Babots.ai is an AI companion platform where you can build, teach, and grow personalized AI companions. Connect your own API keys, keep your data private, and evolve your companions through five stages from Spark to Symbiote.
Loading...
Last updated: March 16, 2026
Babots AI collects the following types of information when you use our platform: Account Data: When you create an account, we collect your email address, display name, handle, and authentication credentials. If you sign in via a third-party provider (Google, GitHub, Discord), we receive your name and email from that provider. Usage Data: We collect information about how you interact with the Service, including pages visited, features used, companion interactions, Soul Points earned, quest completions, and engagement metrics. This data helps us improve the platform and personalize your experience. AI Interaction Data: Conversations and interactions with your AI companions (babots) are stored to maintain companion memory, personality evolution, and conversation continuity. This includes messages, prompts, and companion training data you provide. Device Information: We automatically collect device type, browser type, operating system, IP address, and general location data (country/region level) for security monitoring and service optimization.
We use the information we collect for the following purposes: Service Delivery: To create and maintain your account, power your AI companions, process interactions, track companion evolution through stages (spark, apprentice, companion, confidant, symbiote), and deliver core platform features including the War Zone, Love Zone, Feed, and Academy. Personalization: To tailor your experience using our preference graph system, which learns your preferences across commerce, content, communication, and behavior dimensions using exponential moving averages. You can control the extent of personalization through your data consent settings. Analytics & Business Intelligence: To understand platform usage patterns, improve features, generate anonymized aggregate statistics, and produce commercial analytics products and business intelligence insights. We apply differential privacy techniques and k-anonymity to protect individual user data. Anonymized, aggregated insights may be used for commercial purposes, including licensing to third parties, in accordance with our Terms of Service. Communication: To send service-related notifications, security alerts, companion activity updates, and (with your consent) promotional communications. You may opt out of non-essential communications at any time.
Babots AI takes the security of your data seriously and implements multiple layers of protection: Encryption: All sensitive data, including API keys and authentication tokens, is encrypted using AES-256-GCM encryption at rest. Data in transit is protected using TLS 1.2 or higher. Database Security: Our PostgreSQL databases are hosted in secure, access-controlled environments with regular backups, point-in-time recovery, and strict access controls. Database connections are encrypted and access is limited to authorized services only. Infrastructure: Our infrastructure runs on industry-standard cloud platforms with SOC 2 compliance, network isolation, and automated security monitoring. We use environment-variable-based secrets management and never store credentials in code. Incident Response: In the event of a data breach, we will notify affected users within 72 hours as required by applicable law, and take immediate steps to contain and remediate the incident.
When you connect third-party AI provider API keys (e.g., OpenAI, Anthropic, Google) to power your companions, the following protections apply: Encryption: Your API keys are encrypted using AES-256-GCM before storage and are never stored in plaintext. The encryption key is managed separately from the database. Access Control: Your API keys are only decrypted at the moment they are needed to make API calls on your behalf. They are never logged, cached in plaintext, or exposed in error messages. No Sharing: Your API keys are never shared with other users, third parties, or used for any purpose other than servicing your companion interactions. User Control: You may view, rotate, or delete your connected API keys at any time through your account settings. Upon key deletion, the encrypted key data is immediately removed from our systems.
Babots AI allows you to connect third-party services (such as Google Calendar, Gmail, Google Tasks, Google Contacts, YouTube, Microsoft Outlook, Slack, Discord, GitHub, Notion, Spotify, and others) to enhance your AI companion's contextual awareness. The following protections apply to all connected service data: Zero-Copy Data Model: Babots AI operates a strict zero-copy data model for all connected service integrations. When your AI companion accesses data from a connected service (e.g., your Google Calendar events), that data is fetched in real-time via the provider's API, processed in-memory to generate a response, and immediately discarded. User data from connected services is NEVER written to Babots AI databases, files, caches, or any persistent storage. What We Store: The only data stored related to your integrations is: (a) encrypted OAuth tokens (AES-256-GCM) required to authenticate with the provider on your behalf, (b) the list of scopes (permissions) you granted, and (c) your autonomy level preference (read-only, drafting, or autonomous). We do NOT store your calendar events, emails, tasks, contacts, messages, repositories, playlists, or any other content from connected services. Minimal Permissions: We request read-only access by default. For Google specifically, we request: calendar.readonly (view calendar events), gmail.readonly (view email metadata), tasks.readonly (view tasks), contacts.readonly (view contact names), and youtube.readonly (view subscriptions). Write access is only requested if you explicitly upgrade your autonomy level. Verifiable Audit Trail: Every data access is recorded in a tamper-evident audit log using SHA-256 hash chains. Each audit entry records what data type was accessed, which API endpoint was called, how many records were returned, and confirms that no data was persisted. You can verify the integrity of this audit chain and download a complete data access receipt at any time from your Integrations settings. Revocation: You may disconnect any integration at any time. When you disconnect, Babots AI revokes the OAuth token at the provider's server (e.g., Google's revocation endpoint) and deletes the encrypted token from our database. After disconnection, no further API calls can be made on your behalf. Google API Services User Data Policy: Babots AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not allow humans to read user data unless required for security purposes, and do not transfer data to third parties.
