Botchi

Security

Last updated: July 6, 2026

How Botchi protects accounts, business data, and AI workflows.

Security controls

ControlHow Botchi handles it
Access controlWorkspace access is role-based. Business dashboard roles separate viewer, editor, and owner permissions, with sensitive governance actions reserved for owners.
EncryptionTraffic is protected with TLS. Sensitive credentials and selected business records are encrypted at rest, with account-scoped encryption controls where supported by the product architecture.
AI retention controlsProduction AI Gateway traffic uses retention and provider controls where supported, including zero data retention, prompt-training restrictions, provider allowlists, and log minimization.
Credential handlingOAuth tokens and custom credentials are stored for the connected tools users enable and are protected with encryption and least-privilege service access.
Logging disciplineOperational logs are used for reliability, security, usage limits, and billing. Botchi aims to avoid logging raw prompts, outputs, files, secrets, or tool payload bodies.
Human oversightAI outputs can be inaccurate. Botchi is designed for review and approval workflows, especially before external actions such as sending messages or changing connected systems.

AI processing

Botchi sends only the context needed for a requested AI feature or automation. Depending on the feature, this may include conversation text, files, memory, profile settings, tool outputs, connected-service context, and generation metadata.

For production AI Gateway traffic where supported, Botchi uses zero data retention, prompt-training restrictions, provider allowlists, and log minimization. These controls reduce retention and training risk, but they do not mean every AI request is processed only inside the European Economic Area.

Users must not submit health information, financial account numbers, government-issued identifiers, identity documents, credentials, private keys, special-category data under GDPR, or similar regulated information to AI features unless a specific feature or written agreement expressly allows it.

Data residency and transfers

Botchi is a global service. Data may be processed in the United States, the European Union, or other locations depending on the provider and feature. Where required, transfers use safeguards such as data processing agreements, adequacy decisions, Standard Contractual Clauses, and supplementary technical and organizational measures.

Botchi does not promise EU-only processing under the default service configuration. If a customer needs EU-only or no-US processing, that must be evaluated and agreed separately.

Incident and data requests

For security concerns, privacy requests, or suspected improper disclosure of data, contact hello@botchi.ai. Include the affected workspace, approximate time, and a concise description of the issue.

Related pages