Privacy Policy
ExecBot is a private AI chief-of-staff service operated by POWER OF 28 LLC ("ExecBot", "we", "us"). This policy explains what information we handle when you use ExecBot at execbot.io and its associated applications, and the choices you have. ExecBot is an invitation-only service for business use.
1. Information we collect
- Account information. When you sign in with Google we receive your name, email address, and profile picture to create and secure your account.
- Content you provide. Messages you send to Atlas and your specialists, documents and images you attach, conversation history you choose to import, and configuration you create (specialists, projects, automations, briefing schedules).
- Google user data (optional). If you connect Gmail, we access Gmail messages solely to power the features you configure — reading messages that match your automation rules and sending messages you explicitly approve. OAuth tokens are stored encrypted (AES-256-GCM) and can be revoked by you at any time in Settings or in your Google Account.
- Your API keys. ExecBot is bring-your-own-key. Provider API keys you add are encrypted at rest (AES-256-GCM) and used only to make requests on your behalf.
- Usage and cost metadata. Token counts, per-call cost estimates, feature usage, and technical logs used for your spend dashboard, your daily cap, and service reliability.
2. How we use information
We use your information only to provide and improve the service you configure: running your specialists and automations, building your briefings and memory, showing you your own usage and costs, securing accounts, and providing support. We do not sell your data. We do not use your content to train AI models — your content is processed by the model provider under your own key and your own provider agreement.
3. Google API Services — Limited Use
4. Storage and security
Your data is stored with tenant-level isolation enforced at the database layer (PostgreSQL row-level security), encrypted in transit (TLS) and at rest. Secrets — OAuth tokens and API keys — are additionally encrypted with AES-256-GCM. Attachments are stored in Cloudflare R2 object storage scoped to your tenant.
5. Subprocessors
We rely on a small set of infrastructure providers to run the service: Railway (application and database hosting), Cloudflare (storage and networking), Google (sign-in and, if connected, Gmail), Anthropic (model inference under your own API key and agreement), ElevenLabs (voice, on voice-enabled plans), Voyage AI (embeddings for your memory), and Stripe (payments). Each receives only what is necessary for its function.
6. Retention and deletion
Your content is retained while your membership is active so that memory — a core feature — works. You can delete conversations, memories, attachments, and connected credentials in the product. On request we will export your data and/or delete your tenant in full; write to access@execbot.io and we will complete deletion within 30 days, subject to legal retention obligations. Revoking Gmail access immediately stops all Gmail processing.
7. Your rights
Depending on your jurisdiction you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Contact us at access@execbot.io to exercise them.
8. Changes
We will post any material changes to this policy on this page and update the date above. Continued use of the service after changes take effect constitutes acceptance.
9. Contact
POWER OF 28 LLC · access@execbot.io