Privacy Policy

Last updated: April 2026

1. Introduction

BotScale (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy (the “Policy”) is drafted in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK Data Protection Act 2018, and other applicable national data-protection law, and sets out how we process and protect personal data of users of the website botscale.io and related services.

2. Data Controller

For the purposes of Article 4(7) GDPR, the data controller of the personal data processed under this Policy is:

BotScale
Email: admin@botscale.io

Data-subject requests under Articles 15-22 GDPR can be addressed to the email above. Full contact details are published on the Contacts page.

3. Personal Data We Process

3.1 Categories of personal data

We may process the following categories of personal data:

  • Contact information: email address when you submit a contact form or request a consultation;
  • Usage data: information about how you interact with our website, including pages visited, time on site, and referral sources;
  • Technical data: IP address, browser type and version, device and OS information, screen size and viewport;
  • Communication data: any information you provide when contacting us through forms, email, or messenger.

3.2 Categories of data subjects

  • visitors to botscale.io;
  • users of the BotScale service;
  • persons submitting inquiries through contact forms.

3.3 Special categories of personal data

We do not process special categories of personal data (Article 9 GDPR) — racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation — and do not process personal data relating to criminal convictions or offences (Article 10 GDPR).

4. Purposes and Legal Bases for Processing

4.1 Purposes

Personal data is processed for the following purposes:

  • responding to user inquiries and providing requested services;
  • sending relevant information about our services (with your consent);
  • improving the website and user experience;
  • analysing site traffic and usage patterns;
  • security and fraud prevention;
  • compliance with applicable law.

4.2 Legal bases

Processing is carried out on the following legal bases under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a)): analytics tracking and marketing communications — only after your explicit consent;
  • Performance of a contract (Art. 6(1)(b)): processing the data needed to provide the Service and to respond to your inquiries;
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, and access-audit logging.

4.3 Obtaining consent

Consent is obtained through the following actions by the data subject:

  • Submitting a contact form: filling and submitting the form is a clear affirmative action that indicates consent to process the data provided;
  • Accepting the cookie banner: clicking “Accept” in the consent banner indicates consent to analytics tracking.

Consent may be withdrawn at any time by sending a written notice to the controller’s email (Article 7(3) GDPR). Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

5. Processing Operations

Within the meaning of Article 4(2) GDPR, processing includes any of the following operations that we may carry out:

  • collection;
  • recording;
  • organisation;
  • structuring;
  • storage;
  • adaptation or alteration;
  • retrieval;
  • consultation;
  • use;
  • disclosure by transmission, dissemination, or otherwise making available;
  • alignment or combination;
  • restriction;
  • erasure or destruction.

Processing is carried out by both automated and non-automated means using computer systems.

6. Data Storage and Security

We implement appropriate technical and organisational measures to protect personal data in accordance with Article 32 GDPR:

6.1 Technical measures

  • encryption of data in transit (TLS/SSL) and at rest;
  • access segregation and control in information systems;
  • firewalls and intrusion-detection systems;
  • regular software and security updates;
  • data back-ups.

6.2 Organisational measures

  • limitation of the personnel with access to personal data;
  • regular audit and review of security practices;
  • incident detection and response procedures;
  • notification of the competent supervisory authority and affected data subjects in the event of a personal-data breach (Articles 33-34 GDPR).

7. Sharing Data with Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers: hosting and technical-support vendors, under contracts that ensure data confidentiality (Article 28 GDPR data-processing agreements);
  • Analytics: our own analytics system (no data is shared with third-party analytics vendors);
  • Team notifications: email address forwarded through the Telegram messenger for operational purposes;
  • Government authorities: on grounds provided for by law;
  • Business partners: only with your explicit consent.

7.1 International transfers

International transfers of personal data are carried out in accordance with Chapter V GDPR.

We may transfer data in the following cases:

  • Telegram: team notifications are delivered via Telegram. Telegram servers may be located outside the EEA. The transfer is based on your consent and is limited to the minimum necessary data (email address only).

Transfers to third countries take place only where an adequate level of protection is ensured (European Commission adequacy decision) or appropriate safeguards are in place (Standard Contractual Clauses under Article 46 GDPR).

