Privacy Policy

Effective date: [Effective Date] Last updated: [Effective Date]

This Privacy Policy explains how CloudLine collects, uses, shares, and protects personal information when you use our service. It is written to be readable; if anything is unclear, please contact us at the address in §13.

1. Who we are

CloudLine ("we", "us", "our") is an uptime and observability service for Discord bots, accessible at https://cloudline.kescohhtwitch.workers.dev, our documentation site at https://cloudline-docs.kescohhtwitch.workers.dev, and any successor domains (the "Service").

CloudLine is operated by [Founder Name], a sole proprietor based in [City], Hungary (European Union). Business registration is in progress; this notice will be updated with the registered business name, Hungarian tax number (adószám), and registry number (nyilvántartási szám) upon completion.

For privacy-related questions, requests, or complaints, contact us at:

Email: [hello@cloudline.app]
Postal: [postal address available on request]

You may also contact your local data protection authority. In Hungary, this is the National Authority for Data Protection and Freedom of Information (NAIH) — naih.hu.

We are the data controller for personal data we process under this policy, except where we act as a processor on your behalf (see §6).

2. Scope

This policy covers personal data we process when you:

Create or use a CloudLine account
Configure and monitor Discord bots through the Service
Subscribe to a paid plan
Contact us by email or community channels

This policy does not cover:

Personal data your Discord bot independently collects from its end users — you remain the controller of that data
Third-party services we link to (e.g., Discord's site, Paddle's checkout pages) — their own privacy policies apply

3. What information we collect

3.1 Account and identity

When you sign in through Discord, Google, or GitHub OAuth, we receive from the provider:

Your display name
Email address
Profile picture URL
Provider account ID and OAuth tokens (stored to maintain the link)

We do not collect or store your password — authentication is fully delegated to the OAuth provider.

You may optionally upload a custom profile picture. If you do, we store it in Cloudflare R2 as a 256×256 WebP image keyed by your user ID.

3.2 Authentication and security

Session cookie — a signed, httpOnly cookie identifying your session; valid up to 30 days, refreshed every 24 hours of activity
Two-factor authentication (2FA), if you enable it: a TOTP secret and backup codes, both encrypted at rest with our application secret
Trust-device cookie, if you opt in on the 2FA challenge page: a signed cookie valid for 30 days that lets the device skip the second factor; revoke by signing out
Active sessions — for each sign-in, we store the IP address, user agent string, sign-in time, and last-active time, so you can review and revoke them from your account settings

3.3 Bot configuration (information you supply)

Discord bot tokens — encrypted at rest with AES-256-GCM using a key held only by our worker runtime; never returned to the client, never logged in plaintext
Bot metadata — name, optional tags, accent color, Discord client ID, Discord username, Discord avatar URL
Alert configuration — optional email recipient, Discord webhook URL (encrypted at rest), quiet-hours window, Business-tier branding (logo URL, reply-to email, footer text, brand color), per-channel notification toggles, threshold settings
Public status page — an optional slug you choose to expose a /<slug> page; the page does not show personal information beyond the bot's display name and avatar

3.4 Monitoring data (generated by the Service)

We generate the following from your bot's interactions with the Service:

Heartbeat events — timestamps, status, latency, error code/message
5-minute aggregates and daily rollups — counts, average/min/max latency
Telemetry (optional, sent by your bot) — slash and component command latency percentiles, memory, CPU, gateway health, shard status, event-loop lag, guild count, uptime
Error events (optional) — error messages, stack traces, and context JSON your bot reports through our ingestion API
Incidents — start time, end/duration, your optional postmortem notes
Alert dispatch history — channel, type, delivery outcome, error string (if any), timestamps

Retention windows are documented in §8.

3.5 Billing

If you subscribe to a paid plan, Paddle.com Market Ltd acts as the Merchant of Record. We receive from Paddle:

Your Paddle customer ID
Subscription status, plan tier, billing cycle, period start/end, next billing date

We never see or store your payment card details. Paddle's own privacy policy applies to payment processing — see paddle.com/legal/privacy.

3.6 Communications and support

If you contact us by email or community channel, we retain the message and relevant metadata in order to respond and improve the Service.

