Privacy Policy

Botflow LLC ("Botflow," "we," "us," or "our") is a limited liability company incorporated in North Carolina. We operate the Botflow platform, accessible at botflow.io, which is powered by OpenVibeCode — our source-available development environment that lets you build full-stack applications directly in the browser.

Questions about this Privacy Policy can be directed to awkohler@botflow.io.

• Providing, operating, and improving the Botflow platform.
• Authenticating your identity and securing your account.
• Storing and serving your project files and settings.
• Processing GitHub operations on your behalf when you use the GitHub integration.
• Sending transactional emails (e.g., account notifications) through Clerk.
• Responding to your support requests.
• Detecting and preventing abuse, fraud, or security incidents.
• Complying with applicable laws and enforcing our Terms of Service.

We do not sell your personal information to third parties. We do not use your project code to train AI models without your explicit consent.

We share data only in the following limited circumstances:

• Service providers: Clerk (authentication & billing), Neon (database), UploadThing (file storage), Vercel (hosting), and AI providers (OpenAI, Anthropic, Fireworks AI) — solely to provide the services you use.
• Legal requirements: When required by law, regulation, or valid legal process.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections applied.
• With your consent: In any other case where you have given explicit permission.

We retain your account and project data for as long as your account remains active. If you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or compliance purposes. Uploaded files hosted by UploadThing are subject to UploadThing's own retention policies.

Botflow uses cookies and similar technologies set by Clerk to maintain authentication sessions. We do not use advertising or behavioral-tracking cookies. You can control cookies through your browser settings, but disabling session cookies will prevent you from staying logged in.

We implement industry-standard security measures, including TLS encryption for data in transit and access controls for data at rest. However, no system is completely secure. We encourage you to use a strong, unique password and to protect your account credentials.

Botflow is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently done so, please contact us at awkohler@botflow.io and we will delete the information promptly.

Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or delete it. To exercise any of these rights, contact us at awkohler@botflow.io. We will respond within the timeframe required by applicable law.

North Carolina residents may also have rights under the North Carolina Identity Theft Protection Act and any applicable state data-privacy legislation.

The platform may contain links to third-party websites or services. This Privacy Policy does not apply to those services, and we encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If changes are material, we will notify you via email or a prominent notice within the platform. Continued use of Botflow after changes take effect constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, please contact us: