Privacy Policy
Last updated: April 24, 2026
Quick facts (plain English)
- ✓Your customer data does not train any AI model. Conversations run through Anthropic's Claude API, which by contract does not use API data for training. Same applies to our voice and transcription providers.
- ✓Your knowledge base is isolated to your account. Nothing you upload is shared with other customers, mixed into a global model, or used to answer other businesses' questions.
- ✓We don't sell your data. Ever. Not aggregated, not anonymized, not to advertisers, not to brokers.
- ✓You can export or delete any time. Email us and we'll send you a zip of your data or wipe it — usually within 48 hours.
- ✓We're a Canadian company(Ontario), so PIPEDA applies. We've structured our third-party processors to align with GDPR and CCPA expectations as well.
1. Data Collection
When you use Botnus, we collect information you provide directly, including your name, email address, company name, and payment information. We also collect data generated through your use of our services, such as chatbot conversations, visitor interactions, and lead information captured by your AI chatbot.
2. Use of Data
We use your data to provide, maintain, and improve our services. This includes powering your AI chatbot, processing payments, sending transactional emails, providing customer support, and analyzing usage to improve the platform. We do not sell your personal data to third parties.
3. Cookies
We use essential cookies for authentication and session management. We may also use analytics cookies (such as Google Analytics) to understand how our website is used. You can control cookie preferences through your browser settings.
4. Third-Party Services
Botnus is built on top of a handful of specialist providers. The table below shows what each one sees — not every provider sees everything.
- Anthropic (Claude) — Sees chat + voice conversation content in order to generate replies. Does not retain for training per their API terms. Data is processed, not stored long-term.
- Telnyx — Handles the phone line that routes calls to the AI. Sees call metadata (numbers, timestamps) and call audio. Stores transcripts and conversation records we pull back into Botnus.
- ElevenLabs — Converts text responses into voice audio. Sees only the text the AI is about to say, not the full conversation. Does not retain audio for training.
- Stripe — Handles payment + subscription. Sees billing info. We never touch card numbers directly — they go straight to Stripe.
- Cal.com — Optional. Only invoked when a customer books an appointment. Sees the booking info you've opted to share.
- Proton Mail (SMTP) — Delivers transactional email from
support@botnus.com. Sees recipient addresses and email bodies.
Each third-party service has its own privacy policy governing their use of data they process on our behalf.
5. AI Training & Data Use
This is the question buyers ask most often, so it gets its own section:
Your customer conversations and knowledge-base content are not used to train any AI model— ours, Anthropic's, ElevenLabs's, or anyone else's. The reasons:
- Anthropic's Claude API terms state that API data is not used for model training by default.
- ElevenLabs similarly does not retain generated audio or input text for training.
- Botnus does not run its own training pipeline — we are a customer of these AI providers, not a model builder.
- Your knowledge base (the FAQs, services, and policies you upload) is scoped to your account. It is injected as context into your bot's replies and is never exposed to other customers' bots.
If Anthropic or another provider changes their terms in a way that would affect this guarantee, we will notify you and give you the option to opt out before the change takes effect.
6. Data Retention
We retain your account data for as long as your account is active. Chatbot conversation data is retained for 90 days by default. Lead data is retained until you delete it or close your account. You may request deletion of your data at any time by contacting us.
7. Data Security
We implement industry-standard security measures including encryption in transit (TLS), hashed passwords (bcrypt), rate limiting, and secure session management. However, no method of transmission over the internet is 100% secure.
8. Your Rights
You have the right to access, correct, or delete your personal data. You may also request a copy of your data or ask us to restrict processing. To exercise these rights, contact us at the email below.
9. Contact
For privacy-related questions or requests, contact us at john@upgradeaimedia.com.