3.7 Technical logs

Application logs — structured request records (timestamp, route, status code, latency, user ID where applicable); retained 7 days
Security events — authentication attempts, CSP violation reports, rate-limit hits; retained 30 days
No third-party analytics, advertising, or tracking pixels run on CloudLine

3.8 Documentation AI chat

Our documentation site offers an optional AI assistant. When you send a message:

The message text is processed by Cloudflare Workers AI to generate an answer grounded in our public documentation. We do not store your chat messages on our servers — your conversation history (and a short-lived marker recording that you passed the bot check) is kept only in your browser's local storage, and you can clear it at any time.
To protect the feature from automated abuse, we use Cloudflare Turnstile, a privacy-preserving CAPTCHA alternative that evaluates browser signals and your IP address to confirm you are human. After a successful check we set a single strictly-necessary cookie so you are not re-challenged on every message (see §5.1). Turnstile does not track you across sites.

4. How we use your information

We process personal data only where we have a lawful basis under GDPR Article 6:

Purpose	Data categories	Legal basis
Provide the Service (sign-in, monitoring, alerts, dashboard, public status page)	§3.1, §3.2, §3.3, §3.4	Performance of contract — Art. 6(1)(b)
Process payments and manage your subscription	§3.5	Performance of contract — Art. 6(1)(b)
Send transactional emails (alerts, billing notifications, security notices)	§3.1, §3.3	Performance of contract — Art. 6(1)(b)
Detect, prevent, and respond to abuse, fraud, and security incidents	§3.2, §3.7	Legitimate interest — Art. 6(1)(f)
Comply with legal obligations (accounting, tax, lawful requests from authorities)	§3.5, retained logs	Legal obligation — Art. 6(1)(c)
Improve the Service through aggregated, non-identifying usage signals	§3.4 in aggregate form	Legitimate interest — Art. 6(1)(f)
Optional features (trust-device, custom avatar, public status page, 2FA)	as applicable	Consent — Art. 6(1)(a)

We do not engage in automated decision-making with legal effects on you, and we do not profile you for marketing purposes.

5. Cookies, local storage, and similar technologies

CloudLine uses only cookies and local storage that are strictly necessary to provide features you actively use. We do not use analytics, marketing, or advertising cookies, and we do not require a cookie consent banner.

5.1 Cookies

Name	Purpose	Duration	Set when
Session cookie (Better Auth)	Keeps you signed in	Up to 30 days	You sign in
`two_factor`	Carries your 2FA challenge between OAuth callback and verification	10 minutes	You sign in with 2FA enabled
`trust_device`	Optional: skip 2FA on this device	30 days	You tick "trust this device" on the verify page
`cl_chat_ok`	Confirms you passed the bot check on the documentation AI chat, so you are not re-challenged on every message	30 minutes	You send a message in the docs chat after passing the Turnstile check

All cookies are httpOnly and Secure in production. Most are SameSite=Lax; the documentation-chat cookie (cl_chat_ok) is SameSite=Strict.

5.2 Local storage and session storage

Key	Purpose	Storage
`cl-theme`	Your theme preference (Cloudline / Mono / Light)	localStorage
`cl-desktop-notifications`	Desktop notification opt-in flag	localStorage
`cl-last-bot`	Remembers which bot you last viewed (for the sidebar selector)	localStorage
`cl-bot-detail-tip-seen`	Whether you've dismissed the first-visit tip on a bot detail page	localStorage
`cl_checkout_pending`	Anti double-purchase guard during checkout (auto-expires after 10 minutes)	sessionStorage

Because each of these is essential to a feature you actively use, they fall under the "strictly necessary" exception of the ePrivacy Directive (Art. 5(3)) and EDPB Guidelines 2/2023. No consent banner is therefore required. You may clear them at any time through your browser settings, though doing so will sign you out and reset preferences.

If we ever introduce non-essential cookies (for example, analytics or marketing pixels), we will update this policy and present a consent banner before any such cookies are set.

