Privacy Policy

CoreBots is built as a self-hosted platform that runs entirely within your enterprise infrastructure. This architecture ensures that your data remains under your control at all times.

Because CoreBots runs within your infrastructure, the information we collect directly is limited to:

• Account & Licensing Information: Name, email, company details, and license keys required to activate and manage your subscription
• Support Communications: Information you share with us when contacting our support or professional services team
• Website & Marketing Data: When you visit corebots.ai or submit a demo request, we collect standard website analytics and form submissions (name, email, company, phone, message)
• Anonymized Telemetry (optional): If you opt in, aggregated and anonymized usage metrics (e.g., agent count, feature adoption) to help us improve the platform. This can be fully disabled.

What we do NOT collect: We do not collect, access, or store any of your enterprise data, agent conversations, training documents, knowledge bases, model outputs, or user interaction logs. All of this remains exclusively within your infrastructure.

When you deploy CoreBots within your enterprise, the following data is processed locally on your systems:

• Documents, PDFs, and knowledge bases used to train AI agents
• User queries and agent responses
• Workflow configurations, approval chains, and escalation rules
• Audit logs, agent performance metrics, and observability data
• SSO tokens, RBAC configurations, and access control policies
• Connections to your enterprise systems (CRM, ITSM, ERP, databases, etc.)

Your organization is the data controller for all data processed within your CoreBots deployment. You are responsible for ensuring that your use of the platform complies with applicable data protection regulations (e.g., GDPR, HIPAA, SOC 2, CCPA) within your jurisdiction.

CoreBots supports a Bring Your Own Model (BYOM) architecture. When you connect external LLM providers (e.g., OpenAI, Anthropic, Mistral, or others), data sent to those models is governed by your agreement with that provider. CoreBots does not intermediate, log, or store data sent to third-party models.

You may also use locally hosted or private models (e.g., Llama, fine-tuned models) that run entirely within your infrastructure, in which case no data leaves your network.

The limited information we collect directly (account, support, and website data) is used to:

• Manage your license, subscription, and account
• Provide technical support and professional services
• Deliver platform updates, security patches, and release notes
• Respond to demo requests and sales inquiries
• Improve the CoreBots platform based on opt-in anonymized telemetry

CoreBots is designed with enterprise security as a core principle:

• Sandboxed Execution: Every AI agent runs in an isolated, sandboxed environment with defined boundaries
• Encryption: Data at rest and in transit is encrypted using industry-standard protocols
• Access Control: Enterprise SSO (SAML/OIDC), role-based access control, and team-level permissions
• Audit Logging: Complete audit trails for every agent action, data access, and configuration change
• Policy Engine: Runtime guardrails enforce content filtering, approval gates, and escalation rules

Since the platform runs within your infrastructure, your organization's existing network security, firewalls, and access policies also apply to the CoreBots deployment.