CavBot

Privacy

Privacy Policy Table of Contents and Sections

This Privacy Policy explains how CavBot (“CavBot,” “we,” “our,” or “us”) collects, uses, discloses, stores, and protects personal information obtained through our official products, websites, communications, and digital environments, including cavbot.io, app.cavbot.io, connected CavBot product surfaces, our support channels, and any other services that link to or reference this Privacy Policy (collectively, the “Services”).

CavBot approaches data as an operational responsibility. We collect only the information reasonably necessary to operate, secure, improve, and support the Services, and we handle that information with structured controls designed to preserve user trust, system integrity, and legal compliance.

By accessing or using the Services, you acknowledge that your information may be collected and processed as described in this Privacy Policy. If you do not agree with these practices, you should not use the Services.

For privacy-related questions, requests, or complaints, contact us at privacy@cavbot.io or support@cavbot.io. If you need this policy in an alternative format, you may request one through the same contact channel.

I.

Categories of Personal Information We Collect

At CavBot, the categories of information we collect depend on how you interact with the Services. Some information is provided directly by you, some is collected automatically when you use the platform, and some may be received from service providers, integrations, or workspace administrators.

Over the preceding twelve (12) months, CavBot may have collected and processed the categories below.

I.I Account and Contact Information

  • Full name
  • Username or display name
  • Email address
  • Telephone number, where provided
  • Company or organization name
  • Billing or mailing address, where applicable
  • Support and contact preferences

This information is typically collected when you create an account, request support, subscribe to communications, join a workspace, register interest in Services, or contact us directly.

I.II Authentication and Security Information

  • Account credentials or credential-derived data
  • Password hashes and authentication tokens
  • Session identifiers
  • Multi-factor authentication data, when enabled
  • Security preferences and access settings
  • Login and session history used for account protection

I.III Billing, Subscription, and Transaction Information

  • Billing name and billing address
  • Subscription tier and plan history
  • Transaction records and invoice metadata
  • Payment confirmations and status events
  • Processor metadata required to administer subscription lifecycle

When payments are handled by third-party processors, CavBot may not store full card numbers or full payment credentials directly.

I.IV Workspace, File, and Artifact Information

  • File names, folder names, and storage paths
  • Artifact metadata and workspace structures
  • Upload timestamps and operation history
  • Sharing, publication, and collaboration state
  • File previews generated in platform workflows

This information supports CavCloud, CavSafe, CavCode Viewer, and related collaboration and publication workflows.

I.V AI Inputs, AI Outputs, and Interaction Data

  • Prompts, instructions, and requests submitted to AI features
  • Generated outputs and responses
  • Selected model preferences and tool modes
  • Attached files, images, transcripts, or content submitted to AI workflows
  • Session history and context where retained in Services

I.VI Diagnostic, Operational, and Telemetry Data

  • Route and page activity
  • Error and fault events
  • Diagnostics records and runtime health signals
  • Event activity and operational metadata
  • API activity and request-level logs

I.VII Internet, Device, and Electronic Activity

  • IP address, browser type, and operating system
  • Device/browser-derived identifiers
  • Pages viewed, feature usage, and session duration
  • Referral URLs and clickstream/navigation behavior
  • Approximate region inferred from IP address

I.VIII Communications and Support Data

  • Support messages and tickets
  • Feedback, comments, and survey responses
  • Troubleshooting notes and account assistance records
  • Support and communication preferences

I.IX Inferences and Product Preferences

  • Workspace and feature preferences
  • Engagement patterns and workflow tendencies
  • Approximate usage intensity and account maturity indicators

CavBot uses these inferences to improve experience design, support quality, and feature relevance. They are not used to make hidden or unfair decisions about you.

II.

Sources of Personal Information

CavBot collects personal information from clearly defined sources. The source depends on how you use the Services and whether you engage with CavBot through public pages, authenticated workspaces, AI surfaces, or direct communications.

II.I Information You Provide Directly

We collect information you choose to provide when you:

  • Create or manage an account
  • Join or administer a workspace
  • Subscribe to a plan or service
  • Upload files or artifacts
  • Use CavAi and related product workflows
  • Contact support or request assistance
  • Submit forms on marketing or product pages
  • Participate in demos, pilots, or onboarding

II.II Information Collected Automatically

When you use Services, certain information is collected automatically through logs, cookies, analytics tooling, telemetry mechanisms, and related technologies.

II.III Information From Workspace Administrators or Collaborators

  • Invitation and onboarding details
  • Role assignments and permission scopes
  • Workspace affiliation and team access settings
  • Shared files and collaboration state

II.IV Information From Service Providers and Integrations

CavBot may receive limited information from providers and integrations that support Service delivery, such as payment, cloud infrastructure, analytics, authentication, email delivery, and AI model processing providers. Each source must have a lawful and operationally justified relationship to the Services.

