Privacy Policy

Key highlights for convenience — please read the full policy below.

• What we collect: Discord profile info, messages you send to BoltBot⚡, voice data when using Voice Agent (via Deepgram), payment data (via Stripe), and basic usage analytics.
• AI providers: Your prompts are sent to OpenAI, Google, xAI, or Cloudflare Workers AI to generate responses. Voice data is processed by Deepgram. None of these providers train on API data by default.
• We never sell your data: Your personal information is never sold to third parties, period.
• Your rights: You can access, correct, delete, or export your data at any time by emailing support@boltbot.app.
• Data retention: Account data deleted within 30 days of request. Conversation logs kept up to 90 days.
• Age restrictions: You must be 13+ to use BoltBot⚡. NSFW features require you to be 18+ and are limited to Discord age-restricted channels.

BoltBot, LLC ("BoltBot⚡," "we," "us," or "our") operates BoltBot⚡, a Discord-based AI chatbot providing access to multiple AI models including OpenAI (GPT), Google (Gemini), xAI (Grok), and Cloudflare Workers AI. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with BoltBot⚡ on Discord or visit boltbot.app.

By using BoltBot⚡, you agree to this Privacy Policy. If you disagree, please do not use our services. This policy should be read alongside our Terms of Service, Paid Services Terms, and Refund Policy.

Data Controller: BoltBot, LLC is the data controller responsible for your personal information. We are a Delaware LLC based in the United States. For EEA, UK, and Swiss users, we serve as the data controller under GDPR and applicable data protection laws.

3.1 Discord Information

When you interact with BoltBot⚡: We receive your Discord user ID, username, display name, avatar, server memberships where you use BoltBot⚡, and your roles/permissions. When you authorize via OAuth2: We access your email (to link premium subscriptions), username, avatar, banner, and server list. We never receive your Discord password.

3.2 Messages and Content

Default: We only collect messages directed to BoltBot⚡ (mentions, slash commands, DMs), including text, images, attachments, AI model preferences, and AI-generated responses.

Optional channel context (opt-in): If a server administrator enables message context, BoltBot⚡ may read up to 500 recent messages in enabled channels for context-aware responses. This processes messages from all users in that channel.

Abuse prevention: We may access custom personalities, instructions, and memory logs solely for safety and policy enforcement.

3.3 Payment, Usage, and Credentials

Payment: Stripe processes payments directly. We only receive transaction IDs, subscription status, last four card digits, and billing location — never full card numbers. Usage data: AI model usage, command patterns, dashboard settings, timestamps, error logs, and server IDs. Website visitors: IP address, browser type, and device information.

User-provided credentials (paid plans):You may provide API keys (OpenAI, Google, xAI, Cloudflare) or Discord bot tokens. These are encrypted at rest and cannot be accessed by staff in their original form. You're responsible for managing costs and revoking compromised credentials. Delete them anytime via your dashboard.

3.4 Voice Data (Voice Agent)

When you use Voice Agent: BoltBot⚡joins Discord voice channels and processes audio data — including your voice when speaking, audio transmitted to Deepgram for speech-to-text conversion, and text-to-speech responses generated by Deepgram's AI voices.

How it works:When activated via wake words (configured in your dashboard), audio is streamed to Deepgram's servers for real-time speech recognition. Your spoken words are converted to text, processed by your selected AI model, and the response is converted back to speech.

Voice data retention: Audio streams are processed in real-time and are not permanently stored by BoltBot⚡. Deepgram may temporarily retain audio data per their privacy policy. Transcribed text may be included in conversation logs (retained up to 90 days).

We use your information to:

• Provide services — process prompts, deliver AI responses, manage subscriptions
• Process payments — handle billing, refunds, and subscription management
• Improve our service — analyze usage patterns to enhance features and reliability
• Communicate — send service announcements and respond to support requests
• Ensure safety — detect abuse, prevent fraud, and enforce our policies
• Comply with law — respond to valid legal requests and obligations

Your prompts and attachments are transmitted to your selected AI provider. Each has its own data handling practices:

• OpenAI (GPT): API data not used for training by default. Retained up to 30 days for abuse monitoring. Privacy Policy
• Google (Gemini): Paid API data not used for training. Limited retention for abuse detection. API Terms
• xAI (Grok): Practices vary by tier. Privacy Policy
• Deepgram (Voice Agent): Processes voice audio for speech-to-text and text-to-speech in real-time. Privacy Policy
• Cloudflare Workers AI: Serverless AI inference on Cloudflare's global network. Data processed per request, not stored. Documentation

What we send: Prompts, attachments, conversation context, system parameters. For Voice Agent: audio streams to Deepgram. What we never send: Your Discord username, user ID, real name, or payment information (unless you include them in prompts or speak them aloud).

