Privacy Policy

Effective date: March 1, 2026

Your privacy matters to us. This policy explains what data we collect, how we use it, and the choices you have. We designed Contibot with privacy-first architecture — each user gets an isolated environment and we never train on your data.

1. Information We Collect

We collect the minimum information necessary to provide the Service:

Account Information

When you sign up, we collect your email address, display name, and timezone. If you subscribe to a paid plan, Stripe processes your payment information — we never see or store your full card number.

Conversations & Memory

Messages you send to your agent, along with facts and memories the agent stores, are kept in your isolated virtual machine. This data is used exclusively to provide you with a personalized experience.

Usage Data

We collect basic usage metrics such as message counts, feature usage, and error logs to improve the Service. We do not track your browsing activity outside of Contibot.

2. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password reset, billing)
  • Diagnose technical issues and prevent abuse
  • Comply with legal obligations

3. Data Storage & Security

Your data is stored on servers in the European Union (Hetzner, Germany). All data is encrypted at rest and in transit. API keys and secrets are stored in an encrypted vault. We use industry-standard security measures including firewalls, WireGuard VPN, and regular security audits.

4. Data Isolation

Each agent runs in its own isolated virtual machine with a dedicated database, filesystem, and network. Your conversations and memories are physically separated from other users. No shared database, no cross-contamination.

5. Third-Party Services

We use the following third-party services to operate Contibot:

  • Stripe — payment processing (subject to Stripe's privacy policy)
  • Anthropic / OpenRouter — AI model providers (conversations are sent to generate responses, subject to their usage policies)
  • Hetzner — server infrastructure (EU-based, GDPR compliant)

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data, conversations, agent memories, and configuration are permanently deleted within 30 days. Billing records may be retained for up to 7 years as required by tax regulations.

7. Your Rights

You have the right to:

  • Access your data — view and export your conversations, memories, and account information
  • Correct your data — update your profile and agent configuration at any time
  • Delete your data — permanently remove your account and all associated data
  • Withdraw consent — stop using the Service and delete your account at any time

8. Cookies

We use essential cookies only — session cookies for authentication and CSRF protection. We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party trackers are present on our site.

9. Children's Privacy

Contibot is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The effective date at the top of this page will be updated accordingly.

11. Contact

For privacy-related questions or requests, contact us at privacy@contibot.com.