← Botchi

Privacy Policy

Last updated: May 22, 2026

Botchi is an AI assistant that helps you chat, organize files, manage memories, create documents, schedule tasks, and connect to services you choose to use. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

By using Botchi (the mobile app, this website, and our backend services, together the “Service”), you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who We Are

Botchi is operated by the team behind Botchi (the “Company”, “we”, “us”). For privacy questions or to exercise your rights, you can reach us at info@sealo.app.

2. Information We Collect

We collect information in three ways: information you provide, information generated as you use the Service, and information from third-party providers you choose to connect.

Account and identity

When you create or sign in to an account through WorkOS AuthKit, we receive your email address, a unique user identifier, session identifiers, email verification status, and any profile information made available by the sign-in method you use, such as your name or profile picture. We may also store your timezone, preferred language, invite or waitlist state, terms acceptance timestamp, and account or team membership information.

Chat content and attachments

Messages you send to Botchi, assistant responses, uploaded files, images, generated documents, generated images, voice recordings, contact cards, location attachments, reactions, tool results, and related metadata are stored on our backend so conversations can be resumed across devices, files can be opened later, and future replies can use relevant context. File metadata may include filenames, media types, sizes, storage paths, extraction status, and timestamps.

Memory and personalization

Botchi can remember facts, preferences, communication style, account context, assistant profile settings, app settings, tool permissions, approvals, tasks, calendar items, and other context you share so it can be more useful over time. These records are stored with your account and can be inspected, changed, or deleted where the app provides controls.

Connected services

If you connect a third-party service, we store the OAuth tokens, refresh tokens, account identifiers, email address or profile identifiers returned by that provider, selected scopes, and connection settings needed to call the service on your behalf. Tokens and custom credentials are encrypted at rest. We only request the scopes needed for the tools you enable, and we call connected services when you ask Botchi to do something, when you approve an action, or when you configure an automation that requires that provider.

Connected services can include Google services (Gmail, Google Calendar, Drive, Sheets, Slides, Tasks, Contacts, Maps, and Google Health), Microsoft services (Outlook, Calendar, Drive, Tasks, Contacts, OneNote, Excel, and Teams), Apple Music, Spotify, Notion, Instagram, Strava, Oura, Whoop, IMAP/SMTP email accounts, and custom integrations you configure. Depending on what you connect and ask Botchi to do, provider data may include emails, drafts, attachments, calendar events, tasks, contacts, files, spreadsheets, presentations, notes, health or fitness summaries, music library information, social media metadata, messages, comments, and place or routing information. Relevant parts of this data may be stored in chat history, files, memory, task records, or tool logs so Botchi can show results and keep context.

Subscription and billing

Subscriptions are processed by RevenueCat together with the Apple App Store and Google Play. We do not receive or store your payment card details. We do receive subscription status, product identifiers, and the current billing period so we can grant access to paid features and track your remaining usage budget. If you buy business or web-based plans where available, Stripe may process the payment and provide customer, subscription, invoice, and checkout metadata. Store providers and payment processors may retain transaction records under their own legal and accounting obligations.

Device and technical information

We collect basic device and app information needed to deliver the Service: app version, runtime version, operating system, device model, manufacturer or brand, language, timezone, network status, push notification tokens if you enable notifications, and approximate request metadata such as IP address, timestamps, headers, and backend request identifiers. We also process local app state such as sound settings, appearance settings, cached previews, and session state on your device.

Usage analytics

We use PostHog to understand how the app is used and to monitor reliability and cost. Analytics events include account identifiers, feature usage, onboarding and purchase events, tool connection events, tool approval events, message and attachment workflow events, performance metrics, and AI usage telemetry such as model name, input tokens, output tokens, total tokens, and estimated cost. Server-side warning and error logs may also be forwarded to PostHog as reliability events. We do not sell analytics data.

Waitlist, support, and feedback

If you join a waitlist, submit a feature request, contact support, or report a problem, we collect the details you submit, your account identifier, your email address if needed for a reply, and relevant technical context such as app version, device information, timestamps, and logs.

Information from device permissions

With your explicit permission, the mobile app may access:

  • Photos and camera - to attach images to chat, set visual preferences, or create files from images you choose.
  • Microphone and speech recognition - to record and transcribe voice messages.
  • Location — only when you explicitly ask to share your location in a chat.
  • Contacts - to let you choose a contact card to attach in chat. We do not import your full address book unless you choose contacts to share.
  • Notifications — to deliver replies and reminders.
  • Files and documents — when you pick a file to attach.

You can revoke any of these permissions at any time from your device settings.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To generate responses, run tools, and execute the actions you ask the assistant to perform.
  • To personalize the assistant using your stored memory, preferences, and connected services.
  • To manage your account, subscriptions, and usage budget.
  • To store and sync your chats, files, memories, tasks, calendars, settings, connected tools, approvals, and generated artifacts across devices.
  • To send you transactional notifications (for example replies to your messages or important account updates).
  • To process purchases, prevent fraud, enforce usage limits, and reconcile account billing.
  • To monitor stability, prevent abuse, and protect the Service and its users.
  • To comply with legal obligations and enforce our terms.