8. Cookies and Tracking

We use a first-party analytics system to understand how visitors use the site and improve our services. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking.

8.1 Consent

On your first visit you will see a consent banner. You may accept or decline analytics tracking. Your choice is stored in the bs_consent cookie for one year.

8.2 Data collected (upon consent)

If you accept analytics, we collect:

  • Page views: which pages you visit and in what order;
  • Scroll depth: how far you scroll each page (25%, 50%, 75%, 100%);
  • Clicks: buttons, links, and interactive elements clicked;
  • Form interactions: when you start filling out a form (not the content);
  • Device information: browser type, operating system, screen size, viewport dimensions;
  • Session data: time on page, active time, referral source;
  • Traffic source: how you found us (search, direct, referral, UTM parameters).

8.3 Storage used

We use browser sessionStorage (not cookies) to track the session. The following keys are stored temporarily:

  • bs_session — a random session identifier;
  • bs_last_activity — timestamp of your last activity;
  • bs_utm — UTM campaign parameters (if present);
  • bs_returning — whether you visited before in this session.

This data is cleared when you close the browser. One persistent cookie is set:

  • bs_consent — your consent choice (1 = accepted, 0 = declined), expires after 1 year.

8.4 Retention of analytics data

Analytics data is retained for up to 12 months and then automatically deleted. Session data is aggregated and anonymised after 30 days.

8.5 Changing your consent

To change your cookie-consent preference:

  • clear the bs_consent cookie in your browser settings;
  • refresh the page — the consent banner reappears;
  • make a new choice (Accept or Decline).

If you decline, no analytics data is collected and any existing session data is cleared.

9. Your Rights as a Data Subject

Under GDPR (Articles 15-22) and applicable national data-protection law you have the following rights:

  • Right of access (Art. 15): obtain confirmation whether your data is being processed, a copy of it, and information about the controller, purposes, categories, recipients, retention periods, and sources;
  • Right to rectification (Art. 16): have inaccurate or incomplete data corrected without undue delay;
  • Right to erasure / “right to be forgotten” (Art. 17): have your data deleted where the statutory grounds apply;
  • Right to restriction of processing (Art. 18): have processing limited in the circumstances specified by law;
  • Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;
  • Right to object (Art. 21): object, at any time, to processing based on legitimate interests, including profiling, and to direct-marketing processing;
  • Right to withdraw consent (Art. 7(3)): withdraw previously given consent at any time by sending a written notice to admin@botscale.io;
  • Right to lodge a complaint (Art. 77): lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or alleged infringement.

To exercise any of these rights, send a request to the controller’s email. The request must include your name, contact information, and a description of the action requested.

The controller responds within one month of receiving the request (Article 12(3) GDPR). The period may be extended by a further two months where necessary, taking into account the complexity and number of the requests; in that case you will be informed within one month.

10. Retention Periods

We retain personal data only for as long as necessary for the purposes of processing or as required by law (Article 5(1)(e) GDPR):

  • Contact information: up to 3 years after last interaction, after which the data is erased;
  • Analytics data: up to 12 months, then automatically deleted;
  • Access-audit logs: 90 days for security purposes.

Once the purpose of processing is achieved or the retention period expires, personal data is erased in the manner established by the controller, within 30 days.

11. Supervisory Authorities

Supervision of our data-processing activities is performed by the competent data-protection authority in the User’s Member State or jurisdiction. A list of EEA supervisory authorities is maintained by the European Data Protection Board at edpb.europa.eu.

Users in the United Kingdom may address the Information Commissioner’s Office (ICO) at ico.org.uk.

12. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of external sites and encourage you to review their privacy policies.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Changes are posted on this page with an updated revision date. We encourage periodic review. Continued use of the site after changes are published indicates your agreement with the updated Policy.

14. Data Location

Your personal data is stored on servers located in the European Union. We use Telegram for internal team notifications; Telegram servers may be located outside the EEA. For Telegram’s privacy practices, see telegram.org/privacy.

15. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data-subject rights, contact us:

BotScale
Email: admin@botscale.io

You also have the right to lodge a complaint with your national data-protection supervisory authority (see section 11 above).