Privacy Policy

Last Updated: May 21, 2025

1. Introduction

Welcome to Botscanner! This Privacy Policy explains how eZecute S.R.L. ("eZecute," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use our website at https://botscanner.ai/ (the "Site") and our related services (collectively, the "Service"). We are committed to protecting your privacy and processing your personal data transparently and securely in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and relevant Italian data protection laws, including the Legislative Decree no. 196/2003 as subsequently amended (the "Italian Privacy Code").

2. Data Controller

The Data Controller for the personal data processed through the Service is:

eZecute S.R.L.

Via Ludovico di Savoia, 2b

00185 Rome, Italy

REA di Roma N° 1302638

P.IVA 11435051005

Email for privacy inquiries: Contact Page

3. Data Protection Officer (DPO)

eZecute S.R.L. has determined that it is not currently required to appoint a Data Protection Officer (DPO). For any questions regarding this Privacy Policy or your data protection rights, please contact us at info@ezecute.com.

4. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Account Information: When you register for an account, we collect information such as your email address, password (hashed), and any other information you provide during registration.
  • Billing Address Information: When you purchase credits and if required for tax calculation purposes, we collect your full billing address, including street address, city, state/province, postal code, country, and, only for businesses, your VAT number. This information is stored in our systems and also shared with our payment processor, Stripe, to facilitate payment processing and tax compliance.
  • Payment Information: To process payments for Credits, we use a third-party payment processor (Stripe). We do not directly collect or store your full payment card details. Stripe provides us with transaction confirmations and limited payment information (e.g., card type, last four digits). You will be subject to Stripe's terms and privacy policy.
  • User Content (Inputs, Outputs, Rankings):
    • Inputs: Questions or other prompts you submit to the Service to be processed by Large Language Models (LLMs).
    • Outputs: Answers generated by the responding LLMs based on your Inputs.
    • Rankings: Evaluations of Outputs generated by ranking LLMs.

    You are responsible for the content of your Inputs. We strongly advise you not to include sensitive personal data (e.g., health information, financial details, government identifiers unless strictly necessary for the query and you understand the implications of sharing it with LLMs) in your Inputs.

  • Usage Data: Information about how you use the Service, such as the LLMs you select, features used, queries made, time spent on the Service, IP address, browser type, operating system, device information, and referring URLs.
  • Communications: If you contact us for support or other inquiries (e.g., via email to info@ezecute.com), we will collect your name, email address, and the content of your communication.
  • Cookies and Similar Technologies: We may use cookies and similar tracking technologies to collect information about your interaction with our Site and Service. For more details, please see our [Link to Cookie Policy - Note: A separate Cookie Policy is highly recommended].

5. How We Use Your Personal Data (Purposes and Legal Basis)

We use your personal data for the following purposes, based on the specified legal grounds:

Purpose Categories of Data Used Legal Basis under GDPR
To provide and operate the Service (e.g., account creation, processing Inputs/Outputs/Rankings) Account Information, User Content, Usage Data Art. 6(1)(b) GDPR: Performance of a contract (our Terms of Service).
To process payments for Credits and comply with tax obligations Account Information, Billing Address Information, Payment Information (via Stripe) Art. 6(1)(b) GDPR: Performance of a contract. Art. 6(1)(c) GDPR: Compliance with a legal obligation (tax laws).
To manage your account and provide customer support Account Information, Communications, Usage Data Art. 6(1)(b) GDPR: Performance of a contract. Art. 6(1)(f) GDPR: Our legitimate interest in providing effective support and managing user relationships.
To improve and personalize the Service Usage Data, User Content (aggregated/anonymized where possible) Art. 6(1)(f) GDPR: Our legitimate interest in improving our Service and user experience.
To communicate with you about the Service (e.g., updates, security alerts) Account Information, Communications Art. 6(1)(b) GDPR: Performance of a contract. Art. 6(1)(f) GDPR: Our legitimate interest in keeping you informed about important Service-related matters.
For security and fraud prevention Account Information, Usage Data, Payment Information Art. 6(1)(f) GDPR: Our legitimate interest in protecting our Service, users, and business. Art. 6(1)(c) GDPR: Compliance with legal obligations where applicable.
For analytics and understanding service usage (e.g., to identify trends) Usage Data (often aggregated/anonymized) Art. 6(1)(f) GDPR: Our legitimate interest in understanding how our Service is used to make business decisions.
To comply with legal obligations Relevant data categories as required by law Art. 6(1)(c) GDPR: Compliance with a legal obligation to which we are subject.
For marketing communications (e.g., newsletters, special offers) [If applicable] Account Information (e.g., email) Art. 6(1)(a) GDPR: Your explicit consent. You can withdraw consent at any time.

6. Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients:

  • LLM Providers: To provide the core functionality of the Service, your Inputs are shared with the responding LLMs you select, and Inputs/Outputs are shared with the ranking LLMs you select. These LLM providers process the data according to their own terms and privacy policies. We do not control how these LLM providers use your Inputs/Outputs once shared with them. A list of LLM providers and links to their terms/privacy policies is available at https://www.botscanner.ai/models. We do not share other personal data (like your account information) with LLM providers.
  • Payment Processors: We share necessary information with Stripe (our current payment processor) to process your payments and comply with tax regulations. This information includes your account details (such as email and name), **your full billing address**, and transaction details. Stripe handles your payment card information directly. For more information, please review Stripe's Privacy Policy.
  • Service Providers: We may use third-party service providers for hosting, data storage, analytics, customer support tools, email delivery, and other operational services. These providers are contractually bound to protect your data and only process it based on our instructions.
  • Legal Authorities: We may disclose your personal data if required by law, regulation, legal process (e.g., a court order or subpoena), or governmental request, or to protect the rights, property, or safety of eZecute S.R.L., our users, or others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, spinoff, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, where applicable.

eZecute S.R.L. does not sell your personal data. We do not use the Inputs you provide or the Outputs you receive via the Service to train our own models or the models of third parties, beyond what is inherently done by the LLM providers you select when processing your queries according to their own terms.

7. International Data Transfers

Some of the LLM providers and other service providers we use may be located outside the European Economic Area (EEA). When we transfer your personal data (including Inputs and Outputs sent to LLMs) outside the EEA, we will ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements. These safeguards may include:

  • Transferring data to countries deemed to have an adequate level of data protection by the European Commission.
  • Using Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Other legal mechanisms permitted by GDPR.

You can request more information about the safeguards we use for international transfers by contacting us at Contact Page. Please be aware that when your data is processed by LLM providers outside the EEA, it will be subject to the laws of those countries, which may differ from EU data protection laws.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • Account Information: Retained as long as your account is active and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • User Content (Inputs, Outputs, Rankings): Retained to allow you to access your history for as long as your account is active.
  • Usage Data: May be retained for analytical purposes for 24 months and then anonymized or deleted.
  • Communications: Retained as long as necessary to address your inquiry and for record-keeping.

Upon expiry of the applicable retention period, your personal data will be securely deleted or anonymized.

9. Your Data Protection Rights

Under GDPR and Italian privacy law, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): To request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16 GDPR): To request correction of inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): To request deletion of your personal data under certain conditions (e.g., if it's no longer necessary for the purposes collected, or you withdraw consent).
  • Right to Restriction of Processing (Art. 18 GDPR): To request that we limit the processing of your personal data under certain circumstances.
  • Right to Data Portability (Art. 20 GDPR): To receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or a contract and carried out by automated means.
  • Right to Object (Art. 21 GDPR): To object to the processing of your personal data when it's based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right Not to Be Subject to Automated Decision-Making: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except under certain conditions.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The Italian Supervisory Authority is: Garante per la Protezione dei Dati Personali, Piazza Venezia, 11-00187 Roma, Italy Website: https://www.garanteprivacy.it

To exercise any of these rights, please contact us at Contact Page. We may need to request specific information from you to help us confirm your identity.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption where appropriate, access controls, secure servers, staff training. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

11. Cookie Policy

11.1 What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies help us to, for example, remember your preferences, understand how you use our Service, and improve your user experience.

