Privacy Notice
Effective Date: February 28, 2026
BotVault ("we," "us," or "our") is a credential management platform operated by Martin Mexia as a personal project at mybotvault.com. This Privacy Notice explains what information we collect, how we use it, and your rights regarding that information.
1. Information We Collect
Account Information
- Username
- Email address
- Password (hashed; we never store plaintext passwords)
Credentials You Store
- API keys, tokens, and secrets you choose to save in your vault
- Bot tokens and their associated metadata (name, description)
Google Account Data (if you connect a Google account)
- OAuth access and refresh tokens
- Your Google email address and profile name (used to identify the connected account)
- Granted OAuth scopes (e.g., Gmail, Calendar, Drive, Contacts, Sheets, Docs)
We do not access or store the contents of your Gmail messages, calendar events, Drive files, or other Google Workspace data. We only store the OAuth tokens necessary for your bots to access those services on your behalf.
2. How We Use Your Information
- To create and manage your BotVault account
- To securely store and serve your credentials to your authorized bots via our API
- To auto-refresh Google OAuth tokens so your integrations remain active
- To provide audit logs of credential access within your account
We do not use your information for advertising, profiling, analytics, or any purpose other than providing the BotVault service.
3. How We Store and Protect Your Data
- All sensitive credentials (API keys, tokens, secrets) are encrypted at rest using AES-256-GCM.
- Passwords are cryptographically hashed and never stored in plaintext.
- Our database is hosted on Turso (SQLite-based), and the application is hosted on Vercel.
- All data is transmitted over HTTPS/TLS.
4. Third-Party Services
We use the following third-party services to operate BotVault:
- Vercel — Application hosting and serverless functions
- Turso — Database hosting (SQLite)
- Google OAuth — To authorize access to Google Workspace services you connect
We do not sell, rent, or share your personal data with any third parties for marketing or advertising purposes. Data is shared with the services listed above only as necessary to operate BotVault.
5. Google API Services – Limited Use Disclosure
BotVault's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google data to provide and improve the BotVault service for you.
- We do not transfer Google data to third parties except as necessary to provide the service, comply with law, or as part of a merger/acquisition with adequate data protection.
- We do not use Google data for advertising or to create advertising profiles.
- Humans only read Google data with your explicit consent, for security purposes, to comply with law, or when aggregated and anonymized for internal operations.
6. Cookies and Tracking
BotVault uses only essential cookies required for authentication (session cookies). We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.
7. Your Rights
You have the right to:
- Access your stored data at any time through your BotVault dashboard.
- Update your account information and stored credentials.
- Delete your account and all associated data. Account deletion is permanent and removes all your credentials, bot tokens, connected Google accounts, and audit logs.
- Revoke Google access at any time by disconnecting your Google account from BotVault or revoking access via your Google Account permissions.
- Export your data upon request by contacting us.
8. Data Retention
We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted from our systems. We do not retain backups of deleted accounts.
9. Children's Privacy
BotVault is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.
10. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. If we make material changes, we will notify you via email or through a notice on our website. The "Effective Date" at the top of this page indicates when the notice was last revised.
11. Contact Us
If you have questions or concerns about this Privacy Notice or your data, please contact us at:
Email: martinmexia@gmail.com
BotVault is a personal project by Martin Mexia. This service is not operated by a registered company.