III.

Purposes for the Collection and Use of Personal Information

CavBot collects and processes personal information only for identified, lawful, and reasonably necessary purposes tied directly to operating, securing, supporting, and improving the Services.

III.I Account Creation, Access, and Service Delivery

  • Create and maintain accounts
  • Authenticate users and sessions
  • Manage subscriptions and service entitlements
  • Operate workspace membership, permissions, and access control
  • Deliver features across connected CavBot product surfaces and related workflows

III.II AI Functionality and Contextual Processing

  • Respond to prompts and requests
  • Generate structured outputs for reasoning, coding, summaries, and research workflows
  • Maintain context continuity where history or workspace state is enabled
  • Enforce guardrails, plan entitlements, role restrictions, and abuse prevention

III.III File Storage, Collaboration, and Publication Workflows

  • Store and organize files and folders
  • Manage artifact workflows and file movement
  • Support secure sharing and collaboration controls
  • Enable previews, validation, and publication workflows

III.IV Diagnostics, Reliability, and Platform Operations

  • Detect and surface platform issues
  • Track operational events and runtime signals
  • Support diagnostics and monitoring workflows
  • Improve service stability and performance

III.V Security, Fraud Prevention, and Abuse Detection

  • Monitor suspicious or unauthorized activity
  • Investigate misuse, fraud, abuse, and attempted compromise
  • Enforce platform restrictions and account controls
  • Preserve audit records relevant to security and compliance

III.VI Support, Communications, and Service Notices

  • Respond to support requests and troubleshooting needs
  • Send service notices and product-related updates
  • Provide onboarding and account communications

III.VII Product Improvement and Internal Analysis

  • Improve product clarity and usability
  • Identify friction and adoption patterns
  • Evaluate aggregate service usage and reliability outcomes

Where possible, CavBot relies on aggregated, de-identified, or non-attributable information for internal analytics and product development.

III.VIII Legal, Regulatory, and Rights Protection

  • Comply with applicable law and lawful requests
  • Enforce terms, policies, and contractual rights
  • Respond to disputes, claims, or investigations
  • Protect the rights, safety, and integrity of CavBot, users, and third parties
IV.

Cookies, Analytics, and Other Tracking Technologies

CavBot uses cookies, local storage, and related technologies to run authentication, preserve workspace selections, improve reliability, and measure performance.

IV.I Authentication and Session Technologies

  • Session cookies such as cavbot_session are used to authenticate signed-in users.
  • Security and verification cookies may be used during account recovery and challenge flows.
  • Workspace pointer cookies (for example, cb_active_project_id) help restore active context.

IV.II Functional Storage and Preference Signals

  • Browser storage may retain interface, profile, or workspace preferences.
  • CavAi client state and diagnostics preferences may be stored locally for continuity and debugging.

IV.III Analytics and Performance Instrumentation

  • Marketing pages use CavBot analytics scripts, including cavai-analytics-v5.js and cavai.min.js.
  • Services collect route, runtime, interaction, and error signals to support reliability monitoring.

IV.IV Managing Cookie and Storage Preferences

You can manage cookies through browser controls and delete local storage at any time. Disabling certain technologies may impact authentication, workspace continuity, and feature availability.

V.

AI Systems, Model Providers, and User Inputs

CavBot provides AI-assisted features through CavAi and related modules. When you use these features, prompts, attachments, outputs, and contextual state may be processed to complete requested tasks.

V.I AI Provider Processing

CavBot currently uses third-party model infrastructure that may include Alibaba Qwen and DeepSeek model families. Provider rosters may evolve as CavBot changes infrastructure or model policy.

V.II Scope of AI Data

  • User prompts and instruction text
  • Files, snippets, media, and structured context submitted to AI workflows
  • Model selections, workflow mode, and inference metadata
  • Generated outputs, summaries, and follow-up actions

V.III AI Safety, Policy, and Abuse Controls

AI requests are subject to product policy, entitlement, and abuse-prevention controls, including guardrails that may restrict model access, action classes, or output pathways based on account state, plan limits, and security conditions.

V.IV Provider Terms and Retention

Third-party providers may process data under their own legal obligations and technical controls. Where applicable, provider-level retention may be used for abuse prevention, reliability, legal compliance, or safety monitoring. CavBot configures provider usage through contractual and operational controls.

VI.

Workspace Files, Storage, and Collaboration Data

CavBot supports file and workspace operations across modules including CavCloud, CavSafe, CavCode, CavCode Viewer, and connected workflows. Personal information may be embedded in uploaded content, file metadata, comments, and collaboration artifacts.