6.1 AI-Generated Content

You may use AI-generated content for personal or commercial purposes, subject to each provider's usage policies (OpenAI, Google, xAI, Cloudflare). You own the AI-generated responses created for you through BoltBot⚡. We claim no ownership rights over AI outputs. However, AI outputs may not be unique — similar content may be generated for other users — and we cannot guarantee intellectual property protection.

6.2 User-Created Content

Custom personalities and instructions:You retain ownership but grant us a non-exclusive, worldwide, royalty-free license to use, store, and process this content to provide our services. You are solely responsible for ensuring your content complies with laws, doesn't infringe third-party rights, contains no illegal or harmful material, and adheres to our Terms and AI provider policies. We may remove violating content without notice or refund.

NSFW content: You must be 18+, ensure content is legal in your jurisdiction, never depict minors, and only use it in Discord age-restricted channels. We are not liable for legal consequences arising from your NSFW content.

Bot permissions: BoltBot⚡ requests: Manage Messages (required), Create Invite, Change Nickname, View Audit Log, Send Messages, Embed Links, Attach Files, Read Message History, Add Reactions, Use External Emoji, Create Polls, Connect (voice), and Speak (voice). Administrators can review and modify permissions before authorizing.

What BoltBot⚡ accesses: By default, only messages where BoltBot⚡ is mentioned, slash commands, or DMs. With message context enabled: recent messages in those channels. With Voice Agent enabled: audio in activated voice channels. We do NOT access private DMs with others, channels without BoltBot⚡ invocation (unless context is enabled), inactive voice channels, video streams, or your Discord password.

Bot removal: Server configurations are retained for 30 days after removal (in case you re-add). Your personal data and subscription remain unaffected. Your use of Discord is governed by Discord's Privacy Policy and Terms.

We never sell your personal information. We share data only with:

• AI Providers — prompts and content to generate responses
• Stripe — payment processing (Privacy Policy)
• Service Providers — Vercel (hosting), analytics, and support vendors under confidentiality agreements
• Legal Compliance — when required by law or valid legal process
• Business Transfers — in connection with a merger, acquisition, or asset sale
• With Your Consent — when you explicitly authorize sharing

Law enforcement: We may disclose information in response to valid legal process (subpoenas, warrants). When permitted, we'll attempt to notify you unless prohibited by law, there's risk of harm, or it's an emergency. Contact support@boltbot.app for our current sub-processor list.

9.1 Security Measures

We implement TLS/SSL encryption in transit, secure storage with access controls, regular security monitoring, and limited employee access on a need-to-know basis. No system is 100% secure — you're responsible for your Discord account security.

Breach notification: We will notify affected users within 72 hours of discovering a breach, describe its nature, outline remediation steps, and notify supervisory authorities as required.

9.2 Retention Periods

• Account data: Retained while active; deleted within 30 days of request
• Conversation logs: Up to 90 days
• Custom personalities/instructions: While active; deleted within 30 days of request
• Payment records: 7 years (tax compliance requirements)
• Usage analytics: Aggregated and anonymized data retained indefinitely
• Server configs: 30 days after bot removal
• API keys/tokens: Until deleted by you, or 30 days after account termination
• Abuse records: As needed for fraud prevention and legal compliance

9.3 Account Deletion

Upon request: We delete personal data within 30 days, except payment records (tax compliance), fraud prevention data, and anonymized analytics. Discord messages: We cannot delete messages sent in Discord channels — including AI-generated responses — as these exist on Discord's platform. Delete them yourself or contact server admins. Policy violations: We may retain violation records; no refund per our Paid Services Terms.

Depending on your location, you may:

• Access — request a copy of your data
• Correct — fix inaccurate data
• Delete — request deletion of your data
• Port — receive your data in JSON/CSV format
• Restrict/Object — limit or object to certain processing
• Withdraw Consent — where processing is consent-based

Email support@boltbot.app to exercise any of these rights. We respond within 30 days after verifying your identity.