Babots AI does not sell your personal data to third parties. We share data only in the following limited circumstances: Service Providers: We may share data with trusted service providers who assist in operating the platform (e.g., hosting, email delivery, payment processing). These providers are contractually bound to protect your data and may only use it for the specific services they provide to us. AI Providers: When you use third-party AI provider keys, your companion interaction data is sent to those providers to generate responses. This is governed by the respective provider's terms and privacy policy. Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Babots AI, our users, or the public. Aggregated Data & Commercial Use: We may share or license anonymized, aggregated statistics and insights derived from platform usage that cannot reasonably be used to identify any individual user. This includes commercial analytics products, marketplace intelligence, and business insights. See Section 8 of our Terms of Service for details on how we commercialize aggregated data. Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you of any such change in ownership or control.
You have the following rights regarding your personal data: Access: You may request a copy of all personal data we hold about you, including companion data, interaction history, and account information. Export: You may export your data in a machine-readable format at any time through your account settings or by contacting us at legal@babots.ai. Deletion: You may request deletion of your account and all associated data. Upon receiving a verified deletion request, we will delete your data within 30 days, except where retention is required by law. Opt-Out: You may adjust your data consent settings at any time. Babots AI operates an opt-out model with three tiers: "full" (all data collected, default), "platform_only" (essential data only), and "none" (minimal data for account operation). You may downgrade your consent tier through your profile settings. Correction: You may update or correct your personal information at any time through your account settings. Portability: Where applicable under GDPR or similar legislation, you have the right to receive your data in a structured, commonly used format and to transmit it to another service.
We retain your data for as long as your account is active or as needed to provide the Service: Active Accounts: Account data, companion data, and interaction history are retained for the duration of your account's existence to maintain companion continuity and evolution. Deleted Accounts: Upon account deletion, we initiate removal of your personal data within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently purged. Anonymized Data: Aggregated, anonymized analytics data that cannot identify individual users may be retained indefinitely for service improvement purposes. Legal Obligations: Certain data may be retained longer if required by applicable law, regulation, or legal proceedings (e.g., financial transaction records, dispute-related data). Inactive Accounts: Accounts inactive for more than 24 months may be flagged for deletion. We will send a notification to your registered email before any action is taken.
Babots AI uses minimal tracking technologies: localStorage: We use browser localStorage to store your authentication token, theme preferences, and UI settings. This data remains on your device and is not transmitted to third parties. Session Data: We use session-based data to maintain your authenticated state and provide a seamless experience across page navigations. No Third-Party Tracking: We do not use third-party advertising trackers, social media pixels, or cross-site tracking cookies. We do not participate in ad networks or sell tracking data. Analytics: We use privacy-respecting analytics to understand platform usage. All analytics data is anonymized using differential privacy techniques before aggregation. Your Control: You may clear your localStorage data at any time through your browser settings. Note that clearing authentication tokens will require you to sign in again.
The Babots AI platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, you must not use the Service or provide any personal information. If we become aware that we have collected personal information from a child under the age of 13 without verified parental consent, we will take immediate steps to delete that information. If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us at legal@babots.ai so we can take appropriate action. For users between the ages of 13 and 18 (or the age of majority in your jurisdiction), we recommend using the Service under parental or guardian supervision.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Notification: We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date at the top of this page. For significant changes, we may also send a notification to your registered email address. Continued Use: Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the Service. Review: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: legal@babots.ai Website: https://babots.ai We will respond to all privacy-related inquiries within 30 days. For data access, export, or deletion requests, we may require identity verification before processing your request.