VI.I Storage and Access Scope

  • Files and artifacts are processed to provide storage, previews, organization, and retrieval.
  • Access to workspace content is controlled by account role, project scope, and permission settings.
  • Operational logs may record upload/download actions and sharing or publication events.

VI.II Collaboration and Sharing

  • Workspace administrators can provision users, adjust roles, and manage collaboration permissions.
  • Shared artifacts may become accessible to intended recipients under selected sharing state.
  • Public profile and artifact features are controlled by configuration and user/workspace settings.

VI.III Customer Responsibility for Content

Users and workspace administrators are responsible for ensuring that content uploaded to Services is authorized for processing and does not violate law, contract, or third-party rights.

VII.

Disclosure of Personal Information and Third-Party Service Providers

CavBot discloses personal information only as needed to operate Services, support customers, comply with law, or protect rights and security.

VII.I Service Provider Categories

  • Payment processing providers (including Stripe)
  • Email and transactional messaging providers (including Resend)
  • Authentication and identity providers (including Google and GitHub when selected by users)
  • Cloud, edge, and content-delivery providers used to host and operate Services
  • AI model and inference providers used to deliver CavAi workflows

VII.II Legal and Safety Disclosures

CavBot may disclose information when required by applicable law, legal process, or enforceable government request, and when reasonably necessary to detect, investigate, or prevent security events, fraud, abuse, or violations of terms.

VII.III Corporate Transactions

If CavBot is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law.

VII.IV Sales of Personal Information

CavBot does not sell personal information to data brokers for monetary consideration.

VIII.

Security, Retention, and Administrative Controls

VIII.I Security Program

  • Encryption in transit for network communication
  • Authentication hardening, signed sessions, and access control boundaries
  • Role-based permissions and workspace scoping controls
  • Monitoring, diagnostics, and incident response processes

VIII.II Retention

CavBot retains personal information only for as long as reasonably necessary to provide Services, satisfy legal and contractual obligations, resolve disputes, maintain security records, and enforce agreements. Retention periods vary by data type and system function.

VIII.III Deletion and Residual Copies

When data is deleted, residual copies may remain in backups or archival systems for limited periods consistent with disaster recovery, legal, and operational requirements.

VIII.IV Security Limitations

No system is absolutely secure. While CavBot applies layered controls, we cannot guarantee absolute security of all transmissions or stored information.

IX.

Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information. These may include rights to:

  • Know what information we collect and how we use it
  • Access a copy of personal information
  • Request correction of inaccurate personal information
  • Request deletion of personal information, subject to exceptions
  • Object to, restrict, or request portability where applicable
  • Withdraw consent where processing relies on consent
  • Opt out of marketing communications

To exercise rights, email privacy@cavbot.io. CavBot may verify your identity before completing a request and may decline requests where permitted by law.

X.

California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), including rights to:

  • Know categories and specific pieces of personal information collected, used, and disclosed
  • Request deletion of personal information, subject to legal exceptions
  • Request correction of inaccurate personal information
  • Not be discriminated against for exercising privacy rights

CavBot does not sell personal information for money. To submit a California privacy request, email privacy@cavbot.io. Authorized agents may submit requests on your behalf where permitted by law.

XI.

Privacy Rights in the EEA, Switzerland, and the United Kingdom

If you are located in the EEA, Switzerland, or the United Kingdom, applicable data protection laws may provide additional rights and protections.

XI.I Legal Bases

CavBot may process personal information under legal bases that include contract performance, legitimate interests, consent, and legal obligations.

XI.II Data Subject Rights

  • Access, rectification, erasure, and restriction rights
  • Data portability rights where technically feasible
  • Objection rights for certain processing activities
  • Right to lodge a complaint with a supervisory authority

XI.III International Transfers

Personal information may be processed outside your jurisdiction. Where required, CavBot applies transfer mechanisms such as contractual safeguards to support lawful international data transfers.

XII.

Use of Services by Minors

CavBot Services are not directed to children under 13 and are not intended for use by minors where such use is prohibited by applicable law. We do not knowingly collect personal information directly from children under 13.

If you believe a child has provided personal information to CavBot, contact privacy@cavbot.io so we can review and take appropriate action.

XIII.

Policy Governance & Revisions

CavBot may revise this Privacy Policy to reflect changes in Services, legal obligations, provider relationships, or data practices. When material changes occur, we update the "Last Updated" date and may provide additional notice through website or in-product channels.

Your continued use of Services after an updated policy becomes effective indicates acceptance of the revised terms, to the extent permitted by law.