All Systems Operational
SOC 2
Certified
GDPR
Compliant
Resources
© Botpress 2025
At Botpress, we value privacy. That is why we have established and implemented policies and practices governing personal data.
This statement describes how Botpress Inc. and its relevant affiliates, including Botpress Technologies, Inc. ("Botpress" or "us" or "we"), collect, use, share, store and otherwise process personal data about users of the Botpress Service (the "Service") and personal data processed through our website, which presents our products and services (the “Website”).
Depending on the context, the use of the second person ("you" or "your") refers to a Customer, User, Visitor and/or End-User.
In this Privacy Statement:
The contact details of the person responsible for data processing is the following: legal@botpress.com
We collect analytics data, which includes:
We collect this data when an End-User interacts with a Customer Bot for the sole purpose of providing the Service to our Customers. This data is not personally linked to a specific End-User and is transmitted to us in aggregate form.
We process personal data about End-Users on behalf of our Customers pursuant to their instructions.
We do not use Conversation Data or other End-User personal data for any other purpose, which includes analytics and algorithms and model improvements or training.
We collect the following personal data:
When a Visitor fills out a form on our Website, we collect the following personal data:
When a Visitor browses our Website, we automatically collect the following analytics data, with the use of tools such as Google Analytics:
This information is recorded each time a Visitor interacts with the Website. This data is not personally linked to a specific Visitor and is transmitted to us in aggregate form.
Google Analytics may be deactivated on a browser through an add-on available at this address: https://tools.google.com/dlpage/gaoptout.
We process the personal data collected through the use of the Service or the Website for the following purposes:
We process personal data about Users and Customers to communicate with them about their use of the Service or the Website. We may also send marketing communications about us, our products and promotions, but only if Customers and Users have agreed to receive marketing communications from us. We comply with all applicable regulations regarding unsolicited electronic messages. If you no longer wish to receive electronic communications from us, you may unsubscribe at any time by writing to us at legal@botpress.com
If a Visitor has provided personal data, we use it for communication purposes.
To render the Service, we process personal data to identify and authenticate Users and Customers.
We process aggregated Usage Data to improve our products and services, identify trends in product use and develop new products and offerings.
We also use browser cookies and other tracking technologies to improve our Website.
We process the data collected through the Website to offer Visitors content that corresponds to their situation or interests. For example, the home page of the Website may be displayed according to language preferences, and the products and services displayed may be different depending on geographic location.
We may also use personal data to customize our Customers' and Users' experience of the Service.
We process the data collected through the Website and the Service and data from analytics tools to monitor Users' and Customers' use of the Website and the Service, to prevent misuse of the Website or the Service, to identify problems or bugs with the Website or the Service, and to determine what features need to be improved.
We may use data collected automatically to ensure the security of the Website, the Service and our computer systems (e.g. to prevent misuse or to deter, monitor and prevent fraud).
We process the data collected through the Website to provide marketing materials, and customize our Website and advertising campaigns based on data collected, such as a subscription to our newsletter, interest in our products and services and clickthrough data, including the pages visited or the products viewed on the Website. This data allows us to target audiences to partners offering advertising services.
We use browser cookies and other tracking technologies to personalize Visitors’ experience on the Website and deliver advertisements to targeted audiences (based on Website traffic only).
Data collected through the Service, including Conversation Data, is not used for this purpose.
Where applicable, we process personal data to comply with laws and regulations that apply to our activities, including for dispute resolution, responding to lawful requests and cooperating with government entities or courts.
We retain your personal data only as long as it's necessary for the intended processing purposes or, as the case may be, until you or our Customer request that we destroy it. The retention duration is determined by the reasons for collecting personal data and using the information and/or as mandated by relevant laws.
Botpress has operations in multiple countries. Some data relating to the use of the Service and the Website, email automation, support requests and payments are processed by our service providers through facilities that may be located in other jurisdictions. Therefore, your personal data may be accessed or transferred outside your country of residence.
Personal data about End-Users collected through the Service (such as Conversation Data) is stored electronically by our service providers on servers located in the United States or other locations determined by the relevant Customer.
We ensure that the transfer of such Personal Data is made in a secure manner, with appropriate safeguards concerning the nature of the personal data being transferred.
In case of transfers of personal data outside the European Economic Area, the United Kingdom or Switzerland, we rely on appropriate transfer mechanisms and are compliant with the EU-US, UK-US and/or Swiss-US Data Privacy Framework self-certification program operated by the US Department of Commerce. Please refer to the “Information for individuals in the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland’’ section for more information.