We engage the following service providers ("subprocessors") to operate CloudLine. Each is bound by a data processing agreement and processes personal data only on our instructions:

Subprocessor	Purpose	Location
Cloudflare, Inc.	Compute (Workers), database (D1), object storage (R2), Durable Objects, rate limiting, DDoS protection, Turnstile bot/abuse protection, and Workers AI for the documentation chat	Global edge; primary region: Europe
Paddle.com Market Ltd	Payment processing as Merchant of Record (subscriptions, taxes, invoices, refunds)	United Kingdom
Resend, Inc.	Transactional email delivery (alerts, account emails)	United States
Discord, Inc.	OAuth authentication (only if you sign in with Discord)	United States
Google LLC	OAuth authentication (only if you sign in with Google)	United States
GitHub, Inc.	OAuth authentication (only if you sign in with GitHub)	United States

An up-to-date list is maintained at /legal/subprocessors. We will notify subscribers in advance of any new subprocessor we add, giving you an opportunity to object before the change takes effect.

We do not sell or rent your personal data, and we do not share it for third-party marketing.

We may disclose personal data when required by law — for example, in response to a valid court order or lawful request from a competent authority — or where necessary to protect our rights, your safety, or the safety of others.

7. International data transfers

CloudLine is based in the European Union, and we prefer EU-located infrastructure where feasible. Some of our subprocessors are headquartered outside the EEA (notably in the United States and the United Kingdom). When personal data is transferred outside the EEA, we rely on one or more of the following safeguards:

The EU-US Data Privacy Framework (Commission Decision 2023/1795) where the recipient is certified
Standard Contractual Clauses (Commission Decision 2021/914) for transfers not covered by an adequacy decision
Supplementary technical measures (encryption at rest, encryption in transit) where appropriate

You can request a copy of the safeguards in place for any specific subprocessor by contacting us at the address in §13.

8. How long we keep your information (retention)

Data	Retention
Account, OAuth account links, profile	While your account exists; cascade-deleted within 30 days of account deletion
Active sessions	Until you sign out or the session expires (max 30 days)
2FA secrets, backup codes	Until you disable 2FA or delete your account
Bot configuration (name, tokens, alert config)	While the bot exists in your account
Heartbeat events, telemetry, error events	7 days (Starter), 30 days (Pro), 90 days (Business)
Uptime aggregates (5-minute buckets, daily rollups)	Indefinitely, as statistical aggregates
Incident records	Same window as the heartbeat retention tier
Alert dispatch history	Last 200 entries per bot
Custom avatar (R2 upload)	Until you remove it or delete your account
Application logs	7 days
Security logs (auth, CSP, rate-limit)	30 days
Billing records and invoices	At least 8 years from the end of the relevant tax year, as required by Hungarian accounting law
Support correspondence	2 years from last reply

When you delete your account, we cascade-delete: user profile, OAuth links, all bot records (and their monitoring events, buckets, incidents, error events, alert configurations, alert history), all active sessions, 2FA records, and your stored avatar. Anonymous, aggregated uptime statistics may be retained for service quality analysis. We may retain limited records longer where required by law.

You have the following rights regarding your personal data:

Right of access (Art. 15) — request a copy of the personal data we hold about you. CloudLine offers a self-service Data Export from your account settings at any time
Right to rectification (Art. 16) — correct inaccurate or incomplete data. You can update most fields directly in the dashboard; contact us for the rest
Right to erasure / "right to be forgotten" (Art. 17) — delete your account from your account settings, or request manual deletion by email
Right to restrict processing (Art. 18)
Right to data portability (Art. 20) — export your data in a structured, machine-readable JSON format from your account settings
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7) — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Right to lodge a complaint with a supervisory authority. In Hungary: NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság) — naih.hu. You may also lodge a complaint with the supervisory authority in your EU/EEA country of residence

To exercise these rights, use the in-product tools where available, or email us at [hello@cloudline.app]. We will respond within one month of receipt, extendable by two further months for particularly complex requests (we will notify you of any extension within the first month).

10. Security

We take security seriously and apply industry-standard practices:

All network transport is encrypted with TLS 1.3
Discord bot tokens and webhook URLs are encrypted at rest with AES-256-GCM
2FA secrets and backup codes are encrypted at rest with our application secret
Authentication uses signed httpOnly, SameSite=Lax cookies; passwords are never stored (OAuth-only sign-in)
Sign-in attempts are rate-limited per IP (5 attempts / 15 minutes)
A Content Security Policy with nonce-based script execution restricts code injection
A two-tier rate limit (per-IP + per-bot) protects ingestion endpoints
Optional two-factor authentication is available to all users at no cost

No system is perfectly secure. If you discover a security vulnerability, please email [hello@cloudline.app] — we appreciate responsible disclosure and will work with you to address it promptly. Please give us a reasonable opportunity to remediate before any public disclosure.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where the risk is high, notify affected users without undue delay.

