Privacy Policy
How Botfinity handles and protects your personal data
Updated: June 24, 2025
Introduction
This Privacy Policy ("Policy") explains how Botfinity Inc. and its affiliates (collectively, "Botfinity", "we", "us", or "our") process Personal Data of individuals who use our voicebot, chatbot, and Gmail automation services (the "Services").
This Policy also explains your rights and choices regarding your Personal Data and how you can access or update certain information about you.
1. Categories of Personal Data We Collect
(a) Personal Data You Provide to Us
- •Chat and Text Input: Text, chat logs, or content submitted through chatbot interfaces.
- •Audio Recordings and Voice Data: Voice inputs provided while using voicebots.
- •Transcripts: Text transcripts generated from voice or chat interactions.
- •Profile Information: Name, email address, and usage preferences.
- •Feedback and Communications: Support requests, messages, and survey responses.
(b) Personal Data Collected Automatically
- •Usage Information: Interaction data such as features used and timestamps.
- •Device Information: IP address, browser type, operating system.
(c) Gmail Data (Only When You Connect Gmail)
When you explicitly connect your Gmail account using Google OAuth, we may process:
- •Gmail Metadata: Message IDs, Thread IDs, History IDs.
- •Email Content: Subject lines, message bodies, and header fields (From, To, Date).
- •Authentication Tokens: Encrypted OAuth refresh tokens required to maintain the Gmail connection.
2. Purposes of Processing Personal Data and Legal Basis
Providing the Services
To enable chatbot, voicebot, and automation features.
Legal Basis: Performance of a contract.
Voice Model Generation
To create and maintain voice models for speech synthesis.
Legal Basis: Performance of a contract; your consent.
Gmail Automation
To generate email drafts, summarize threads, and trigger workflows requested by the user.
Legal Basis: Performance of a contract; your consent.
Personalization
To tailor chatbot and voicebot behavior.
Legal Basis: Legitimate interests; consent where required.
Quality Improvement and Research
To improve system performance and troubleshoot errors.
Legal Basis: Legitimate interests. This purpose does not apply to Gmail data accessed via Google APIs.
Fraud Prevention and Security
To detect misuse and protect system integrity.
Legal Basis: Legitimate interests; legal obligation.
Communications and Support
To respond to inquiries and provide service updates.
Legal Basis: Legitimate interests; performance of a contract.
Compliance and Legal Obligations
To comply with applicable laws and legal processes.
Legal Basis: Legal obligation.
3. Google API Limited Use Compliance
Our application's use and transfer of information received from Google APIs strictly complies with the Google API Services User Data Policy, including the Limited Use requirements.
- •Google user data is used only to provide user-requested Gmail automation features.
- •Google user data is never used for advertising, profiling, or retargeting.
- •Google user data is never sold, rented, or shared with data brokers, ad networks, or analytics platforms.
- •Human access to Gmail data is strictly prohibited except when a user explicitly requests support for a specific email, to investigate security incidents or abuse, to comply with legal obligations, or with explicit case-specific user consent.
4. AI Processing of Gmail Data
Gmail data is processed only to perform actions initiated by the user.
We do not:
- •Train or fine-tune generalized AI models using Gmail data
- •Create cross-user datasets
- •Build behavioral or advertising profiles
Each user's Gmail data is processed in isolation.
5. Data Recipients
Personal Data may be shared with:
- •Affiliates: Botfinity group entities supporting the Services.
- •Service Providers: Vendors providing cloud hosting and infrastructure support.
- •Other Users: Only if you explicitly choose to share content.
- •Legal and Regulatory Authorities: When required by law.
We do not share Gmail data with advertisers or data brokers.
6. Data Security
- •All sensitive Personal Data is protected using AES-256 encryption.
- •Blind indexed hashing is used for searching without decrypting content.
- •Access is restricted to authorized automated systems and logged for audit purposes.
7. International Data Transfers
We may transfer Personal Data to service providers located in India, the United States, and other jurisdictions, using appropriate safeguards such as standard contractual clauses.
8. Data Retention and Deletion
- •Gmail Revocation: OAuth tokens are permanently deleted within 24 hours of access revocation.
- •Account Deletion: All Gmail data, processed message logs, and relationship records are deleted within 30 days.
- •Voice Data: Voice recordings and derived voice models are retained for no longer than 3 years after last interaction, unless legally required.
9. Your Rights
Depending on your jurisdiction, you may:
- •Access, correct, or delete your Personal Data
- •Restrict or object to processing
- •Request data portability
- •Withdraw consent where processing is based on consent
10. SMS / Text Messaging
- •If you provide your mobile number and opt in, we may send you SMS messages. Message frequency varies. Message and data rates may apply.
- •Mobile information (including phone numbers and SMS opt-in data) will not be sold or shared with third parties or affiliates for marketing or promotional purposes.
- •We only share this information with service providers (such as messaging carriers/platforms) as necessary to deliver these messages and operate the Services.
11. Updates to this Policy
We may update this Policy periodically. Significant changes will be communicated as required by law.
12. Contact
Botfinity Inc.
Email: hello@supermia.ai
Phone: +1 (512) 733-3085
Mailing Address: 2451 W Grapevine Mills Cir, Num 547, Grapevine, TX 76051, USA