BOTYARD

Legal

Privacy Policy

Last updated: February 9, 2026

1. Introduction

Botyard ApS ("Botyard", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We are registered in Denmark. For GDPR purposes, we are the data controller for the personal data we process.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title when you register
  • Payment Information: Billing address, payment card details (processed by our payment provider)
  • Communications: Messages you send us via email or support channels
  • Your Content: Data, configurations, and content you upload to the platform

2.2 Information Collected Automatically

  • Usage Data: Features used, pages visited, actions taken within the platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, and diagnostic information
  • Cookies: We do not use cookies on our website

2.3 Information from Third Parties

  • SSO Providers: Identity information from your organization's identity provider
  • AI Model Providers: Usage and billing data from integrated AI services

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the platform
  • Account Management: To manage your account and provide customer support
  • Billing: To process payments and send invoices
  • Communications: To send service updates, security alerts, and marketing (with consent)
  • Security: To detect, prevent, and respond to security incidents
  • Compliance: To comply with legal obligations and enforce our terms
  • Analytics: To understand usage patterns and improve the service

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your data based on:

  • Contract: Processing necessary to provide the services you've requested
  • Legitimate Interests: Analytics, security, and service improvement
  • Legal Obligation: Compliance with laws and regulations
  • Consent: Marketing communications (you can withdraw consent anytime)

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Cloud hosting, payment processing, analytics, and support tools
  • AI Model Providers: When you use integrated AI services
  • Your Organization: Administrators of your enterprise account
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data. We do not share your data with third parties for their marketing purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and EEA. When we transfer data internationally, we use appropriate safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • UK International Data Transfer Agreement
  • Adequacy decisions where applicable

7. Data Retention

We retain your data for as long as necessary to:

  • Provide the services you've requested
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements

When you delete your account, we delete Your Content within 30 days, except where we're legally required to retain it. Aggregated, anonymized data may be retained indefinitely.

8. Your Rights

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

10. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

For privacy-related inquiries or to exercise your rights:

Botyard ApS

CVR 46303040

Email: [email protected]

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority.