Privacy Policy

Bota is a service operated by Zentia Labs LLC, trading as Bota by RaX Mobility, and is responsible for the processing of data collected on bota-chat.com, contact forms, demos, onboarding flows, support, billing, and account administration.

This policy governs Bota own processing as a B2B SaaS product. It does not replace the privacy policy that each customer must provide to its end users when using Bota in its own channels.

• Sales and prospecting data: name, business email, phone number, company, fleet size, country, and operational needs.
• Account and administration data: users, roles, credentials, preferences, authentication events, and administrative activity inside the B2B portal.
• Contract and billing data: legal entity details, address, tax identifiers, billing contacts, invoices, and payment references.
• Support and implementation data: tickets, emails, configurations, domains, snippets, technical incidents, and conversation samples shared by the customer for troubleshooting.
• Technical and usage data: IP address, browser, device, cookies, logs, security events, performance, and product analytics.
• End-user operational data processed on behalf of the customer: conversational content, contact details, booking intent, attachments, and other data that the customer chooses to route through Bota.

• Respond to commercial requests, demos, product evaluations, and onboarding.
• Create and manage customer accounts, authorized users, and permissions.
• Provide the contracted conversational technology, host the infrastructure, and operate the automations enabled by the customer.
• Configure integrations, domains, web widgets, and messaging channels activated by the customer.
• Provide support, maintenance, monitoring, security, and fraud or abuse prevention.
• Manage the contractual relationship, billing, collections, and accounting or tax obligations.
• Send service communications and, where a valid basis exists, reasonable B2B product communications.

• Performance of pre-contractual steps or the contract for demos, onboarding, SaaS provision, support, and billing.
• Compliance with legal obligations relating to accounting, tax, security, and valid requests from authorities.
• Legitimate interests for security, abuse prevention, product improvement, B2B relationship management, and reasonable professional communications.
• Consent for non-essential cookies, certain optional marketing actions, and any other processing that requires it.
• For end-user operational data handled inside customer bots or channels, the customer generally acts as controller and Bota processes that data under documented instructions and the applicable data processing agreement.

• Infrastructure, hosting, authentication, email, support, monitoring, analytics, and technology providers needed to deliver the service.
• Payment processors and billing providers to manage collections, subscriptions, and payment incidents.
• Messaging platforms and third parties activated by the customer, such as WhatsApp Business or equivalent integrations.
• Professional advisers and public authorities where there is a legal obligation, defence need, or valid request.

Bota does not sell personal data. It also does not independently determine the business purposes of customer end-user operational content.

Some providers or infrastructure may operate outside the European Economic Area. When this happens, Bota applies appropriate safeguards under applicable law, such as standard contractual clauses, adequacy decisions, or reasonable supplementary technical measures.

• Leads, forms, and B2B sales conversations: up to 24 months from the last interaction, unless there is an objection or a contract is signed.
• Account, contract, and billing data: while the commercial relationship exists and afterwards for the periods required by law.
• Support and implementation tickets: usually up to 3 years after case closure.
• Security and access logs: usually up to 12 months, unless investigation or reinforced retention is required.
• Customer end-user operational data: according to customer configuration, customer instructions, technical backup windows, and the agreed deletion process.

• We apply reasonable technical and organizational measures, including access controls, encryption in transit, event logging, and vendor review.
• Internal data access is limited to authorized personnel with a functional need and confidentiality obligations.
• The processor relationship for customer operational data is governed through contract and the applicable data processing agreement, including subprocessors and security commitments.

Where applicable, you may exercise rights of access, rectification, erasure, objection, restriction, and portability with respect to data that Bota processes as its own controller.

If the request relates to end-user data collected through a customer bot, the primary route should be that customer as controller. Bota will assist the customer in its processor role where applicable.

• Requests about leads, accounts, billing, support, or use of bota-chat.com: contact Bota.
• Requests about reservations, conversations, or end-customer data belonging to a rental company: contact that rental company first.

We may update this policy to reflect legal, technical, or product changes. The current version will be published on this page together with its last update date.