Privacy Policy
Last updated: February 18, 2026
1. Information We Collect
When you create a MallowBot account, we collect your email address and a hashed version of your password. If you sign in via Google or GitHub, we receive your name, email, and profile picture from those providers. We do not store your social login passwords.
2. Bot & Conversation Data
Messages exchanged with your bots are stored to provide persistent memory and conversation history. This data is associated with your account and is never shared with other users. We do not use your conversation data to train AI models.
3. Third-Party Integrations
When you connect third-party services (Google, GitHub, Slack, Notion, Microsoft 365, etc.), we store encrypted OAuth tokens to access those services on your behalf. API keys you provide for services like Discord, Telegram, Twitter, and Email/SMTP are encrypted with AES-256-GCM before storage. You can disconnect integrations at any time, which deletes the stored credentials.
4. Cookies & Analytics
We use Google Analytics to understand how visitors interact with our site. Authentication tokens are stored in your browser's localStorage. We do not use tracking cookies for advertising purposes.
5. Data Security
All data is encrypted at rest and in transit. Credentials and API keys are encrypted using AES-256-GCM. Passwords are hashed with bcrypt. We use HTTPS for all communications. Our infrastructure runs on secure, isolated containers.
6. Data Retention & Deletion
You can delete your account and all associated data at any time from your dashboard settings. When you delete your account, all bots, conversation history, integrations, and personal data are permanently removed.
7. Contact
If you have questions about this privacy policy, please contact us at privacy@mallowbot.com.