Privacy Policy — Botdocs

Introduction

This Privacy Policy explains what data Botdocs collects when you use the website, CLI, and API (collectively, the “Service”), why we collect it, who processes it on our behalf, and the rights you have over it. It applies to anyone who creates an account or interacts with the Service.

What we collect

Email address. Required to create an account and to send transactional email (sign-in codes, team invites, security notices).
OAuth profile information. If you sign in with GitHub or Google, we receive your name, username, avatar URL, and verified email from the provider.
Skills and publishing data. The skills, prompts, descriptions, and metadata you publish to Botdocs.
Install counts and usage telemetry. Aggregate counts of how often skills are installed and viewed, used for ranking, trending lists, and basic analytics.
IP address and user-agent on sign-in. Recorded for security, fraud prevention, and to help you spot unfamiliar sign-ins.
Team membership. The teams you create or join, the role you have in each (admin/member), and the invites you've sent or accepted.

How we use it

To operate the Service — let you publish, browse, install, and share skills with your team.
To authenticate you and protect your account from unauthorized access.
To prevent abuse, fraud, and Terms-of-Service violations.
To produce aggregate analytics — install counts, trending lists, category breakdowns — that help users discover skills and help us improve the product.
To send transactional email tied to your account activity (sign-in codes, invite delivery, account-deletion confirmations). We don't send marketing email without your consent.

We don't sell your personal data. We don't share it with third parties for advertising.

CLI-specific privacy

The Botdocs CLI runs on your machine. It only sends data to the Service when you explicitly run a command that requires it. Below is what each command transmits — nothing else leaves your machine.

botdocs login. Opens your browser, completes OAuth on the website, and stores the resulting API token in your OS keychain (macOS Keychain, Windows Credential Manager, or Secret Service on Linux). Nothing about your machine other than the token is sent to Botdocs.
botdocs install, botdocs sync. Downloads skill files from the Service and writes them to your local agent directory. Increments the installed skill's public install counter. Does not upload any local file contents.
botdocs login --sync-library. Opts in to maintaining a server-side mirror of your installed skills (refs + versions only — file contents stay local). This is what powers the “Your installs” shelf on /library.
botdocs ingest. Reads files from the path you pass and uploads them as drafts under your account. Drafts are private until you publish them — but they are sent to the Service. Don't ingest a directory you wouldn't hand to us directly.
botdocs publish, botdocs unpublish, botdocs delete. Sends the published skill (or removal request) to the Service.
botdocs search, botdocs whoami. Sends an authenticated request. No local file content involved.

The CLI does not send anonymous usage telemetry, crash beacons, or any background pings. If a command fails, the error message you see locally is the same error we see — nothing extra is shipped.

Third-party processors

We use the following sub-processors to operate the Service. Each one has its own privacy policy that describes how it handles the data we pass to it.

Vercel. Web hosting and request analytics. Privacy policy →
Railway. Database hosting for account, skill, and registry data. Privacy policy →
GitHub. OAuth authentication when you sign in with GitHub. Privacy policy →
Google. OAuth authentication when you sign in with Google. Privacy policy →
Resend. Transactional email (sign-in codes, team invites, notifications). Privacy policy →

International data transfers

Our processors are based in the United States. If you're accessing Botdocs from the European Economic Area, the United Kingdom, or Switzerland, your personal data is transferred to the US for processing. We rely on the European Commission's Standard Contractual Clauses (and the UK's equivalent IDTA addendum) as the legal basis for those transfers, plus the Data Privacy Framework where the processor self-certifies.

Specific processor adequacy is documented in each processor's linked privacy policy above. If you have questions about the transfer basis for a particular processor, email support@botdocs.ai.

Your rights

Depending on where you live, you may have rights under privacy laws like the GDPR (European Economic Area, UK) or the CCPA (California). Regardless of where you are, you can exercise the following:

Access. Request a copy of the personal data we hold about you. A self-serve export feature is on our roadmap; until it ships, email the address below and we'll fulfill the request manually.
Correction. Update your profile (display name, username, email) from /settings.
Deletion. Delete your account and all associated content from /settings/account. Deletion is irreversible.
Portability. Your published skills are already available as raw files via the public API; the export feature above will cover any non-public account data.
Objection. You can object to specific processing activities by emailing us. If we can't accommodate an objection, we'll explain why.