Data generated from Google Analytics is stored on servers controlled by Google.
Botpress has put in place organizational, physical and technical measures to secure the personal data entrusted to us, which you can find in Schedule 2 of our Data Processing Agreement. You can also ask for a complete description of the security measures in effect to protect personal data at any time by writing to us at legal@botpress.com
Your personal data is hosted on servers operated by our service providers and is protected against unauthorized access or use by security measures proportionate to the sensitivity of the data. Any financial data is subject to additional security measures that comply with the standards established by payment card networks.
Our employees and suppliers are informed of the confidential nature of personal data collected through the Website and the Service. They are made aware of the appropriate security measures to prevent unauthorized access to personal data through an enterprise-wide cybersecurity policy and training.
We only share personal data in the manner described in this statement. Your personal data may be disclosed to the categories of recipients below for the following purposes:
Personal data is accessible to our officers and employees, who must have access to it as part of their duties. Each employee is bound by a confidentiality agreement.
We share personal data collected through the Service about End-Users with our Customer controlling the Customer Bot with which the End-User interacts. The Customer is the controller with respect to such personal data.
We share personal data with service providers that allow us to provide our services more efficiently. We only share personal data with service providers that agree in writing to keep personal data confidential and which implement security and personal data protection measures comparable to our own.
A list of our service providers processing personal data is available in Schedule 1 of this statement.
We may share your personal data with the Botpress family for the purposes outlined in this statement.
We may verify the identity of individuals asking to exercise their rights with respect to their personal data. Any information collected to perform this verification will not be used for any other purpose.
When we process your personal data on behalf of our Customers (e.g. if you are an End-User and you interact with a Customer Bot), you must directly contact our Customer to exercise your rights in connection with your personal data. When this situation applies, we will forward your requests to the relevant Customer and will collaborate with the Customer in relation to your request. We are not authorized by our Customers to release information to End-Users. Conversation Data and personal data about Users are typically processed on behalf of our Customers.
Your browser allows you to withdraw your consent to certain processing of your personal data, in particular by preventing the recording of browser cookies.
If you wish to withdraw your consent to the processing of your personal data beyond what is permitted by the Website or your browser, please notify us by writing to us at legal@botpress.com. Using the Website or the Service entails some processing of your personal data. The only way to stop all processing of your personal data is to stop using the Website and the Service.
Subject to what is stated in the ‘’Data controlled by Customers’’ section, if you would like to access personal data we hold about you or have inaccurate personal data modified in our files, you may make a request at legal@botpress.com We will respond to your request promptly and no later than required under applicable law. If required by law, we will provide personal data in a structured, commonly used and machine-readable format.
Subject to what is stated in the ‘’Data controlled by Customers’’ section, you may, in certain circumstances, request the deletion of personal data that we hold about you. To make such a request, please write to us at legal@botpress.com. We will respond to your request promptly and no later than required under applicable law. If you continue to use the Website or the Service, we will again collect certain personal data about you.
Subject to what is stated in the ‘’Data controlled by Customers’’ section, End-Users may request the restriction of the processing of their personal data where such processing is unlawful, if End- Users contest the accuracy of such personal data or where deletion of personal data is not permitted under applicable law. You may make a request at legal@botpress.com.
Subject to what is stated in the ‘’Data controlled by Customers’’, you may have the right to limit the use and disclosure of your personal data. Although Botpress currently does not share personal data with third parties, we remain committed to ensuring you can exercise this right should that practice change in the future. Specifically, you will have the option to opt-out whether your personal data is disclosed to a third party or used for a purpose materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.Moreover, for sensitive personal data processing, Botpress must always obtain your affirmative express consent (opt-in) before such information is disclosed to a third party or used for a purpose other than those originally stated or subsequently authorized by you.You may make a request at legal@botpress.com.
If you wish to lodge a complaint in relation to the processing of your personal data by Botpress, you may do so by writing to legal@botpress.com. You may also lodge a complaint about our processing of personal data to the supervisory authority of your place of residence. If you are a EU, UK or Switzerland resident and you wish to make a complaint in relation to the transfer of your personal data outside of these regions, please refer to the “Information for individuals in the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland’’ section for more information. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Botpress commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received, in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
We use browser cookies and other tracking technologies to:
Visitors can control the storage of browser cookies from their browser. Cookies and trackers that are not strictly necessary for the website's operation will not be used without the Visitor’s consent. Some tracking technologies are provided by our suppliers, which may be able to combine some of the data collected through the Website with other data they hold about Visitors.
