Privacy Policy

Bota is a service operated by Zentia Labs LLC. Zentia Labs is responsible for the processing of data collected on the Bota website, contact forms, demos, onboarding flows, support, billing, and account administration.

This policy governs Zentia Labs own processing in relation to Bota as a B2B SaaS product. It does not replace the privacy policy that each customer must provide to its end users when deploying Bota in its own channels (website or WhatsApp).

• Sales and prospecting data: name, business email, phone number, company, fleet size, country, and operational needs.
• Account and administration data: users, roles, credentials, preferences, authentication events, and administrative activity inside the Bota B2B portal.
• Contract and billing data: legal entity details, address, tax identifiers, billing contacts, invoices, and payment references.
• Support and implementation data: tickets, emails, configurations, domains, snippets, technical incidents, and conversation samples shared by the customer for troubleshooting.
• Technical and usage data: IP address, browser, device, cookies, logs, security events, performance, and product analytics.
• End-user operational data processed on behalf of the customer: chat messages (web and WhatsApp), conversational content, booking intents, contact details, attachments, and other data that the customer chooses to route through Bota.

Bota allows users to sign in via email and password, magic link, or Google OAuth ("Sign in with Google").

When you choose to sign in with Google, we access your email address, name, and profile picture through the Google OAuth 2.0 openid, email, and profile scopes. This data is used solely to create or link your user account in Bota and to verify your identity on each sign-in.

We do not access your contacts, calendar, Drive files, or any other data from your Google account.

You can revoke Bota access to your Google account at any time from your Google account security settings at myaccount.google.com.

Bota's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Respond to commercial requests, demos, product evaluations, and onboarding.
• Create and manage customer accounts, authorized users, and permissions.
• Provide the contracted chatbot service, host the infrastructure, process messages through AI (LLM), and operate the automations enabled by the customer.
• Configure integrations, domains, web widgets, and messaging channels (including WhatsApp Business) activated by the customer.
• Provide support, maintenance, monitoring, security, and fraud or abuse prevention.
• Manage the contractual relationship, billing, collections, and accounting or tax obligations.
• Send service communications and, where a valid basis exists, reasonable B2B communications about Bota.

• Performance of pre-contractual steps or the contract for demos, onboarding, Bota provision, support, and billing.
• Compliance with legal obligations relating to accounting, tax, security, and valid requests from authorities.
• Legitimate interests for security, abuse prevention, product improvement, B2B relationship management, and reasonable professional communications.
• Consent for non-essential cookies, certain optional marketing actions, and any other processing that requires it.
• For end-user operational data handled inside Bota (chat messages, WhatsApp conversations, booking intents), the customer generally acts as controller and Zentia Labs processes that data under documented instructions and the applicable data processing agreement.

• Infrastructure, hosting, authentication, email, support, monitoring, analytics, and technology providers needed to deliver Bota.
• Language model providers (Anthropic Claude) to generate the AI conversational responses.
• Payment processors and billing providers to manage collections, subscriptions, and payment incidents.
• Messaging platforms activated by the customer, such as WhatsApp Business, when the customer configures them in Bota.
• Professional advisers and public authorities where there is a legal obligation, defence need, or valid request.

Zentia Labs does not sell personal data. It also does not independently determine the business purposes of customer end-user conversational content.

Some providers or infrastructure may operate outside the European Economic Area. When this happens, we apply appropriate safeguards under applicable law, such as standard contractual clauses, adequacy decisions, or reasonable supplementary technical measures.

• Leads, forms, and B2B sales conversations: up to 24 months from the last interaction, unless there is an objection or a contract is signed.
• Account, contract, and billing data: while the commercial relationship exists and afterwards for the periods required by law.
• Support and implementation tickets: usually up to 3 years after case closure.
• Security and access logs: usually up to 12 months, unless investigation or reinforced retention is required.
• Customer end-user operational data (chat messages, WhatsApp conversations): according to customer configuration, customer instructions, technical backup windows, and the agreed deletion process.

• We apply reasonable technical and organizational measures, including access controls, encryption in transit, event logging, and vendor review.
• Internal data access is limited to authorized personnel with a functional need and confidentiality obligations.
• The processor relationship for customer operational data is governed through contract and the applicable data processing agreement, including subprocessors and security commitments.

Where applicable, you may exercise rights of access, rectification, erasure, objection, restriction, and portability with respect to data that we process as our own controller.

If the request relates to end-user data collected through Bota deployed by a customer, the primary route should be that customer as controller. Zentia Labs will assist the customer in its processor role where applicable.

• Requests about leads, accounts, billing, support, or use of our website: contact us at privacy@bota-chat.com.
• Requests about chat conversations, WhatsApp messages, or end-customer data belonging to a rental company: contact that rental company first.

We may update this policy to reflect legal, technical, or product changes. The current version will be published on this page together with its last update date.