PRIVACY POLICY
Your data is yours. We built Botmem to keep it that way.
Last updated: March 2026
01. INFORMATION WE COLLECT
We collect the following categories of information:
- Account information — your email address and a hashed password. We never store your password in plaintext.
- Connector data — when you connect services like Gmail, Slack, WhatsApp, iMessage, or Photos, we ingest emails, messages, photos, locations, and contact information from those services at your direction.
- Usage analytics — we use PostHog to collect anonymous usage data such as page views and feature usage. This helps us understand how to improve the product. No connector data is sent to PostHog.
02. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:
- Providing the service — ingesting, normalizing, enriching, and indexing your memories so you can search and retrieve them.
- Improving the product — analyzing aggregate, anonymized usage patterns to build better features.
- Service communications — sending critical emails about your account, security alerts, or material changes to the service. We do not send marketing emails.
03. DATA STORAGE & SECURITY
All sensitive data is encrypted at rest using AES-256-GCM. Your connector credentials, OAuth tokens, and memory data are encrypted before being written to the database.
Botmem uses a recovery key system for encryption. Your recovery key is generated on signup and shown to you once. We store only a SHA-256 hash of this key — we never have access to the key itself. This means we cannot decrypt your data, even if compelled to.
Data is stored on secured infrastructure with encrypted disks, restricted network access, and regular security updates.
04. SELF-HOSTED VS PRO
Self-hosted (Free)
All data stays on your hardware. You control the database, the encryption keys, and the infrastructure. Zero telemetry is sent by default — you opt in to analytics if you choose.
Pro ($14.99/mo)
Your data is hosted on our managed infrastructure. All data is encrypted at rest with your recovery key. Because we never store your recovery key, we cannot read your encrypted data. You retain full ownership and can export or delete at any time.
05. THIRD-PARTY SERVICES
Botmem integrates with the following third-party services:
- Connector OAuth providers — Google (Gmail), Slack, and WhatsApp for authentication and data access. These services have their own privacy policies.
- PostHog — for product analytics. PostHog receives anonymous usage events, never your personal data or memories.
- AI processing — Ollama (self-hosted default) or OpenRouter (cloud option) for embedding generation and text enrichment. When using Ollama, no data leaves your network. When using OpenRouter, text snippets are sent for processing under their data processing terms.
06. DATA RETENTION
We retain your data for as long as your account is active. If you delete your account, all associated data — memories, contacts, connector credentials, raw events, and vectors — are permanently deleted from our systems. There is no soft delete.
Backups that contain your encrypted data are rotated and permanently destroyed within 30 days of account deletion.
07. YOUR RIGHTS
You have the right to:
- Export all your data — download a complete copy of your memories, contacts, and metadata at any time via the API or CLI.
- Delete your account — permanently remove all data from our systems. This action is irreversible.
- Opt out of analytics — disable PostHog tracking in your account settings. Self-hosted users have analytics disabled by default.
09. CHANGES TO THIS POLICY
If we make material changes to this privacy policy, we will notify you via email at the address associated with your account at least 30 days before the changes take effect. Non-material changes (such as formatting or clarifications) may be made without notice.
You can always find the current version of this policy at botmem.xyz/privacy.
10. CONTACT
If you have questions about this privacy policy or how we handle your data, contact us at: