union, and other jurisdictions where we or our third-party service providers operate. These countries may have data protection laws that are different from your country of residence and may not offer the same level of protection. However, we take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable data protection laws. For users located in the European Economic Area (EEA) or United Kingdom, we rely on:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • • Adequacy decisions (where applicable), or
  • • Your explicit consent when legally required.

By using our services or submitting your information to us, you consent to the transfer of your information to countries outside your own, including to Bangladesh, the U.S., and others, as described in this policy.

Data Retention

We retain your information as long as your account is active or as required to comply with legal, tax, and regulatory requirements. You can request deletion of your data at any time.

Your Rights

Depending on your location, you may have the following rights:

  • • Access your personal data
  • • Correct inaccuracies
  • • Delete your data
  • • Withdraw consent
  • • Object to processing
  • • Request data portability
  • • Limit processing of sensitive information

CCPA/CPRA Rights (California Residents)

If you`re a California resident, you have the right to:

  • • Know what personal data we collect and how we use it
  • • Request deletion of your personal data
  • • Opt-out of sale or sharing (we do not sell your data)
  • • Correct inaccurate personal information
  • • Limit use of sensitive personal information
  • • Not be discriminated against for exercising your rights

You may exercise these rights by emailing us or visiting: https://botsailor.com/tickets

Data Security

We take the security of your personal information seriously and implement a combination of technical, administrative, and organizational safeguards to protect your data against unauthorized access, loss, misuse, or alteration. While no system can be guaranteed 100% secure, BotSailor follows industry best practices to help ensure the confidentiality, integrity, and availability of your information.

Technical Safeguards : We implement advanced technical controls to protect user data, including:

Encryption at Rest and in Transit : All sensitive data is encrypted using industry-standard protocols (e.g., TLS 1.3 for data in transit, AES-256 for data at rest).

Secure Access Control : Access to systems and customer data is restricted to authorized personnel only, using secure authentication methods, including password policies, session management, and IP restrictions where applicable.

Two-Factor Authentication (2FA) : Admin-level access to internal systems is protected by 2FA to prevent unauthorized logins.

Regular System Updates and Patching : Our infrastructure is routinely updated and patched to address emerging security vulnerabilities.

Data Redundancy and Backups : We regularly backup data to prevent data loss and support disaster recovery, with secure offsite replication.

Organizational Safeguards : We maintain strict internal protocols for managing and handling data:

Employee Access Control : Only employees with a legitimate business need have access to personal data, and all access is logged and monitored.

Security Awareness Training : All team members undergo regular training on data protection, privacy awareness, and secure handling practices.

Vendor Risk Management : We evaluate third-party service providers (e.g., cloud storage, payment processors, analytics platforms) for compliance with modern data security standards, and we enter into Data Processing Agreements (DPAs) where applicable.

Audit and Monitoring : We continuously monitor and log access to our systems and perform regular security audits to identify risks and strengthen controls.

Incident Detection and Response :

  • • Detect unauthorized access or suspicious activity
  • • Investigate security incidents rapidly
  • • Notify affected users and relevant authorities if a data breach occurs, in accordance with applicable data protection laws (e.g., GDPR`s 72-hour notification rule)

Payment Security

We do not store credit card numbers or raw payment data on our servers. All payment processing is handled by PCI-DSS compliant third-party providers (e.g., Stripe, Paddle). These providers securely process and encrypt your payment information.

Your Role in Data Security

While we take all reasonable precautions to protect your data, you are responsible for maintaining the security of your account credentials. Please:

  • • Use a strong, unique password
  • • Enable two-factor authentication (if available)
  • • Avoid sharing login details with others
  • • Notify us immediately if you suspect unauthorized access to your account

Third-Party Services

Our platform integrates with third-party platforms including Facebook, Google, WhatsApp, Shopify, etc. These services are governed by their own privacy policies. We recommend reviewing those directly.

Third-Party Certifications and Trust

At BotSailor, we take your trust seriously and ensure that the technologies and services we rely on meet high standards of security, reliability, and compliance. To support our commitment to data protection and operational excellence, we partner with industry-leading infrastructure and service providers that hold the following certifications and comply with recognized standards:

  • • ISO/IEC 27001 – Information Security Management (via cloud infrastructure partners)
  • • SOC 2 Type II – Security, Availability, Confidentiality (via hosting and data center vendors)
  • • PCI-DSS – Payment Card Industry Data Security Standard (via payment processors like Stripe and Paddle)
  • • GDPR & CCPA/CPRA compliance – Verified practices across our platform and core partners

We regularly assess our third-party vendors through security reviews, data processing agreements, and contractual commitments to privacy and confidentiality. This ensures that your data is processed only with trusted entities and in a secure, transparent, and legally compliant manner.

Data Deletion and Deactivation

You can delete or deactivate your account and data by:

  • Visiting your account settings (if available)
  • Contacting us via support ticket

Note: Backup retention may delay full deletion for up to 30 days.

Google API Limited Use Disclosure

Our application integrates with Google Workspace APIs to enhance user functionality. We confirm that any user data obtained through these APIs is used solely to provide or improve user-facing features that are clearly visible within our app’s user interface. We do not use this data to develop, improve, or train generalized AI or machine learning models. Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy,including the Limited Use requirements.

Changes to This Policy

We may update this Policy from time to time. Major changes will be notified by email or site notification. Your continued use of BotSailor after changes constitutes acceptance.

Contact Us

For privacy-related concerns or to exercise your rights, contact us: https://botsailor.com/contact-us