Privacy Policy

Bolor Intelligence, Inc. ("Bolor Intelligence," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, API services, dashboard, and related products (collectively, the "Services").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, company name, and password (stored as a salted hash). If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe. We do not store complete credit card numbers on our servers.

1.2 API Usage Data

We log API requests for operational purposes, including request timestamps, endpoint paths, response codes, latency metrics, and token usage counts. API request payloads (including queries sent to OrchestrAI, data submitted to DataReady, and knowledge stored in MindVault) are processed in-memory and are not retained beyond the duration of the request unless you explicitly configure persistent storage through MindVault.

1.3 Automatically Collected Information

When you visit our website or use our dashboard, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URL, pages visited, and time spent on pages. We collect this information through server logs and analytics tools.

1.4 Cookies and Tracking Technologies

We use strictly necessary cookies for authentication and session management. We use analytics cookies (which can be opted out of) to understand how users interact with our dashboard. We do not use third-party advertising cookies or cross-site tracking technologies.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, operate, and maintain the Services, including processing API requests, managing your account, and providing customer support.
• Billing: To process payments, send invoices, and manage your subscription.
• Service improvement: To analyze aggregated usage patterns and improve our products, infrastructure, and documentation.
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Communication: To send you transactional emails (account verification, password resets, billing receipts) and, with your consent, product updates and marketing communications.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Data Storage and Security

Your data is stored on servers located in the United States. We implement industry-standard security measures to protect your information:

• All data is encrypted in transit using TLS 1.3.
• All data at rest is encrypted using AES-256 encryption.
• API keys are hashed and salted; we never store them in plaintext.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security audits and penetration testing.

4. Data Sharing and Third-Party Services

We do not sell your personal information. We share data only in the following circumstances:

• Service providers: We share data with third-party providers who assist in delivering our Services (e.g., Stripe for payments, cloud infrastructure providers for hosting). These providers are contractually bound to protect your data.
• AI model providers: When you use OrchestrAI, your queries are routed to third-party AI model providers (e.g., OpenAI, Anthropic). Your data is subject to their respective privacy policies. We do not share your account information with these providers.
• Legal requirements: We may disclose your information if required by law, regulation, subpoena, or court order.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Retention

We retain your account information for as long as your account is active. API usage logs are retained for 90 days for operational purposes. Billing records are retained for 7 years to comply with tax and accounting regulations. When you delete your account, we delete your personal information within 30 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request a machine-readable export of your data.
• Opt-out: Opt out of marketing communications at any time by clicking the unsubscribe link or contacting us.

To exercise any of these rights, contact us at privacy@bolor.ai. We will respond within 30 days.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To submit a CCPA request, email privacy@bolor.ai with the subject line "CCPA Request."

8. International Data Transfers

If you are located outside the United States, please be aware that your information is transferred to, stored, and processed in the United States. By using our Services, you consent to the transfer of your information to the United States. We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws, including the EU-US Data Privacy Framework where applicable.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Services after the effective date of changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: