Privacy Policy

Last updated: May 22, 2026

Last updated: May 22, 2026

This Privacy Policy explains how BotSpot (“BotSpot”, “we”, “us”, or “our”) processes personal data when you use our website, platform, APIs, plugins, integrations, and related services (together, the “Service”).

BotSpot is a business-to-business software-as-a-service provider based in Finland.

Company details:

  • Legal name: Botdot Oy
  • Business ID: 3550055-8
  • Address: Tyyneläntie 11, 21500 Piikkiö, Finland
  • Contact: support@bot.spot

Summary

We process data to provide, secure, maintain, and improve BotSpot’s services for business customers.

For most customer content and integration data, our customer is the data controller and BotSpot acts as a processor. For account, billing, security, service usage, website, and business relationship data, BotSpot may act as a controller.

We do not sell personal data. We do not use Customer Content to train third-party foundation models unless separately agreed with the customer.

Who This Policy Applies To

This policy applies to:

  • Customers and prospective customers.
  • Users invited to a BotSpot workspace.
  • Visitors to our website.
  • People who interact with customer websites or services where BotSpot-powered functionality is used.
  • Technical contacts, billing contacts, and support contacts.

Roles Under GDPR

BotSpot is based in Finland and is subject to the EU General Data Protection Regulation, Finnish data protection law, and other applicable privacy laws.

BotSpot usually acts as:

  • A processor when we process customer content, website content, integration data, analytics data, and related metadata on behalf of a customer.
  • A controller when we process account registration data, billing data, security logs, service usage data, website analytics, marketing communications, and customer relationship records.

Where required, we may enter into a Data Processing Agreement with customers.

Data We Process

Account and Workspace Data

We may process:

  • Name.
  • Work email address.
  • Company name.
  • Role or title.
  • Workspace membership.
  • Authentication and access details.
  • Product settings and preferences.
  • Support and communication history.

Customer Content

When customers use BotSpot, we may process content and related metadata provided by or on behalf of the customer.

This may include:

  • Website, page, product, article, or other business content.
  • Titles, descriptions, summaries, and body content.
  • URLs and source references.
  • Author, publication, language, category, tag, and media metadata.
  • Existing or generated structured data.
  • Customer-requested outputs, metadata, analytics, and related service data.

Customer Content may contain personal data if the customer includes personal data in the content.

Plugin and Integration Data

If a customer connects a BotSpot plugin, API, or integration, the integration may send data to BotSpot so we can provide the Service.

This may include:

  • Site, account, and integration configuration.
  • Selected customer content and related metadata.
  • Technical data needed to authenticate, operate, secure, and troubleshoot the integration.
  • Aggregated analytics or usage data related to connected content and BotSpot-powered functionality.
  • Error, delivery, diagnostic, and performance information.

Where possible, analytics data is aggregated before being sent to BotSpot. BotSpot-powered integrations are designed to avoid sending raw visitor IP addresses or raw user-agent strings in analytics payloads unless required for security, diagnostics, or service operation.

API, Integration, and Technical Data

We may process:

  • API keys, access tokens, and authentication data.
  • Request metadata.
  • IP addresses in security logs.
  • User-agent strings in server logs.
  • Error logs and diagnostic events.
  • Integration configuration.
  • Tenant, workspace, and organisation identifiers.
  • Security, abuse-prevention, and operational logs.

Billing and Business Data

We may process:

  • Billing contact details.
  • Company details.
  • VAT and invoicing information.
  • Subscription plan and payment status.
  • Purchase, renewal, and cancellation history.

Payment processing may be handled by a third-party payment provider. We do not intentionally store full payment card numbers on our own systems.

Website and Marketing Data

When you visit our website or interact with our marketing, we may process:

  • Pages visited.
  • Referring pages.
  • Approximate location derived from IP address.
  • Cookie identifiers, if cookies are used.
  • Newsletter, contact, or demo request information.
  • Email engagement information.

We aim to keep marketing tracking proportionate for a B2B SaaS service.

How We Use Data

We use data to:

  • Provide, maintain, and secure the Service.
  • Authenticate users and manage workspaces.
  • Operate plugins, APIs, integrations, and connected services.
  • Process customer content and generate customer-requested outputs.
  • Provide analytics, reporting, and operational dashboards.
  • Provide customer support.
  • Monitor reliability, performance, abuse, and security.
  • Improve the Service.
  • Manage subscriptions, billing, and customer relationships.
  • Comply with legal obligations.
  • Communicate service updates, security notices, and product information.

