1. Introduction

TotBots ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our web application.

2. Information We Collect

Account Information

When you create an account, we collect:

Name
Email address
Password (stored securely using bcrypt hashing)
Google account information (if you sign in with Google)

Content You Create

We store the content you create using TotBots:

Trees of thought (topics, branches, summaries)
Chat conversations with AI assistants
Feedback you provide about the Service

Usage Information

We automatically collect:

API usage counts (to enforce daily limits)
Last login time
IP address (for rate limiting and security)

3. How We Use Your Information

We use your information to:

Provide and maintain the Service
Authenticate your account and protect against unauthorized access
Process your requests to AI features (via Claude API)
Send important service communications (welcome emails, password resets)
Enforce usage limits and prevent abuse
Improve the Service based on usage patterns and feedback

4. Third-Party Services

We use the following third-party services to operate TotBots:

Anthropic (Claude AI)

Your topics and conversations are sent to Anthropic's Claude API to generate AI responses. Anthropic processes this data according to their Privacy Policy. We use Claude's API (not consumer products), which has stronger data protection: your inputs are not used to train AI models.

Resend (Email)

We use Resend to send transactional emails (welcome, password reset). Your email address is shared with Resend solely for email delivery. See Resend's Privacy Policy.

Google OAuth (Optional)

If you choose to sign in with Google, we receive your name, email, and profile picture from Google. We only use this information for authentication.

Vercel (Hosting)

TotBots is hosted on Vercel. Vercel may collect standard web server logs (IP addresses, browser type). See Vercel's Privacy Policy.

5. Data Storage and Security

Your data is stored securely using industry-standard practices:

Database hosted on Vercel Postgres with encryption at rest
Passwords are hashed using bcrypt (never stored in plain text)
All connections use HTTPS encryption
Session tokens expire after 7 days
Rate limiting protects against abuse

6. Data Retention

We retain your data as follows:

Account data: Retained while your account is active
Trees and content: Retained until you delete them or your account
Chat history: Component chats are deleted when you update a branch; tree chats persist until deleted
Usage logs: Aggregated statistics retained for analytics; detailed logs deleted after 90 days

When you delete your account, all your personal data and content is permanently removed from our systems within 30 days.

7. Your Rights

You have the right to:

Access: Request a copy of your data
Correction: Update your account information
Deletion: Delete your account and all associated data
Export: Download your trees as JSON files
Withdraw consent: Stop using the Service at any time

To exercise these rights, contact us at contact@totbots.ai

8. Cookies

TotBots uses essential cookies only. These cookies are necessary for authentication and security (session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

TotBots is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. International Users

TotBots is operated from the United States. If you are accessing the Service from outside the US, please be aware that your information may be transferred to, stored, and processed in the US where our servers are located.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at contact@totbots.ai