Automated decisions: BoltBot⚡ uses automation for AI response generation, content filtering, and abuse detection (which may restrict accounts). You may request human review of any significant automated decision.

10.1 California Residents (CCPA/CPRA)

You have the right to know what data we collect, use, and disclose; request deletion; request correction; opt out of sale (we don't sell data); and freedom from discrimination for exercising your rights.

10.2 European Union and UK Residents (GDPR)

Legal basis: Contract performance, legitimate interests (service improvement, security, fraud prevention — with balancing tests conducted), legal obligations, and consent where applicable. Additional rights: Object to legitimate interest processing, object to profiling/automated decisions, and lodge complaints with supervisory authorities — EU: ODR Platform, UK: ICO. International transfers: Data may be transferred to the US. We use Standard Contractual Clauses for EEA/UK/Swiss transfers.

BoltBot⚡is not intended for children under 13 (or 16 in some EU countries). We don't knowingly collect data from anyone under 13. If we discover such data, we'll delete it promptly. Users aged 13–17 must have parental consent. We rely on Discord's age verification (13+ requirement).

NSFW features require 18+ and are only available in Discord's age-restricted channels. By accessing NSFW features, you confirm you're 18+ and that such content is legal in your jurisdiction. Parents or guardians may contact support@boltbot.appregarding children's data.

Our website (boltbot.app) may use cookies for essential functionality, analytics, and user preferences. You can control cookies through your browser settings. BoltBot⚡'s Discord bot does not use cookies — it operates entirely through Discord's platform.

13.1 Service Availability and Warranties

BoltBot⚡is provided "as is" and "as available" without warranties of any kind, express, implied, or statutory. We disclaim all warranties of merchantability, fitness for a particular purpose, title, and non-infringement. We do not warrant uninterrupted, secure, or error-free service, that defects will be corrected, or that AI content will be accurate.

We may modify, suspend, or discontinue the service at any time. Third-party AI provider outages may affect functionality.

13.2 Limitation of Liability

To the maximum extent permitted by law, BoltBot, LLC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, use, or goodwill. Our total liability is limited to the greater of: (a) amounts you paid us in the 12 months preceding the claim, or (b) $100 USD.

Some jurisdictions don't allow liability limitations — these exclusions may not fully apply to you.

13.3 Indemnification

You agree to indemnify and hold harmless BoltBot, LLC, its officers, directors, employees, and agents from claims, damages, losses, and expenses (including attorneys' fees) arising from: (i) your use of BoltBot⚡; (ii) violation of these terms or any law; (iii) violation of third-party rights; (iv) content you submit; (v) your use of AI-generated content.

Governing law: Delaware, United States, without regard to conflict of law principles. For non-arbitrated disputes, exclusive jurisdiction lies in Delaware state and federal courts. EU consumers retain mandatory home-country protections.

Informal resolution: Before filing any formal dispute, contact support@boltbot.app and attempt resolution for at least 30 days.

Arbitration: If informal resolution fails, disputes will be resolved by binding arbitration under AAA Consumer Rules. Conducted in English; decision final and binding. Opt-out: Notify us in writing within 30 days of first use. Exceptions: Small claims court if eligible; injunctive relief for IP infringement.

Electronic communications: By using BoltBot⚡, you consent to electronic communications (emails, Discord messages, notifications). These satisfy legal writing requirements.

Severability: If any provision is invalid, it will be limited or eliminated to the minimum extent necessary; remaining provisions stay in effect.

Waiver: Non-enforcement of a provision doesn't waive future enforcement rights. Waivers must be in writing.

Assignment: You cannot assign without consent; we may assign freely.

Entire agreement: This policy, together with the Terms of Service, Paid Services Terms, and Refund Policy, constitutes the complete agreement. The Terms of Service control if conflicts exist.

Survival: These sections survive termination: Important Notice, Content Ownership, Data Retention, Indemnification, Limitation of Liability, Disclaimers, Dispute Resolution, and any provisions that by nature should survive.

We may update this policy periodically. For material changes, we'll provide at least 30 days' notice via our website, bot, Discord server, or email. The "Effective Date" at the top indicates the latest revision. Continued use after changes take effect constitutes acceptance.