Cookies and local storage

We use a small set of strictly-necessary cookies (to keep you signed in) plus a few browser localStorage keys for UI preferences. We don't use third-party advertising cookies, cross-site trackers, or behavioral analytics. We use Vercel Analytics for privacy-friendly request analytics, which does not set tracking cookies and does not build a cross-site profile of you.

A full enumeration of every cookie and localStorage key — what it's for, how long it persists, whether it's essential — lives on the Cookies page.

Data retention

We keep your account data and published content for as long as your account is active. When you delete your account, we permanently delete your profile, your API tokens, and your skills from our database within 30 days. Specific categories:

Account & profile. Until you delete it, then within 30 days.
Published skills. Until you unpublish or delete (drafts are hard-deleted; published skills soft-delete to preserve install history, then hard-delete after 90 days).
API tokens. Until you revoke them or 180 days of inactivity, whichever comes first.
Sign-in IP & user-agent records. 90 days for the rolling security log.
Audit-log entries. 12 months, then deleted.
Aggregate counters (install/view counts). Retained indefinitely in non-identifying form. We strip any personal identifiers from them on account deletion.
Backups. Database backups retain a snapshot for up to 30 days; deleted data is purged from backups on the standard rotation.

We may keep limited records longer where required for legal compliance (e.g., responding to a valid government request, or tax/accounting obligations once paid plans launch). Those records are not used for any other purpose.

Security

We use industry-standard practices to protect the data you entrust to us:

HTTPS for every request to the website, CLI, and API. The Service does not accept plaintext HTTP.
At-rest encryption on the database (Railway PostgreSQL) and on any backups.
Email OTP and OAuth (GitHub, Google) for sign-in — passwords are not stored in our database.
API tokens are stored hashed; the only place the plaintext token exists after issuance is your local keychain.
Production database access is restricted to a small set of engineers and audited.
Dependencies are kept up to date and scanned for known vulnerabilities on every CI run.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to support@botdocs.ai — we'll acknowledge within 72 hours.

Breach notification

If we discover a breach that affects your personal data, we'll notify affected account holders by email and update our public security page without undue delay — within 72 hours of confirming the breach, consistent with GDPR Article 33. The notice will describe what happened, what data was affected, what we're doing about it, and what (if anything) you should do.

Sub-processor changes

The list of third-party processors above is current as of the “Last updated” date at the top of this page. If we add or replace a sub-processor that handles personal data, we'll update this page and email account holders at least 14 days before the new processor starts handling data, giving you a window to object or close your account.

Children

Botdocs is not directed to children under 13, and we don't knowingly collect personal data from them. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we'll notify account holders by email at least seven days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Privacy questions or requests? Email support@botdocs.ai.

Introduction

What we collect

Email address. Required to create an account and to send transactional email (sign-in codes, team invites, security notices).
OAuth profile information. If you sign in with GitHub or Google, we receive your name, username, avatar URL, and verified email from the provider.
Skills and publishing data. The skills, prompts, descriptions, and metadata you publish to Botdocs.
Install counts and usage telemetry. Aggregate counts of how often skills are installed and viewed, used for ranking, trending lists, and basic analytics.
IP address and user-agent on sign-in. Recorded for security, fraud prevention, and to help you spot unfamiliar sign-ins.
Team membership. The teams you create or join, the role you have in each (admin/member), and the invites you've sent or accepted.

How we use it

To operate the Service — let you publish, browse, install, and share skills with your team.
To authenticate you and protect your account from unauthorized access.
To prevent abuse, fraud, and Terms-of-Service violations.
To produce aggregate analytics — install counts, trending lists, category breakdowns — that help users discover skills and help us improve the product.
To send transactional email tied to your account activity (sign-in codes, invite delivery, account-deletion confirmations). We don't send marketing email without your consent.

We don't sell your personal data. We don't share it with third parties for advertising.

