Legal Information

1. Acceptance of Terms

By accessing and using Botistart's AI agent platform, you agree to be bound by these Terms of Service. If you disagree with any part of these terms, you may not access the service.

2. Service Description

Botistart provides AI agent management services including:

• AI agent creation, deployment, and orchestration
• Team collaboration tools for AI agents
• Performance monitoring and analytics
• Integration with external AI models and services
• Enterprise security and compliance features

3. User Responsibilities

You agree to:

• Provide accurate and complete information
• Use the service in compliance with applicable laws
• Not use AI agents for harmful, illegal, or unethical purposes
• Respect intellectual property rights
• Monitor and review AI agent outputs for accuracy and appropriateness
• Implement appropriate safeguards for AI-generated content

4. AI Usage Policies

When using our AI services, you must:

• Not attempt to reverse engineer AI models
• Avoid creating biased or discriminatory AI behaviors
• Respect rate limits and usage quotas
• Report any AI safety concerns promptly
• Use AI outputs responsibly and with human oversight

5. Intellectual Property

You retain ownership of your data and custom AI configurations. Botistart retains rights to:

• The platform software and infrastructure
• Aggregated, anonymized usage insights
• Platform improvements derived from usage patterns

6. Service Availability and Limitations

We strive for high availability but cannot guarantee:

• 100% uptime or uninterrupted service
• Accuracy of all AI-generated outputs
• Compatibility with all third-party services
• Availability of specific AI models

7. Limitation of Liability

Botistart's liability is limited to the maximum extent permitted by law. We are not liable for:

• Indirect, incidental, or consequential damages
• Decisions made based on AI outputs
• Third-party AI model performance or availability
• Data loss due to user error or force majeure

8. Termination

Either party may terminate this agreement with 30 days notice. Upon termination, you may export your data for 90 days.

1. Data Encryption

We implement comprehensive encryption protocols:

• In Transit: TLS 1.3 for all communications
• At Rest: AES-256 encryption for stored data
• AI Models: Encrypted storage of custom AI models
• Key Management: Hardware Security Modules (HSM)

2. Infrastructure Security

Our security infrastructure includes:

• Multi-cloud deployment for redundancy
• Network segmentation and micro-services architecture
• Regular penetration testing and vulnerability assessments
• 24/7 security monitoring and incident response
• DDoS protection and web application firewalls

3. AI-Specific Security Measures

Protecting AI systems requires specialized security:

• Model Isolation: Customer AI models are isolated in secure containers
• Prompt Injection Protection: Advanced filtering of AI inputs
• Output Monitoring: Real-time scanning for sensitive information
• Adversarial Defense: Protection against AI attacks
• Data Poisoning Prevention: Training data validation and sanitization

4. Access Controls

We enforce strict access controls:

• Multi-factor authentication (MFA) required
• Role-based access control (RBAC)
• Principle of least privilege
• Regular access reviews and deprovisioning
• Single Sign-On (SSO) integration

5. Compliance and Certifications

We maintain industry-standard certifications:

• SOC 2 Type II: Annual audits of security controls
• ISO 27001: Information security management
• GDPR: Data protection compliance
• CCPA: California privacy compliance
• HIPAA: Healthcare data protection (where applicable)

6. Incident Response

Our incident response process includes:

• 24/7 security operations center (SOC)
• Automated threat detection and response
• Customer notification within 24 hours of confirmed breaches
• Forensic analysis and remediation
• Post-incident reviews and improvements

7. Employee Security

Our team security measures:

• Background checks for all employees
• Regular security training and awareness programs
• Confidentiality and security agreements
• Secure development lifecycle practices
• Zero-trust security model implementation

1. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: To provide AI services as agreed
• Legitimate Interest: For service improvement and security
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws
• Vital Interest: To protect against security threats

2. Your GDPR Rights

As a data subject, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests

3. AI and Automated Decision-Making

Regarding automated decision-making and AI:

• We provide meaningful information about AI logic used
• You have the right to human intervention in AI decisions
• You can contest and request review of automated decisions
• We implement safeguards against discriminatory AI outputs
• Regular bias testing and fairness assessments are conducted

4. Data Processing Records

We maintain detailed records of:

• Categories of personal data processed
• Purposes of processing for each category
• Legal basis for each processing activity
• Data retention periods and deletion schedules
• Third-party data processors and their locations
• Technical and organizational security measures

5. International Data Transfers

For international data transfers, we ensure:

• Adequacy decisions for transfers to approved countries
• Standard Contractual Clauses (SCCs) for other transfers
• Additional safeguards for sensitive AI training data
• Regular review of transfer mechanisms
• Data localization options for EU customers

6. Data Protection Impact Assessments

We conduct DPIAs for:

• New AI processing activities
• High-risk data processing operations
• Large-scale processing of special categories
• Systematic monitoring activities
• Automated decision-making systems

7. Breach Notification

In case of a data breach, we will:

• Notify supervisory authorities within 72 hours
• Inform affected individuals when required
• Provide clear information about the breach
• Describe measures taken to address the breach
• Offer guidance on protective measures

8. Contact Information

1. What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and analyze how our AI platform is used.

2. Types of Cookies We Use

3. Third-Party Cookies

We work with third-party services that may set their own cookies:

• AI Providers: OpenAI, Anthropic (for AI model access)
• Analytics: Google Analytics, Mixpanel
• Support: Intercom, Zendesk
• Security: Cloudflare, Auth0
• Payment: Stripe (for billing)

4. Managing Your Cookie Preferences

You have several options to control cookies:

5. Cookie Retention

Different cookies have different retention periods:

• Session Cookies: Deleted when you close your browser
• Authentication: Up to 30 days
• Preferences: Up to 1 year
• Analytics: Up to 2 years
• Marketing: Up to 90 days

6. Updates to This Policy

We may update this cookie policy to reflect changes in our practices or applicable laws. We will notify you of any material changes through:

• Email notifications to registered users
• In-app notifications
• Website banners
• Updates to this page with revision dates