Effective date: July 14, 2026
This Privacy Policy describes how Beast Made, LLC (“bots.team,” “we,” “us”) handles personal information when you use the bots.team desktop application (the “App”), the bots.team website (the “Site”), and related services (together, the “Service”). We are the data controller for the personal information described in this Policy.
The short version: bots.team is local-first. The App runs AI agents (“Bots”) on your own computer, and everything they work with — your instructions, schedules, run histories, chat conversations, and files — stays on your device. Our servers only ever see the minimum needed to operate accounts, subscriptions, downloads, software updates, and support. We use privacy-preserving analytics — cookieless analytics on our website, and anonymous, content-free usage analytics in the App — with no cross-site tracking and no advertising trackers, and we never sell personal information. The contents of your Bots' work never leave your device.
The following is stored only in the App's local database and files on your computer. It is never transmitted to, stored on, or accessible by bots.team servers:
Because this data lives on your device, it is under your control (and subject to your device's security), and deleting the App or its data directory removes it. It also means we cannot access, recover, or delete it for you.
Our servers collect only the following, and only when you use the corresponding feature:
When you create a bots.team account or sign in: your email address and a salted cryptographic hash of your password (PBKDF2-SHA256; we never store your actual password), plus account timestamps and role. When you sign in from the desktop App, we also store a device session record: a hashed device token, the device name your operating system reports (typically your computer's hostname), and created/last-seen/expiry timestamps. Website sign-ins create an equivalent session record tied to a browser cookie.
If you purchase a paid plan, payment is processed by Stripe. We store your Stripe customer ID, subscription plan, subscription status, and billing-period end date. We never receive or store your payment card number. Stripe's handling of your payment details is governed by Stripe's privacy policy.
If you submit feedback or a support request from the App or Site, we receive the message you write, the category you choose, the App version and operating-system platform (to help us reproduce issues), and — only if you choose to provide it — your email address for replies.
When you download the App from the Site we record a download event consisting of the platform (macOS or Windows), the file requested, the country of the request (derived from the network request by our hosting provider), and a timestamp. We do not store IP addresses in download records. When the installed App checks for updates or retrieves remote feature configuration, the request includes standard HTTP information (such as IP address and App version); we use it only to serve the request.
Our hosting provider, Cloudflare, processes standard request metadata (IP address, user agent, request path, timestamps) to route traffic, mitigate abuse, and provide short-lived operational logs. We do not build profiles from this data.
If you email us, we receive your email address and the contents of your message.
When you visit the Site we use PostHog, a product-analytics service, in cookieless mode to understand aggregate usage: pages viewed, referring site, browser and device type, country, and clicks on page elements. Nothing is stored on your device — no cookies, local storage, or identifiers of any kind. To count unique visitors without identifying you, PostHog computes an irreversible hash of your IP address, browser, and the site hostname using a salt that changes daily and is then deleted, so visitors cannot be recognized across days or across sites. We do not capture what you type into forms, do not use session recording, and never join analytics data to your account. IP addresses are used transiently for this hash and for country lookup and are not stored with analytics events.
The App sends anonymous product-usage events to PostHog so we can understand which features are used and where the App fails: events like “app opened,” “bot created,” “run succeeded,” or “run failed,” with coarse, non-identifying details — for example, how many Bots are on a team, the character count of a context field, an error category such as “timed out,” the App version, and your operating-system platform. These events are deliberately content-free: they never include your Bot instructions or plans, Bot output, chat messages, search queries, file names or paths, URLs, team or Bot names, or anything else you type into the App. Events are grouped by a random installation identifier generated the first time the App runs. It is not derived from your hardware, contains no information about you, and is never linked to your account, email, or name; deleting the App's data directory deletes it. IP addresses are used transiently to deliver events and derive a country and are not stored with analytics events.
We do not collect: precise location, contacts, browsing history, advertising identifiers, biometric data, or the content of your Bots' work. We do not use advertising trackers or session-recording tools anywhere. The Site uses only the cookieless analytics described in Section 3.7, and the App only the anonymous usage analytics described in Section 3.8.
