Privacy Policy

“Palbot” (we, us) is the controller of personal data described in this policy.

Account data: email address (or phone number for OTP login), display name, locale, account creation date, plan, and authentication tokens. Stored encrypted at rest.

Workspace configuration: the agent you create (name, system prompt, persona settings), channels you connect, tools and skills you install, knowledge-base sources you upload.

Conversation data: messages exchanged between your end-users and your agent, including tool calls and their results. We store this so the agent has memory across turns and so you can review history in the dashboard.

Credentials for connected services: API keys and OAuth tokens for tools you install (Stripe, Notion, Google, etc.) and the bot tokens / Meta credentials for your channels. Stored encrypted using AES-256-GCM with keys held outside the application database.

Usage and billing data: per-message token counts, tool invocations, audit trail of which tool ran in which mode, cost estimates, Stripe customer ID and subscription details.

To operate the service:

• route inbound messages to the LLM and back to your channel;
• maintain conversation memory and dashboard views;
• execute tool calls and skill invocations on your behalf;
• enforce per-channel mode boundaries and spend caps;
• compute usage, generate invoices, and prevent abuse.

We do not train AI models on your data and we do not sell personal data to third parties.

• Anthropic — message text and tool schemas are sent to Claude to generate replies. Subject to Anthropic’s data policy; not used for training.
• Meta (WhatsApp Cloud API) and Telegram — message routing on the channels you connect.
• Stripe — payment processing. Card data is held by Stripe, not Palbot.
• Tools and MCP servers you install — data is forwarded only when the agent invokes a tool that needs it (e.g. looking up an order in Stripe, reading a Google Sheet).
• Infrastructure providers hosting our database, object storage, and compute. Bound by data-processing agreements.

We follow a defense-in-depth approach: encrypted credentials at rest, row-level security per tenant in the database, per-channel mode gating that prevents personal-only tools from running on customer-facing channels, per-skill allowed-tools whitelisting enforced at the tool-dispatch layer, and an audit log of every tool invocation. No system is perfect — if you discover a vulnerability please email security@palbot.app.

Account, configuration, and conversation data are retained while your account is active. Deleted accounts are soft-deleted immediately; hard deletion happens within 30 days, except where we’re required to keep certain records longer for legal or billing purposes.

You can delete individual conversations, knowledge-base sources, installed tools, and skills at any time from the dashboard.

Depending on where you live, you may have rights to access, correct, port, or delete your personal data, and to object to or restrict certain processing. Email privacy@palbot.app to exercise any of them.

Palbot operates infrastructure in multiple regions. When personal data leaves the EU/EEA we rely on Standard Contractual Clauses or equivalent safeguards.

Palbot is not directed to children under 16. If you become aware that a child has provided us personal data, contact us and we’ll delete it.

We may update this Policy. Material changes will be surfaced in-app or by email before they take effect.

General privacy questions: privacy@palbot.app. Security reports: security@palbot.app.