Privacy Policy
Effective date: May 17, 2026 · Last updated: May 17, 2026
1. Who We Are
Moxabot is a product of Bright Tier Solutions LLC, a US limited liability company. When this policy says "we", "us", or "our", it refers to Bright Tier Solutions LLC. When it says "you" or "your", it refers to the individual or organisation accessing or using Moxabot.
Address: Bright Tier Solutions LLC, United States.
Contact email: privacy@moxabot.com
2. Data We Collect
We collect only what is necessary to provide and improve the service.
| Category | Examples | Why we collect it |
|---|---|---|
| Account data | Name, work email, password hash, company name | Create and manage your workspace |
| Billing & payment data | Cardholder name, last 4 digits, billing address | Process subscriptions via Stripe; issue receipts |
| Usage data | Pages visited, features clicked, session duration, browser type, IP address | Product analytics, security, abuse prevention |
| Conversation data | Messages between your agents and your end-customers routed through Moxabot | Core service delivery; AI reply generation |
| Integration credentials | OAuth tokens for WhatsApp Business, Instagram, YouTube, Shopify, etc. | Connect third-party channels on your behalf |
| Device & log data | IP address, user agent, error logs, timestamps | Security monitoring, debugging |
We do not collect Sensitive Personal Data (health, biometrics, financial account numbers) unless you explicitly add such data in your conversation content — in which case you are the data controller for that content.
3. Lawful Basis for Processing
We process personal data on the following bases:
- Consent — for marketing communications and non-essential cookies. You may withdraw consent at any time (see Section 8).
- Contract performance — processing necessary to deliver the services you subscribed to.
- Legal obligation — tax records, audit trails, and disclosures required by applicable law.
- Legitimate interest — security monitoring, fraud prevention, and service improvement, where your rights are not overridden.
Consent is collected separately from acceptance of Terms of Service and is never bundled or pre-ticked.
4. How We Use Your Data
- Provide, maintain, and improve the Moxabot platform.
- Process subscription payments and issue receipts through Stripe.
- Send transactional emails (billing receipts, account alerts, invite links).
- Send product update and marketing emails — only with your separate consent; unsubscribe is one click.
- Train or improve AI models — we do not use your customer conversation data to train AI models.
- Detect fraud, abuse, and security threats.
- Comply with legal obligations and respond to lawful government requests.
5. Data Sharing & Sub-processors
We do not sell your personal data. We share data only with vendors necessary to operate the service:
| Sub-processor | Purpose | Data location |
|---|---|---|
| Google Firebase / Firestore | Database, authentication | US (us-central1) |
| Google Vertex AI / Gemini | AI reply generation | Processed transiently; not stored by Google for training |
| Stripe | Payment processing, subscription billing | USA |
| Vercel | Application hosting and CDN | Global edge (no PII stored at edge; processed in primary region) |
| EZ Texting | SMS delivery (your own EZ Texting account) | USA — customer-controlled |
| SendGrid / Email provider | Transactional email delivery | USA |
All payment card data is tokenised by Stripe. We never store raw card numbers, CVVs, or full card details. Stripe is PCI DSS Level 1 certified and stores payment data securely on US servers.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account and usage data | Duration of active subscription + 90 days post-cancellation (then deleted) |
| Conversation data | Duration of active subscription + 90 days post-cancellation |
| Billing records and invoices | 7 years (US tax and accounting requirements) |
| Security and access logs | 12 months rolling |
| Marketing consent records | Until consent is withdrawn + 3 years |
After the applicable retention period, data is deleted or irreversibly anonymised. Deletion requests are honoured within 7 days (see Section 8).
7. Security
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to production systems is restricted to authorised personnel via MFA.
- We maintain reasonable and appropriate security practices and procedures.
- In the event of a data breach, we will notify affected users within 72 hours of becoming aware, and comply with any applicable breach notification laws.
- We conduct periodic security reviews and vulnerability assessments.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data. To exercise any of them, email privacy@moxabot.comwith subject "Data Rights Request":
| Right | What it means | How to exercise |
|---|---|---|
| Access | Obtain a summary of personal data we hold about you | Email us — we respond within 7 days |
| Correction | Correct inaccurate or incomplete data | Email us or update in Account Settings |
| Deletion | Request deletion of your personal data | Email us — honoured within 7 days (except legally retained data) |
| Withdrawal of consent | Withdraw consent for marketing or non-essential processing | Unsubscribe link in emails, or email us — as easy as granting consent |
| Opt-out of sale/sharing | California residents (CCPA): opt out of any sale or sharing of personal information | Email us — we do not sell personal data |
| Portability | Receive a copy of your data in a portable format | Email us |
We do not charge a fee for exercising any of these rights. California residents may also submit requests through our support channel.
9. Cookies & Tracking
We use the following categories of cookies:
- Strictly necessary — session tokens, CSRF protection. No consent required.
- Analytics — anonymous usage statistics. Consent required; you may decline via our cookie banner.
- Marketing — retargeting pixels. Consent required; pre-ticked boxes are never used.
You can withdraw cookie consent at any time via the cookie settings link in the website footer.
10. Children's Privacy
Moxabot is not directed at individuals under 18. We do not knowingly collect personal data from minors. If we discover such data has been collected, we will delete it promptly. We do not conduct behavioural targeting of minors under any circumstances.
11. Contact & Data Controller
Bright Tier Solutions LLC is the data controller for personal data processed through Moxabot.
Bright Tier Solutions LLC
Email: privacy@moxabot.com
Response time: within 48 hours · Resolution time: within 30 days
For general support inquiries: support@moxabot.com
12. Changes to This Policy
We may update this policy periodically. When we make material changes, we will notify you by email and update the "Effective date" at the top of this page at least 7 days before the change takes effect. Continued use of the service after that date constitutes acceptance.
13. Contact
For any privacy-related questions not covered above:
privacy@moxabot.com
Bright Tier Solutions LLC, United States