11. Children's data

CloudLine is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a minor has provided personal data to us, please contact us at [hello@cloudline.app] and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. For material changes, we will notify you by email (to the address on file) and post a prominent notice in the dashboard at least 14 days before the changes take effect. Minor changes (clarifications, formatting, contact-info updates) take effect when posted. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact us

Email: [hello@cloudline.app] — for privacy requests, security disclosures, and general support
Postal address: [postal address available on request]

Operator: [Founder Name], sole proprietor, [City], Hungary (EU).

Privacy Policy

Effective date: [Effective Date] Last updated: [Effective Date]

1. Who we are

For privacy-related questions, requests, or complaints, contact us at:

Email: [hello@cloudline.app]
Postal: [postal address available on request]

You may also contact your local data protection authority. In Hungary, this is the National Authority for Data Protection and Freedom of Information (NAIH) — naih.hu.

We are the data controller for personal data we process under this policy, except where we act as a processor on your behalf (see §6).

2. Scope

This policy covers personal data we process when you:

Create or use a CloudLine account
Configure and monitor Discord bots through the Service
Subscribe to a paid plan
Contact us by email or community channels

This policy does not cover:

Personal data your Discord bot independently collects from its end users — you remain the controller of that data
Third-party services we link to (e.g., Discord's site, Paddle's checkout pages) — their own privacy policies apply

3. What information we collect

3.1 Account and identity

When you sign in through Discord, Google, or GitHub OAuth, we receive from the provider:

Your display name
Email address
Profile picture URL
Provider account ID and OAuth tokens (stored to maintain the link)

We do not collect or store your password — authentication is fully delegated to the OAuth provider.

You may optionally upload a custom profile picture. If you do, we store it in Cloudflare R2 as a 256×256 WebP image keyed by your user ID.

3.2 Authentication and security

Session cookie — a signed, httpOnly cookie identifying your session; valid up to 30 days, refreshed every 24 hours of activity
Two-factor authentication (2FA), if you enable it: a TOTP secret and backup codes, both encrypted at rest with our application secret
Trust-device cookie, if you opt in on the 2FA challenge page: a signed cookie valid for 30 days that lets the device skip the second factor; revoke by signing out
Active sessions — for each sign-in, we store the IP address, user agent string, sign-in time, and last-active time, so you can review and revoke them from your account settings

3.3 Bot configuration (information you supply)

Discord bot tokens — encrypted at rest with AES-256-GCM using a key held only by our worker runtime; never returned to the client, never logged in plaintext
Bot metadata — name, optional tags, accent color, Discord client ID, Discord username, Discord avatar URL
Alert configuration — optional email recipient, Discord webhook URL (encrypted at rest), quiet-hours window, Business-tier branding (logo URL, reply-to email, footer text, brand color), per-channel notification toggles, threshold settings
Public status page — an optional slug you choose to expose a /<slug> page; the page does not show personal information beyond the bot's display name and avatar

3.4 Monitoring data (generated by the Service)

We generate the following from your bot's interactions with the Service:

Heartbeat events — timestamps, status, latency, error code/message
5-minute aggregates and daily rollups — counts, average/min/max latency
Telemetry (optional, sent by your bot) — slash and component command latency percentiles, memory, CPU, gateway health, shard status, event-loop lag, guild count, uptime
Error events (optional) — error messages, stack traces, and context JSON your bot reports through our ingestion API
Incidents — start time, end/duration, your optional postmortem notes
Alert dispatch history — channel, type, delivery outcome, error string (if any), timestamps

Retention windows are documented in §8.

3.5 Billing

If you subscribe to a paid plan, Paddle.com Market Ltd acts as the Merchant of Record. We receive from Paddle:

Your Paddle customer ID
Subscription status, plan tier, billing cycle, period start/end, next billing date

We never see or store your payment card details. Paddle's own privacy policy applies to payment processing — see paddle.com/legal/privacy.

3.6 Communications and support

If you contact us by email or community channel, we retain the message and relevant metadata in order to respond and improve the Service.

