Privacy Policy

1. Introduction

Homar, operated by Homar.io ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Homar platform and related services (collectively, "the Service"). By using the Service, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide

• Account information — email address, display name, and profile details when you register, either directly or through an OAuth provider (Google, GitHub).
• Bot credentials — your Telegram or WhatsApp bot API token, provided when you create a deployment.
• Payment information — billing details (name, address, payment method) processed and stored by our payment processor, Stripe. We do not directly store your credit card number or bank details.
• Communications — any messages, feedback, or support requests you send to us.

2.2 Information Collected Automatically

• Messaging platform identity — your Telegram or WhatsApp user ID, collected when you pair your account with a deployed bot.
• Usage and log data — IP address, browser type, device information, pages visited, timestamps, and API request logs for debugging and service reliability.
• Session data — authentication tokens and session identifiers stored via cookies to keep you signed in.

2.3 Anonymous Users

If you use the Service without registering, we create a temporary anonymous account with a generated identifier. If you later register a full account, your anonymous data (deployments, channels, subscriptions) is transferred to your new account and the anonymous identity is removed.

3. How We Use Your Information

We use your information for the following purposes:

• Service delivery — to deploy, operate, and manage your AI chatbot on our cloud infrastructure.
• Authentication & security — to verify your identity, maintain session security, and protect against unauthorised access.
• Payment processing — to process subscription payments and manage billing through Stripe.
• Notifications — to send you service-related notifications (deployment status, account updates, security alerts) via email or Telegram.
• Support — to respond to your enquiries, troubleshoot issues, and provide customer support.
• Improvement — to analyse usage patterns (in aggregate) and improve the Service's performance, reliability, and features.
• Legal compliance — to comply with applicable laws, regulations, and legal processes.

We do not use your personal data for targeted advertising or profiling.

4. Third-Party Services

We share data with the following third parties as necessary to operate the Service:

• Stripe — payment processing and subscription management. Your billing details are handled in accordance with Stripe's Privacy Policy.
• Telegram / WhatsApp — your bot token is used to interact with the respective platform's Bot API on your behalf to deploy and operate your chatbot.
• Anthropic — if you use free AI credits or select an Anthropic-powered model, your bot's conversations are processed by the Anthropic API. See Anthropic's Privacy Policy.
• Cloud infrastructure providers — we use third-party hosting providers to run the cloud servers (nodes) that host your deployments. These providers may process server-level data in accordance with their own privacy policies.
• OAuth providers — if you sign in via Google or GitHub, we receive basic profile information (name, email) as part of the authentication flow.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

5. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

• Bot tokens are encrypted at rest using AES-256-GCM encryption.
• All data transmitted between your browser and our servers is protected using HTTPS/TLS encryption.
• Access to production systems is restricted to authorised personnel and subject to audit logging.
• Authentication sessions are secured with HTTP-only cookies and regular rotation.
• Database access is restricted and protected by network-level security controls.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you acknowledge that you provide your information at your own risk.

6. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service. Specifically:

• Account data — retained for the lifetime of your account. Deleted within 30 days of an account deletion request.
• Bot credentials — removed from our systems immediately when a deployment is destroyed or your account is deleted.
• Usage logs — retained for up to 90 days for debugging and operational purposes, then automatically purged.
• Payment records — retained as required by applicable tax and financial regulations (typically up to 7 years).

If you cancel your subscription and request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Data portability — request your data in a structured, machine-readable format.
• Restriction — request that we limit the processing of your data in certain circumstances.
• Objection — object to the processing of your data where we rely on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@homar.io. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Cookies & Tracking

We use cookies strictly for the following purposes:

• Session cookies — essential cookies required for authentication and maintaining your logged-in session. These expire when you sign out or after a period of inactivity.

We do not use advertising cookies, tracking pixels, analytics scripts, or any third-party tracking technologies. We do not participate in cross-site tracking or behavioural advertising.

9. International Data Transfers

Your data may be processed and stored on servers located in the European Union or other regions. If your data is transferred outside your country of residence, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws. By using the Service, you consent to the transfer of your information to these locations.

10. Children's Privacy

The Service is not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at info@homar.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or in-app notification. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at info@homar.io.