Legal Bases

When BotSpot acts as a controller, we rely on one or more of the following legal bases:

  • Contract: to provide the Service and manage customer accounts.
  • Legitimate interests: to operate, secure, improve, and promote a B2B SaaS service, communicate with business contacts, prevent abuse, and understand product usage.
  • Legal obligation: to comply with accounting, tax, regulatory, and legal obligations.
  • Consent: where required, for example for certain cookies or marketing communications.

When BotSpot acts as a processor, we process personal data according to the customer’s instructions and our agreement with the customer.

AI and Automated Processing

BotSpot may use automated or AI-assisted systems to provide parts of the Service, analyse customer-provided content, generate customer-requested outputs, improve metadata, classify content, and support related workflows.

We do not use Customer Content to train third-party foundation models unless separately agreed with the customer.

If third-party AI infrastructure is used to provide the Service, we use appropriate contractual, organisational, and technical safeguards.

Customer-requested outputs may require review before use. Customers are responsible for reviewing generated or suggested outputs and ensuring they are accurate, lawful, and appropriate for their use case.

Cookies

Our website and platform may use cookies or similar technologies for:

  • Authentication and session management.
  • Security.
  • Preferences.
  • Analytics.
  • Product improvement.

Where required by law, we ask for consent before placing non-essential cookies.

Data Sharing

We may share data with trusted service providers and partners where needed to provide, secure, support, or improve the Service.

These may include:

  • Hosting and cloud infrastructure providers.
  • Database, storage, monitoring, and logging providers.
  • Email and customer support providers.
  • Payment and billing providers.
  • Analytics and product telemetry providers.
  • Professional advisers, such as accountants and legal advisers.
  • Authorities where required by law.
  • Subcontractors or subprocessors needed to provide the Service.

We do not sell personal data.

Subcontractors and Subprocessors

We use subcontractors and subprocessors to host, operate, secure, support, and improve the Service.

Information about current subcontractors or subprocessors is available on request by contacting:

support@bot.spot

International Transfers

We aim to process and store customer data in the European Union or European Economic Area where practical.

If personal data is transferred outside the EU/EEA, we use appropriate safeguards, such as:

  • European Commission Standard Contractual Clauses.
  • Adequacy decisions.
  • Contractual, organisational, and technical safeguards.

Retention

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer retention period is required by law.

Typical retention practices:

  • Customer account and workspace data: retained while the account is active and for a reasonable period after termination.
  • Customer Content: retained while needed to provide the Service, unless deleted earlier by the customer or under contract.
  • Backups: retained for a limited period according to backup rotation schedules.
  • Security logs: retained for a limited period needed for security, abuse prevention, and troubleshooting.
  • Billing records: retained as required by accounting and tax laws.

Customers may request deletion according to their agreement with BotSpot.

Security

We use technical and organisational measures designed to protect data, including:

  • Access controls.
  • Encryption in transit.
  • Least-privilege access practices.
  • Logging and monitoring.
  • Backup and recovery procedures.
  • Secret handling practices.
  • Vendor and subcontractor review.

No system is perfectly secure, but we work to protect data in a manner appropriate for a B2B SaaS provider.

Your Rights

Depending on your location and our role, you may have rights to:

  • Access your personal data.
  • Correct inaccurate personal data.
  • Delete personal data.
  • Restrict processing.
  • Object to processing.
  • Request data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

If we process personal data on behalf of a customer, we may refer your request to that customer.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman:

https://tietosuoja.fi/en/home

Customer Responsibilities

Customers are responsible for:

  • Having a lawful basis to send content and related data to BotSpot.
  • Informing their own users, visitors, employees, contributors, and customers where required.
  • Configuring integrations and plugin settings appropriately.
  • Reviewing BotSpot-generated or suggested outputs before relying on or publishing them.
  • Responding to data subject requests where the customer is the controller.

Children’s Data

BotSpot is a B2B service and is not intended for children. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are material, we will provide reasonable notice, such as by posting an updated version on our website or notifying account administrators.

Contact

For product support or privacy questions, contact:

support@bot.spot