Security & Data Privacy — How Botaura Protects Your Data

Security & Data Privacy — How Botaura Protects Your Data

When you train a bot on your business content and connect it to your customers, you're trusting Botaura with real data. This page explains, in plain terms, how that data is protected and who can see it.

---

Your Secrets Are Encrypted

If you bring your own AI provider key (see Custom LLM Settings), that key is AES-256 encrypted before it's stored in our database. We never store it in plain text. It's only decrypted in memory at the moment a response is generated, then discarded. If our database were ever exposed, your raw keys would not be readable.

---

The Website Widget Is Locked Down

The chat widget on your site is protected by several layers:

• Signed access tokens — each widget session uses a short-lived, signed token (it expires after about an hour and refreshes seamlessly). Visitors can't forge requests on your behalf.
• Domain whitelist — you can restrict the widget to run only on domains you list in Dashboard → Widget Embed. Add your real domains to stop anyone embedding your bot elsewhere.
• Rate limiting — chat and error reporting are rate-limited per session and per business to block abuse and runaway costs.

---

WhatsApp: No Passwords Stored

Botaura connects to WhatsApp as an official Meta Tech Provider. Your messages are sent using a platform-level system credential plus your number's ID — Botaura never stores a WhatsApp access token or password for your account. Routing of incoming messages is keyed to your registered phone number ID, so messages always reach the right business.

---

Who Can See Your Conversations

Your knowledge base, leads, customers, and conversations belong to your business and are isolated per account. Inside your team, your conversations are visible in the dashboard (for example Dashboard → Conversations and Dashboard → Leads) to people you give dashboard access to. Botaura's own systems use this data only to operate your bot — generate answers, capture leads, process orders, and show you analytics.

---

Billing Stays on Your Side

WhatsApp message charges are billed by Meta directly to your own Meta Business Account — Botaura never marks up or re-bills WhatsApp usage. The cost figures in your dashboard are estimates based on Meta's published rates; your Meta account is always the source of truth. This keeps your payment relationship with Meta separate from your Botaura subscription. See Plans & Pricing.

---

Accuracy & "No Made-Up Answers"

Botaura answers from your content using retrieval-augmented generation. When it isn't confident, it says so and offers to connect the customer with your team rather than inventing an answer. Lead capture only fires on confident, on-topic replies — never on a fallback "I don't know" — so you don't collect junk contacts. More on this in How Botaura Works, End-to-End.

---

Deleting Your Data

You control your content. You can remove knowledge base items, products, and leads from the dashboard at any time, and removing a custom AI key deletes the stored (encrypted) key immediately. If you need a full account and data deletion, contact support and we'll process it.