Two data flows happen because of how you use the App, outside our systems and outside our control:
We use the information in Section 3 to:
We do not use your personal information to train AI models, and we do not make automated decisions about you that have legal or similarly significant effects.
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share personal information only with:
The Site uses a single strictly necessary session cookie to keep you signed in to your account. It is not used for tracking, analytics, or advertising, and we do not use any third-party cookies. Our website analytics is deliberately cookieless and stores nothing on your device (see Section 3.7). Because we use only strictly necessary cookies, no cookie consent banner is presented. If you block the cookie, account sign-in on the Site will not work; the rest of the Site will.
We take measures appropriate to the modest amount of data we hold, including: TLS encryption for all traffic between the App, the Site, and our servers; passwords stored only as salted PBKDF2-SHA256 hashes; session and device tokens stored only as SHA-256 hashes; scoped, revocable device tokens (you can sign out a device at any time); and access to production systems restricted to authorized personnel. No system is perfectly secure, and we cannot guarantee absolute security. If we learn of a breach affecting your personal information, we will notify you and regulators as required by applicable law.
We are based in the United States, and our service providers (Cloudflare, Stripe, Resend, PostHog) process data in the United States and on global infrastructure. If you use the Service from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with data-transfer restrictions, your personal information will be transferred to countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards for such transfers, including the European Commission's Standard Contractual Clauses and our providers' participation in the EU–U.S. Data Privacy Framework, as applicable.
Depending on where you live, you may have rights to: access the personal information we hold about you; correct inaccurate information; delete your information; receive a portable copy; object to or restrict certain processing; and withdraw consent where processing is based on consent. You will not be discriminated against for exercising any of these rights.
To exercise any right, email hello@beastmade.fun from the address associated with your account (or provide equivalent verification). We respond within the timelines required by applicable law. You may also authorize an agent to submit a request on your behalf, subject to verification. If you are in the EEA/UK, you may also lodge a complaint with your local supervisory authority; residents of other jurisdictions may have similar rights with their local regulators.
Note that most of your data — everything in Section 2 — is already in your direct control on your own device and is not held by us at all.
For residents of California and other US states with comprehensive privacy laws: in the preceding 12 months we have collected the categories of personal information described in Section 3 — identifiers (email address, hashed credentials, device name, and a random App installation identifier), commercial information (subscription plan and status), internet or network activity (App version, platform, update-request metadata, transient server logs, cookieless aggregate site-usage analytics, and anonymous App feature-usage events described in Section 3.8), approximate geolocation (country, derived from requests, stored without identifiers), and communications you send us (feedback and support messages). Sources: you, your device, and our payment processor. Purposes: as described in Section 5. Disclosure: to the service providers listed in Section 6 for business purposes only.
We do not sell personal information and do not share it for cross-context behavioral advertising, and we have not done either in the preceding 12 months. We do not use or disclose sensitive personal information for purposes requiring a right to limit. We do not knowingly collect personal information of consumers under 16. Because we do not sell or share personal information, we do not respond to opt-out preference signals such as Global Privacy Control, as there is nothing to opt out of. California residents may exercise the rights in Section 11 (access/know, delete, correct, portability, non-discrimination) via hello@beastmade.fun.
The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us at hello@beastmade.fun and we will delete it.
Our Site analytics cannot follow you across websites or over time — it stores nothing on your device, and its unique-visitor identifiers rotate daily and are never linked to you (see Section 3.7). Because there is no cross-site or longitudinal tracking to disable, the Site does not respond differently to browser “Do Not Track” signals.
We may update this Policy from time to time. If we make material changes, we will notify you before they take effect — by email, a notice on the Site, or a notice in the App — and update the effective date above. Earlier versions are available on request.
Questions, requests, or complaints about privacy:
Beast Made, LLC
611 South DuPont Highway Suite 102, Dover, DE 19901
hello@beastmade.fun