WoSBotPro
Sign inStart free trial →

Privacy Policy

Effective 2026-04-27. This is a plain-language summary written by the founder; it is not legal advice. For binding interpretation, consult a lawyer in your jurisdiction.

This policy describes what WoS-Bot Pro collects, why, how long we keep it, and your rights to access, correct, export, or delete it.

1. Data we collect

  • Account: email address, password hash, account creation timestamp.
  • Subscription: Stripe customer ID, current tier and status, current period end. We never store card numbers.
  • Per-instance settings: the JSON configuration for each emulator you connect. You control what goes in it.
  • Crash telemetry (anonymous): exception type, stack trace, app version, OS version, machine hash (one-way SHA-256 of a hardware fingerprint, not reversible).
  • Performance telemetry (anonymous): latency percentiles per task and phase, app version, machine hash.
  • Step telemetry (anonymous): caught script-step exception types and rolled-up (task, step, outcome) failure counts. No screenshots, no OCR text, no input coordinates.
  • Activity log uploads (user-initiated):JSONL structured logs you submit explicitly via the "Submit logs" button.
  • Web access logs: IP address and user agent for requests to wosbotpro.com, retained 30 days for security.

2. Why we collect it

  • Account: authentication, billing, support contact.
  • Subscription: enforce paid features and billing.
  • Settings: sync your fleet configuration across machines.
  • Telemetry: diagnose bugs and performance regressions.
  • Activity uploads: troubleshooting individual support cases.

3. Sub-processors

We use these third-party services. Each is bound by a Data Processing Agreement and operates under its own privacy policy. Current list at /legal/subprocessors.

4. Retention

  • Account & settings: kept while your account exists; hard-deleted 7 days after deletion request.
  • Crash + perf + step telemetry: 90 days, then aggregated and the raw rows dropped.
  • Activity log uploads: 90 days, or until you request earlier deletion.
  • Stripe invoices: retained 7 years per tax / accounting obligations even after account deletion (legal requirement, not a choice).

5. Your rights

Under GDPR (EU), CCPA (California), and equivalent laws elsewhere you have the right to: access your data, correct it, port it, delete it, and object to processing. Use /account/data for self-service export and deletion, or email privacy@wosbotpro.com.

6. Children

The Service is not directed to children under 13 (US) / 16 (EU). We do not knowingly collect data from them. If you believe a child has signed up, email us and we will delete the account.

7. International transfers

Our hosting (Vercel, Supabase, Cloudflare R2) is located primarily in the United States and the European Union. Data may be transferred and processed outside your country. We rely on standard contractual clauses where required.

8. Security

We use Supabase row-level security on every table holding user data, TLS for every network connection, and bcrypt-equivalent hashing for passwords. Admin access is gated by a per-account flag and (soon) mandatory two-factor auth.

9. Changes

We will notify you of material changes by email at least 14 days before they take effect.

10. Contact

privacy@wosbotpro.com