3.7 Technical logs

Application logs — structured request records (timestamp, route, status code, latency, user ID where applicable); retained 7 days
Security events — authentication attempts, CSP violation reports, rate-limit hits; retained 30 days
No third-party analytics, advertising, or tracking pixels run on CloudLine

3.8 Documentation AI chat

Our documentation site offers an optional AI assistant. When you send a message:

The message text is processed by Cloudflare Workers AI to generate an answer grounded in our public documentation. We do not store your chat messages on our servers — your conversation history (and a short-lived marker recording that you passed the bot check) is kept only in your browser's local storage, and you can clear it at any time.
To protect the feature from automated abuse, we use Cloudflare Turnstile, a privacy-preserving CAPTCHA alternative that evaluates browser signals and your IP address to confirm you are human. After a successful check we set a single strictly-necessary cookie so you are not re-challenged on every message (see §5.1). Turnstile does not track you across sites.

4. How we use your information

We process personal data only where we have a lawful basis under GDPR Article 6:

Purpose	Data categories	Legal basis
Provide the Service (sign-in, monitoring, alerts, dashboard, public status page)	§3.1, §3.2, §3.3, §3.4	Performance of contract — Art. 6(1)(b)
Process payments and manage your subscription	§3.5	Performance of contract — Art. 6(1)(b)
Send transactional emails (alerts, billing notifications, security notices)	§3.1, §3.3	Performance of contract — Art. 6(1)(b)
Detect, prevent, and respond to abuse, fraud, and security incidents	§3.2, §3.7	Legitimate interest — Art. 6(1)(f)
Comply with legal obligations (accounting, tax, lawful requests from authorities)	§3.5, retained logs	Legal obligation — Art. 6(1)(c)
Improve the Service through aggregated, non-identifying usage signals	§3.4 in aggregate form	Legitimate interest — Art. 6(1)(f)
Optional features (trust-device, custom avatar, public status page, 2FA)	as applicable	Consent — Art. 6(1)(a)

We do not engage in automated decision-making with legal effects on you, and we do not profile you for marketing purposes.

5. Cookies, local storage, and similar technologies

5.1 Cookies

Name	Purpose	Duration	Set when
Session cookie (Better Auth)	Keeps you signed in	Up to 30 days	You sign in
`two_factor`	Carries your 2FA challenge between OAuth callback and verification	10 minutes	You sign in with 2FA enabled
`trust_device`	Optional: skip 2FA on this device	30 days	You tick "trust this device" on the verify page
`cl_chat_ok`	Confirms you passed the bot check on the documentation AI chat, so you are not re-challenged on every message	30 minutes	You send a message in the docs chat after passing the Turnstile check

All cookies are httpOnly and Secure in production. Most are SameSite=Lax; the documentation-chat cookie (cl_chat_ok) is SameSite=Strict.

5.2 Local storage and session storage

Key	Purpose	Storage
`cl-theme`	Your theme preference (Cloudline / Mono / Light)	localStorage
`cl-desktop-notifications`	Desktop notification opt-in flag	localStorage
`cl-last-bot`	Remembers which bot you last viewed (for the sidebar selector)	localStorage
`cl-bot-detail-tip-seen`	Whether you've dismissed the first-visit tip on a bot detail page	localStorage
`cl_checkout_pending`	Anti double-purchase guard during checkout (auto-expires after 10 minutes)	sessionStorage

If we ever introduce non-essential cookies (for example, analytics or marketing pixels), we will update this policy and present a consent banner before any such cookies are set.

We engage the following service providers ("subprocessors") to operate CloudLine. Each is bound by a data processing agreement and processes personal data only on our instructions:

Subprocessor	Purpose	Location
Cloudflare, Inc.	Compute (Workers), database (D1), object storage (R2), Durable Objects, rate limiting, DDoS protection, Turnstile bot/abuse protection, and Workers AI for the documentation chat	Global edge; primary region: Europe
Paddle.com Market Ltd	Payment processing as Merchant of Record (subscriptions, taxes, invoices, refunds)	United Kingdom
Resend, Inc.	Transactional email delivery (alerts, account emails)	United States
Discord, Inc.	OAuth authentication (only if you sign in with Discord)	United States
Google LLC	OAuth authentication (only if you sign in with Google)	United States
GitHub, Inc.	OAuth authentication (only if you sign in with GitHub)	United States

An up-to-date list is maintained at /legal/subprocessors. We will notify subscribers in advance of any new subprocessor we add, giving you an opportunity to object before the change takes effect.

