Privacy Policy

Last updated: March 19, 2026

1. Introduction

Konbini ("we", "our", or "the Service") is operated by BuildABot. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform to create and manage AI-powered agents.

2. Information We Collect

Account Information (Google Sign-In)

When you sign in with Google, we receive your name, email address, and profile picture. We store a user record containing your Google subject identifier to authenticate your account. We do not store your Google password.

Wallet Information

Cryptocurrency wallets are managed by third-party custodians. We integrate with:

  • Privy — Embedded wallet custody using Trusted Execution Environments (TEE). We store only your Privy wallet ID and public address. We never store, access, or control private keys.
  • Tempo (MPP) — Managed payment portfolio for fiat and stablecoin transactions. We store your Tempo account reference and linked address. No private keys are held by us.

Bot Interaction Data

Messages you send to your agent are processed to generate responses. Conversation history may be retained in your agent's memory to improve context across sessions. This data is scoped to your account and is not shared with other users.

Push Notifications

If you enable push notifications (via the iOS app), we store a notification token tied to your account. This token is used solely to deliver alerts about your agent's activity — such as completed tasks, trade confirmations, and security events. You can revoke notification access at any time in Settings.

Payment Information

Subscription billing is handled by Stripe. We store your Stripe customer ID and subscription ID but never store credit card numbers or payment method details directly.

Usage and Log Data

We collect server logs, error reports, and performance metrics to operate and improve the Service. Sensitive values (keys, tokens, wallet addresses) are redacted before being written to logs.

3. Google API Services

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes We Request

  • Gmail (modify) — Your agent reads and sends emails on your behalf when you instruct it to.
  • Google Calendar — Your agent reads and creates calendar events when you instruct it to.
  • Google Drive — Your agent reads and organizes files when you instruct it to.
  • Google Sheets — Your agent reads and updates spreadsheets when you instruct it to.
  • Google Docs — Your agent reads and edits documents when you instruct it to.

Limited Use Disclosure

Data obtained through Google Workspace APIs is used solely to provide agent functionality you explicitly request. We do not use this data for advertising, do not sell it to third parties, and do not use it to train AI models. Access is limited to what is necessary to fulfill your agent's instructions.

4. AI Model Processing (Anthropic)

Your agent is powered by Claude, an AI model developed by Anthropic. When your agent processes a message, the conversation content is sent to Anthropic's API to generate a response. Anthropic's data handling is governed by their Privacy Policy. We do not use your conversations to fine-tune or train models without your explicit consent.

5. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate your identity and manage your account
  • To execute agent actions you request (sending emails, creating events, making trades)
  • To process payments and manage subscriptions
  • To send push notifications about your agent's activity
  • To detect and prevent fraud, abuse, and security incidents
  • To communicate with you about your account and the Service

6. Data Security

We implement industry-standard security measures including:

  • Encryption at rest for all stored credentials (AWS Secrets Manager, SSM SecureString)
  • Encryption in transit (TLS/HTTPS for all connections)
  • Per-user isolation — each workspace runs in its own container with dedicated resources
  • Need-to-know access — components only receive the credentials they require
  • Audit logging for all financial operations and security-sensitive actions
  • Sensitive data redaction in application logs

7. Data Retention and Deletion

When you delete your account, we delete your user record, all agent configurations, stored integration credentials, and associated secrets. Wallet assets are swept to your recovery address before deletion. Stripe subscription data is retained as required for financial record-keeping.

8. Third-Party Services

We use the following third-party services to operate the platform:

  • Amazon Web Services (AWS) — Infrastructure, compute, storage, and secrets management
  • Stripe — Payment processing and subscription management
  • Anthropic — AI model provider for agent intelligence
  • Privy — Embedded wallet custody (TEE-secured)
  • Tempo (MPP) — Managed payment portfolio and stablecoin transactions

Each third-party service has its own privacy policy governing their handling of data.

9. Your Rights

You may at any time:

  • Disconnect any integration (revoking our access to that service)
  • Delete your account and all associated data
  • Opt out of push notifications in Settings
  • Export your agent configurations
  • Contact us with questions about your data

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact

If you have questions about this Privacy Policy, contact us at privacy@getkonbini.ai.