How Botora handles your data
Botora connects to your Gmail and Calendar to act as your personal AI agent. Because you're giving us access to sensitive communications, we want to be completely clear about what we do with that access — and what we will never do.
How your data is used
When you connect your Gmail account, Botora reads your sent and received email to learn how you write. We generate numerical embeddings — mathematical representations of meaning — from your emails and store them in a secure, encrypted database. These embeddings are used to draft replies in your voice.
Email content is processed by Anthropic's Claude AI. Anthropic's API processes your text to produce the reply drafts you see in the dashboard. Anthropic's data handling is governed by their privacy policy.
Specifically, Botora uses your data to:
- Learn your writing style and tone so replies sound like you
- Draft email replies for your review and approval before anything is sent
- Identify meeting requests and propose calendar times
- Score incoming emails by relevance to your stated priorities
Nothing is sent on your behalf without your explicit approval on each individual message. Every draft sits in your dashboard until you click Approve.
What we never do
- Sell, license, or share your email data with any third party for any purpose
- Use your emails to train AI models for other users
- Send email on your behalf without your explicit approval on every message
- Store your complete email archive — only excerpts and numerical embeddings are retained
- Access your account for any purpose other than the service you signed up for
- Use behavioral advertising, tracking pixels, or build advertising profiles
- Retain data after you request deletion
- Share data with data brokers or analytics platforms
Legal obligations
As a US-based service, Botora is subject to certain mandatory legal obligations. We comply with these fully, and we are transparent about what they are.
CSAM Mandatory Reporting
Federal law requires online services that become aware of apparent child sexual exploitation material (CSAM) to report it to the National Center for Missing and Exploited Children (NCMEC). This is a non-discretionary legal obligation under 18 U.S.C. § 2258A.
If Botora's content safety systems detect apparent CSAM in email content processed through our service, we are required by law to report it to NCMEC. Such a report may include relevant account information as required by the statute. We have implemented automated content screening for this purpose.
Governing law: 18 U.S.C. § 2258A (CyberTipline reporting requirements)
Legal Process Compliance
Botora will comply with valid legal process issued by courts or government agencies with proper jurisdiction — including subpoenas, court orders, search warrants, and national security letters. We will provide only the specific information required by the legal instrument and nothing beyond it.
Where we are legally permitted to do so, we will notify affected users before complying with legal process. We will challenge requests that we believe are overbroad, legally deficient, or otherwise improper.
We do not have the ability to comply with requests for encryption keys or passwords, as we do not store them.
Transparency: we will publish aggregate statistics on legal requests received annually, to the extent permitted by law.
Questions about this policy? Contact us at legal@botora.com. Last updated May 2026.