4. AI Processing

To generate responses and structured outputs, Botchi sends the relevant parts of your conversation, attachments, memory, profile, tool outputs, and connected-service context to AI infrastructure, including Vercel AI Gateway and underlying model providers such as Google, Anthropic, OpenAI, OpenRouter, and other providers we configure for a given model. The data sent is limited to what is needed to complete your request or configured automation.

We may also use AI or media services to transcribe audio, extract text from documents, search the web, generate images, render documents, summarize files, create memories, classify tasks, and evaluate tool results. Model providers process data to return the requested output and may temporarily retain prompts, outputs, or metadata for safety, abuse prevention, reliability, or legal reasons according to their own policies and our provider agreements. We log token usage and estimated cost so we can operate usage limits and billing.

5. Service Providers and Sharing

We do not sell your personal information. We share information only with trusted providers who help us operate the Service, under agreements that limit their use of the data:

  • WorkOS - account authentication, AuthKit hosted sign-in, sessions, and identity management.
  • Convex - primary database and file storage for chats, memory, files, and settings.
  • Vercel - hosting, backend execution, observability, and AI Gateway routing.
  • RevenueCat, Apple App Store, Google Play - subscription processing.
  • Stripe - business or web checkout, subscription, invoice, and payment processing where those plans are available.
  • AI and media providers - model routing and generation through Vercel AI Gateway and configured providers such as Google, Anthropic, OpenAI, OpenRouter, and image, transcription, or rendering providers.
  • Google APIs - when you connect Gmail, Calendar, Drive, Contacts, Tasks, Sheets, Slides, Maps, or Google Health, we call Google services on your behalf using the OAuth tokens you authorized.
  • Microsoft Graph - when you connect Microsoft services such as Outlook, Calendar, Drive, Tasks, Contacts, OneNote, Excel, or Teams, we call Microsoft services on your behalf.
  • Other connected providers - Apple Music, Spotify, Notion, Instagram, Strava, Oura, Whoop, IMAP/SMTP email providers, and any custom integrations you choose to configure.
  • Unsplash and web sources - search results, image assets, and attribution metadata when you ask Botchi to search the web or use stock imagery.
  • PostHog - product analytics and error logging (EU region).
  • Expo - app delivery, over-the-air updates, and push notification routing.

We may also disclose information when required by law, to protect rights and safety, or in connection with a corporate transaction (such as a merger or acquisition), in which case we will notify you and ensure equivalent protection.

We do not sell connected-service data or use it for advertising. For Google user data specifically, our use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide or improve user-facing Botchi features you request or configure; we do not use Google user data to train generalized AI or machine-learning models. If you ask Botchi to summarize, analyze, transform, or act on Google data, the relevant content may be sent to AI providers only as needed to complete that request.

6. International Transfers

Botchi is a global service. Your information may be processed in countries other than your own, including the United States and the European Union, depending on the provider. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

7. Data Retention

We keep your information for as long as your account is active or as needed to provide the Service. You can delete individual messages, files, memories, tasks, calendar records, and connected service links where the app provides those controls. Deleted files may remain in a recoverable trash or backup state for a limited period before permanent deletion.

When you delete your account, we revoke or delete stored OAuth tokens where possible, delete your WorkOS user, purge account data from our primary database and storage, and clear local app session state. Some information may be retained where required for legal, tax, accounting, dispute resolution, security, fraud prevention, or abuse-prevention reasons, such as transaction records, audit records, and limited server logs.

Aggregated and de-identified analytics may be retained indefinitely.

8. Security

We use practical technical and organizational measures to protect your information, including TLS in transit, access controls, encryption at rest for sensitive OAuth tokens and custom credentials, secure token storage on device, least-privilege service access, and monitoring for reliability and abuse. No method of transmission or storage is fully secure; we cannot guarantee absolute security, but we work to protect your data and respond quickly to incidents.

9. Your Rights

Depending on where you live, you may have rights regarding your personal data, including the right to:

  • access the data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your account and associated data;
  • export a copy of your data in a portable format;
  • object to or restrict certain processing, including analytics;
  • withdraw consent for processing that is based on consent;
  • lodge a complaint with your local data protection authority.

You can manage or delete much of your data directly inside the app, including account deletion from the Account screen. You can disconnect third-party services from settings, revoke permissions from your device settings, and use provider dashboards such as Google, Microsoft, Apple, or Spotify to revoke access externally. You can also reset your Botchi app data from the Account screen: reset removes chats, files, memory, agent profile, app settings, and connected-service tokens while keeping your authentication account, store subscription, and billing ledger. To exercise any other right, write to us at info@sealo.app. We may need to verify your identity before acting on your request.

10. Children

Botchi is not directed to children under 13 (or the minimum age required in your country to consent to the processing of personal data). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Third-Party Links and Services

Botchi can interact with third-party services on your behalf (for example, sending an email via Gmail, creating a Microsoft calendar event, searching Google Maps, or updating an Apple Music playlist). Those services have their own privacy policies and terms, which apply to the data they receive and to actions taken in their products. You are responsible for reviewing the policies of services you connect.

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date and, when appropriate, notify you in the app or by email.

13. Contact

For any privacy question or request, contact us at info@sealo.app.