Data & privacy
CloudyBot is operated by CloudAxis Labs LLC (U.S.). This page summarizes common product-privacy questions; legal terms live in the Privacy Policy. We separate your private workspace data from marketing analytics (see Cookie Policy).
Model training
We do not use your content to train third-party foundation models. To answer each request, we send the necessary portions of your prompt, thread context, and tool output to LLM providers you route through (listed on Subprocessors). Those providers process data under their own terms. You are responsible for not submitting content you lack rights to share.
What we store
- Account — email, password hash or OAuth linkage, plan, billing metadata via Stripe.
- Conversations — per-thread messages, rolling summaries, and saved facts you approve (threads & memory).
- Workspace files — uploads and agent-created files under your account
~/files/tree; not shared between users. - Integrations — OAuth tokens and API keys you connect under Settings; encrypted at rest.
- Saved logins — optional browser credentials (site + username/password); encrypted; injected into the system prompt for chat, not copied into the visible transcript (API / dashboard Settings → Connect).
- Browser sessions — isolated cloud browsers per account; you choose which sites to log into.
- Operational logs — security, abuse prevention, and activity logs (retained for a limited period — see below).
Retention by plan
Chat history retention follows your subscription tier (limits FAQ):
- Free — 30 days
- Growth — 90 days
- Pro — 180 days
- Max — unlimited (
historyDays: null)
In Settings you can set a shorter retention override down to one day, but not longer than your plan allows. A background job purges conversation rows and threads past the effective retention window. Workspace files remain until you delete them or close your account.
Other automated retention: task execution history (~30 days), activity logs (~365 days), unless law requires longer for specific records. Details in Privacy Policy § retention.
Your controls
- Delete a thread — removes that conversation and its saved facts.
- Delete files — from the dashboard Files tab or by asking the agent to remove paths you name.
- Disconnect integrations — revoke OAuth under Settings → Connect.
- Account deletion — request from dashboard settings or email; triggers deletion per policy (billing/legal records may be kept where required).
Privacy requests (access, correction, deletion): privacy@cloudaxis.ai · general contact: contact.
Security and subprocessors
- Credentials and integration secrets use server-side encryption (
CREDENTIAL_ENCRYPTION_KEYin production). - We do not sell personal information.
- Infrastructure and AI hosts are listed on Subprocessors; data may be processed in the U.S. and other provider regions.
- Product security practices: Security · trust reporting: Trust & Safety.
Marketing site vs product
The marketing site may use cookie-consent-gated analytics (GA4, Meta Pixel meta tags with consent default denied, Plausible on public pages). Logging into the dashboard uses session cookies to keep you authenticated. See Cookie Policy for categories and opt-out.
Common questions
Do you train on my chats?
No — we do not use your content to train third-party foundation models. Providers still process each request to generate a reply; see Privacy Policy.
Can other CloudyBot users see my files?
No. Files and threads are isolated per account. Specialists and cron jobs run in your workspace only.
What if I paste customer PII?
You control what you submit. Use retention overrides, delete threads/files when done, and choose plans and integrations appropriate to your compliance needs. We are not a HIPAA-certified medical records platform unless separately agreed in writing.
Does the SEO audit crawler index my site?
No. The audit crawler runs only when a user requests an audit; it is not a public search indexer or training bot.
Related: FAQ hub · Billing · Terms of Service