Last updated: 18 May 2026
This Privacy Notice describes the data BotConduct collects through its receiver-side instrumentation and through correspondence with the Desk.
The receiver-side sensor deployed on engagement clients’ properties captures only signals of automated traffic:
The sensor does not capture form contents, account identifiers, session cookies, end-user identifiers, or any data attributable to natural persons interacting with the property. The data captured is metadata of automated activity, not personal data under GDPR Art. 4 or equivalent frameworks.
Behavioral observations collected through the instrumentation are stored in the Observatory archive and form the basis for findings, bulletins, and cross-property correlation. The archive is the property of BotConduct and is retained indefinitely as part of the Observatory’s institutional knowledge.
Observatory data is processed on infrastructure located in Finland (European Union). Storage and processing occur within the EU/EEA unless an engagement letter establishes a different arrangement for a specific client.
Where individuals correspond with the Desk — request for quote, counsel referral, press inquiry — BotConduct processes name, work email, role, and the content of the correspondence. This data is retained for the duration of the engagement plus seven (7) years for regulatory and audit purposes.
Where applicable under GDPR, the Argentina Personal Data Protection Law (Ley 25.326), or other framework, individuals have the right to access, rectify, delete, or restrict processing of their personal data. Requests are addressed to hello@botconduct.org.
Enterprise engagements may include custom data-handling arrangements documented in the engagement letter.
Material changes to this Privacy Notice are communicated to active clients at least thirty days in advance.