We do not sell or rent your personal data, and we do not share it for third-party marketing.

7. International data transfers

The EU-US Data Privacy Framework (Commission Decision 2023/1795) where the recipient is certified
Standard Contractual Clauses (Commission Decision 2021/914) for transfers not covered by an adequacy decision
Supplementary technical measures (encryption at rest, encryption in transit) where appropriate

You can request a copy of the safeguards in place for any specific subprocessor by contacting us at the address in §13.

8. How long we keep your information (retention)

Data	Retention
Account, OAuth account links, profile	While your account exists; cascade-deleted within 30 days of account deletion
Active sessions	Until you sign out or the session expires (max 30 days)
2FA secrets, backup codes	Until you disable 2FA or delete your account
Bot configuration (name, tokens, alert config)	While the bot exists in your account
Heartbeat events, telemetry, error events	7 days (Starter), 30 days (Pro), 90 days (Business)
Uptime aggregates (5-minute buckets, daily rollups)	Indefinitely, as statistical aggregates
Incident records	Same window as the heartbeat retention tier
Alert dispatch history	Last 200 entries per bot
Custom avatar (R2 upload)	Until you remove it or delete your account
Application logs	7 days
Security logs (auth, CSP, rate-limit)	30 days
Billing records and invoices	At least 8 years from the end of the relevant tax year, as required by Hungarian accounting law
Support correspondence	2 years from last reply

You have the following rights regarding your personal data:

Right of access (Art. 15) — request a copy of the personal data we hold about you. CloudLine offers a self-service Data Export from your account settings at any time
Right to rectification (Art. 16) — correct inaccurate or incomplete data. You can update most fields directly in the dashboard; contact us for the rest
Right to erasure / "right to be forgotten" (Art. 17) — delete your account from your account settings, or request manual deletion by email
Right to restrict processing (Art. 18)
Right to data portability (Art. 20) — export your data in a structured, machine-readable JSON format from your account settings
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7) — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Right to lodge a complaint with a supervisory authority. In Hungary: NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság) — naih.hu. You may also lodge a complaint with the supervisory authority in your EU/EEA country of residence

10. Security

We take security seriously and apply industry-standard practices:

All network transport is encrypted with TLS 1.3
Discord bot tokens and webhook URLs are encrypted at rest with AES-256-GCM
2FA secrets and backup codes are encrypted at rest with our application secret
Authentication uses signed httpOnly, SameSite=Lax cookies; passwords are never stored (OAuth-only sign-in)
Sign-in attempts are rate-limited per IP (5 attempts / 15 minutes)
A Content Security Policy with nonce-based script execution restricts code injection
A two-tier rate limit (per-IP + per-bot) protects ingestion endpoints
Optional two-factor authentication is available to all users at no cost

11. Children's data

12. Changes to this policy

13. Contact us

Email: [hello@cloudline.app] — for privacy requests, security disclosures, and general support
Postal address: [postal address available on request]

Operator: [Founder Name], sole proprietor, [City], Hungary (EU).

Privacy Policy

1. Who we are

2. Scope

3. What information we collect

3.1 Account and identity

3.2 Authentication and security

3.3 Bot configuration (information you supply)

3.4 Monitoring data (generated by the Service)

3.5 Billing

3.6 Communications and support

3.7 Technical logs

3.8 Documentation AI chat

4. How we use your information

5. Cookies, local storage, and similar technologies

5.1 Cookies

5.2 Local storage and session storage

6. Who we share information with

7. International data transfers

8. How long we keep your information (retention)

9. Your rights under GDPR

10. Security

11. Children's data

12. Changes to this policy

13. Contact us

Privacy Policy

1. Who we are

2. Scope

3. What information we collect

3.1 Account and identity

3.2 Authentication and security

3.3 Bot configuration (information you supply)

3.4 Monitoring data (generated by the Service)

3.5 Billing

3.6 Communications and support

3.7 Technical logs

3.8 Documentation AI chat

4. How we use your information

5. Cookies, local storage, and similar technologies

5.1 Cookies

5.2 Local storage and session storage

6. Who we share information with

7. International data transfers

8. How long we keep your information (retention)

9. Your rights under GDPR

10. Security

11. Children's data

12. Changes to this policy

13. Contact us