CLI-specific privacy

The Botdocs CLI runs on your machine. It only sends data to the Service when you explicitly run a command that requires it. Below is what each command transmits — nothing else leaves your machine.

botdocs login. Opens your browser, completes OAuth on the website, and stores the resulting API token in your OS keychain (macOS Keychain, Windows Credential Manager, or Secret Service on Linux). Nothing about your machine other than the token is sent to Botdocs.
botdocs install, botdocs sync. Downloads skill files from the Service and writes them to your local agent directory. Increments the installed skill's public install counter. Does not upload any local file contents.
botdocs login --sync-library. Opts in to maintaining a server-side mirror of your installed skills (refs + versions only — file contents stay local). This is what powers the “Your installs” shelf on /library.
botdocs ingest. Reads files from the path you pass and uploads them as drafts under your account. Drafts are private until you publish them — but they are sent to the Service. Don't ingest a directory you wouldn't hand to us directly.
botdocs publish, botdocs unpublish, botdocs delete. Sends the published skill (or removal request) to the Service.
botdocs search, botdocs whoami. Sends an authenticated request. No local file content involved.

The CLI does not send anonymous usage telemetry, crash beacons, or any background pings. If a command fails, the error message you see locally is the same error we see — nothing extra is shipped.

Third-party processors

We use the following sub-processors to operate the Service. Each one has its own privacy policy that describes how it handles the data we pass to it.

Vercel. Web hosting and request analytics. Privacy policy →
Railway. Database hosting for account, skill, and registry data. Privacy policy →
GitHub. OAuth authentication when you sign in with GitHub. Privacy policy →
Google. OAuth authentication when you sign in with Google. Privacy policy →
Resend. Transactional email (sign-in codes, team invites, notifications). Privacy policy →

International data transfers

Specific processor adequacy is documented in each processor's linked privacy policy above. If you have questions about the transfer basis for a particular processor, email support@botdocs.ai.

Your rights

Depending on where you live, you may have rights under privacy laws like the GDPR (European Economic Area, UK) or the CCPA (California). Regardless of where you are, you can exercise the following:

Access. Request a copy of the personal data we hold about you. A self-serve export feature is on our roadmap; until it ships, email the address below and we'll fulfill the request manually.
Correction. Update your profile (display name, username, email) from /settings.
Deletion. Delete your account and all associated content from /settings/account. Deletion is irreversible.
Portability. Your published skills are already available as raw files via the public API; the export feature above will cover any non-public account data.
Objection. You can object to specific processing activities by emailing us. If we can't accommodate an objection, we'll explain why.

Cookies and local storage

A full enumeration of every cookie and localStorage key — what it's for, how long it persists, whether it's essential — lives on the Cookies page.

Data retention

Account & profile. Until you delete it, then within 30 days.
Published skills. Until you unpublish or delete (drafts are hard-deleted; published skills soft-delete to preserve install history, then hard-delete after 90 days).
API tokens. Until you revoke them or 180 days of inactivity, whichever comes first.
Sign-in IP & user-agent records. 90 days for the rolling security log.
Audit-log entries. 12 months, then deleted.
Aggregate counters (install/view counts). Retained indefinitely in non-identifying form. We strip any personal identifiers from them on account deletion.
Backups. Database backups retain a snapshot for up to 30 days; deleted data is purged from backups on the standard rotation.

Security

We use industry-standard practices to protect the data you entrust to us:

HTTPS for every request to the website, CLI, and API. The Service does not accept plaintext HTTP.
At-rest encryption on the database (Railway PostgreSQL) and on any backups.
Email OTP and OAuth (GitHub, Google) for sign-in — passwords are not stored in our database.
API tokens are stored hashed; the only place the plaintext token exists after issuance is your local keychain.
Production database access is restricted to a small set of engineers and audited.
Dependencies are kept up to date and scanned for known vulnerabilities on every CI run.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to support@botdocs.ai — we'll acknowledge within 72 hours.

Breach notification

Sub-processor changes

Children

Botdocs is not directed to children under 13, and we don't knowingly collect personal data from them. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy

Contact

Privacy questions or requests? Email support@botdocs.ai.