Privacy Policy
This policy describes how The Mad Botter INC ("we") handles personal information when you use Alice Pro. Short version: we collect what's needed to run the Service, your business data stays in your own cloud wherever possible, and we don't sell or rent personal information — ever.
1. What we collect
- Account information — your name, work email, password (stored as a salted hash), and workspace/company name.
- Connection credentials — credentials you provide for data sources and destinations (database passwords, storage keys, OAuth tokens for Microsoft). These are encrypted at rest with keys held separately from the database, and used only to operate your pipelines.
- Configuration and usage — pipelines, schedules, SQL, run logs and metrics, Alice AI requests and generated SQL (with token counts for metering).
- Your business data, transiently — pipeline runs read from your sources and write results to serving storage. Result data lives in your cloud storage account or your single-tenant managed container; we do not keep copies of your row data beyond capped preview samples shown to you and temporary processing memory.
- Technical data — server logs and error reports (including IP address and request metadata) for security and debugging.
- Billing — handled by Paddle, our merchant of record. We never see or store full card numbers.
2. What we use it for
Operating the Service you asked for, securing it, metering plan usage, providing support, and sending service email (receipts, alerts about your pipelines, material changes). No advertising, no sale of personal data, no third-party trackers on this site.
3. Alice AI
When you use Ask Alice, your request text and the schema of the tables involved (names and types) are sent to Anthropic's Claude API to generate SQL. Under Anthropic's commercial API terms, API inputs and outputs are not used to train their models. Generated SQL and your prompt are stored in your workspace history for metering and audit.
4. Subprocessors
| Provider | Purpose | Location |
|---|---|---|
| DigitalOcean | Application hosting and database | United States |
| Microsoft Azure | Managed serving storage; Power BI/Fabric APIs in your tenant | United States (your tenant per your config) |
| Anthropic | Alice AI SQL generation | United States |
| Paddle | Payments (merchant of record) | UK/US |
| Sentry | Error monitoring | United States |
5. Cookies
We use a single, essential session cookie to keep you signed in. No advertising or analytics cookies.
6. Retention & deletion
Account and configuration data are kept while your account is active and for 30 days after termination, then deleted. Run logs are pruned on a rolling basis. You may request export or deletion of your data at any time at the contact below; we respond within 30 days.
7. Security
TLS everywhere; connector credentials encrypted at rest (application-level encryption with separately held keys); single-tenant serving containers with scoped, minimal-privilege credentials; firewalled infrastructure; least-privilege access. No method of transmission or storage is 100% secure, but this is what we'd want as a customer, so it's what we build.
8. Your rights
Depending on where you live (e.g., EEA/UK GDPR, California CCPA), you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Contact us and we'll honor them. We do not discriminate for exercising them.
9. Changes & contact
We'll announce material changes by email or in-app before they take effect. Data questions or requests: michael@themadbotter.com — The Mad Botter INC, Florida, USA.