If you want to understand how we use Google Analytics, refer to the ‘’What Personal Data is collected through the Website’’ section.
Botpress Service and Website do not knowingly collect personal data from children under the age of 16, as the Service and Website do not target children. Children under 16 years of age should not use our Service or Website or provide Botpress with any personal data without the consent of a parent or legal guardian. Should we become aware of the collection of personal data from a minor under 16 years of age, we may promptly remove this information without prior notice. If you suspect such an incident, please contact legal@botpress.com
Botpress adheres to GDPR and is part of an EU Data Protection Representative Program. We will process personal data based on the following legal basis:
Your personal data might undergo processing, transfer, or disclosure in the United States and other countries where our affiliates and service providers operate or have servers. We ensure that the recipient of your personal data maintains an adequate level of protection. This is achieved through arrangements such as back-to-back agreements with standard contractual clauses or other approved transfer mechanisms, as sanctioned by the European Commission or the relevant data protection authority.
If you are a Customer, we strongly advise initiating a Data Processing Agreement (DPA) with us. You can find our DPA by clicking here or visiting our legal portal. This document constitutes a formal agreement that acknowledges Botpress’ GDPR compliance and assists you in upholding GDPR standards in its utilization of Botpress as a data processor. A signed copy of our DPA can be obtained by contacting legal@botpress.com
Botpress is committed to implementing appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. This includes protecting data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Botpress has appointed a Data Protection Officer (DPO) who is responsible for ensuring compliance with data protection laws and regulations, including GDPR. You may reach out to the DPO by email at legal@botpress.com
VeraSafe has been appointed as Botpress’ representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Botpress’ DPO, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
Netherlands
For any additional information with respect to our processing of personal data, you may contact us at legal@botpress.com.
EU-US, UK-US, Swiss-US Data Privacy Framework
In alignment with our commitment to upholding robust data protection measures when transferring personal data from the EEA or UK to the United States, we actively engage in the EU-US Data Privacy Framework ("EU Framework"), the UK Extension to the EU Framework ("UK-US Framework") and the Swiss-US Data Privacy Framework ("Swiss-US Framework") (collectively the "Frameworks"). The following US-based entity is fully compliant with the Frameworks:
Botpress Inc. adheres fully to the Frameworks. Botpress is certified by the US Department of Commerce in relation to the processing of personal data received from the EEA, UK and Switzerland. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) for the purposes of the Frameworks.
In cases of any discrepancies between the terms stated in this statement and the Frameworks, the Frameworks shall take precedence. For more information about the Frameworks and to access our certification details, please visit https://www.dataprivacyframework.gov/.
Complaints
Botpress commits to addressing complaints regarding the protection and processing of your personal data that is transferred to the United States under the Frameworks. If you are an individual from the EEA, UK or Switzerland with inquiries or complaints related to the Frameworks, please contact legal@botpress.com. We will thoroughly investigate and seek resolutions for any complaints or disputes concerning the processing of personal data within 45 days of receiving your complaint.
Should your complaint remain unresolved through these channels, there exists the option, under specific conditions, to invoke binding arbitration for certain remaining claims that haven't been addressed by alternative redress mechanisms. Further details can be found at: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
If a privacy complaint or dispute relating to personal data received by Botpress in reliance on the Frameworks cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you.
To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy- services/dispute-resolution/submit-dispute/
If a complaint or dispute cannot be resolved through this process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.
Onward Transfers
With regard to accountability for onward transfers, Botpress acknowledges its duty regarding the processing of personal data received and subsequently transmitted to our service providers. We maintain accountability according to the Frameworks if a service provider handles personal data covered by this statement in a manner inconsistent with the Frameworks. This remains true unless Botpress can demonstrate that we are not responsible for the incident that led to the damages.
We may modify this Privacy Statement from time to time to reflect changes in our personal data processing practices or any requirement under applicable law. If a modification is made, the new statement will be available through the Service and on this Website.
The statement posted via this website shall be deemed to be the statement then in effect and the date at the top of the statement will be updated to reflect the date of effectiveness. We recommend that you check this website from time to time to inform yourself of any changes in this statement.
Schedule 1 - List of Service Providers (Subprocessors) Data collected through the Website
Google LLC
Facebook Inc.
LinkedIn Corporation
Hubspot
Hotjar
Salesforce
Mixpanel
Intercom
Data collected through the Service
Amazon Web Services
Google Analytics
Freshdesk
Hotjar
OpenAI
Microsoft Azure
Mixpanel
Intercom