11.2 How We Use Cookies

We use cookies for several purposes. Some cookies are required for technical reasons for our Service to operate, and we refer to these as "strictly necessary" or "essential" cookies. Other cookies enable us to track and target the interests of our users to enhance the experience on our Service, such as analytics cookies. We also use third-party services that may set cookies.

The specific types of first-party and third-party cookies served through our Service and the purposes they perform are described below:

11.3 Strictly Necessary Cookies

These cookies are essential for you to browse the Service and use its features, such as accessing secure areas of the site (like your user account and our administrative sections). Without these cookies, services you have asked for, like user login and payment processing, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

  • session: This is our primary session cookie. It allows us to maintain your logged-in state, manage your current session, and helps with security features like Cross-Site Request Forgery (CSRF) protection. This cookie is set by www.botscanner.ai and is essential for using registered user features.
  • AWSALBAuth Nonce, AWSALBAuthSessionCookie-*: These cookies are used by our Application Load Balancer in conjunction with AWS Cognito to manage secure authentication sessions for our administrative interface. They are essential for the security and proper functioning of our admin panel.

Because these cookies are strictly necessary to deliver the Service to you, you cannot refuse them if you wish to use those parts of the Service.

11.4 Analytics Cookies

These cookies collect information about how you use our Service, for instance, which pages you go to most often, and if you get error messages from web pages. These cookies don't collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our Service works. We will only set these cookies if you give us your consent.

  • Google Analytics (_ga, _gid, and related cookies): We use Google Analytics to understand how visitors engage with our site. Google Analytics collects information anonymously and reports website trends without identifying individual visitors. This helps us improve our website and the services we offer. These cookies are set by www.botscanner.ai (when you consent) on behalf of Google. You can learn more about Google Analytics cookies here and how to opt-out of Google Analytics here.

11.5 Third-Party Cookies (e.g., for Payment Processing)

When you use certain features of our Service, such as making a payment for credits, you may be redirected to or interact with services provided by third parties, like Stripe. These third parties may set their own cookies on your device.

  • Stripe Cookies: When you make a purchase on Bot Scanner, our payment processor, Stripe, may place cookies on your device. These cookies are used by Stripe for purposes such as payment processing, fraud prevention, security, and their own analytics or user experience enhancements on their platform. We do not control the placement of these cookies. We recommend you review Stripe's Cookie Policy for more information. You can typically find this on their website. [Optional: Insert a direct link to Stripe's Cookie Policy if you have it, e.g., Stripe's Cookie Policy]

Please note that this policy does not cover the cookies used by these third parties. We encourage you to check the privacy and cookie policies of these third-party services to understand their practices.

11.6 Managing Your Cookie Preferences

When you first visit our Service, you will be presented with a cookie consent banner that allows you to accept all cookies or customize your preferences. You can change your cookie preferences at any time (except for strictly necessary cookies).

If you wish to review or change your cookie settings, please click the link below:

Manage Cookie Settings

(If the above link doesn't work directly, you might need to use an onclick event if your specific Cookie Consent setup requires it, like: <a href="#" onclick="CookieConsent.showSettings(0); return false;">Manage Cookie Settings</a>)

Most web browsers also allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Please note that if you choose to block or delete cookies, some aspects of our Service may not function properly.

11.7 Changes to This Cookie Policy

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

The date at the top of this Cookie Policy indicates when it was last updated.

12 Children's Privacy

Our Service is not intended for children under the age of 14 (or a higher age threshold as may be applicable in certain jurisdictions for consent to process personal data). We do not knowingly collect personal data from children under this age. If you believe we have collected personal data from a child without parental consent, please contact us at info@ezecute.com, and we will take steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, or legal requirements. We will post any changes on this page and update the "Last Updated" date at the top. If we make material changes, we will provide you with more prominent notice (e.g., by email or a notice on our Site) prior to the change becoming effective. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

eZecute S.R.L.

Via Ludovico di Savoia, 2b

00185 Rome, Italy

Email: Contact Page.