CoquiCoqui
Sign In

Privacy Policy

Last Updated: March 9, 2026

Coqui Bot ("Coqui," "we," "us," or "our") operates the managed AI agent hosting platform at coquibot.ai from Newburgh, New York. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to that data.

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information (via GitHub OAuth)

We authenticate users exclusively through GitHub OAuth. When you sign in, we receive and store:

  • Your GitHub display name
  • Your primary GitHub email address
  • Your GitHub username (handle)
  • Your GitHub profile avatar URL
  • Your GitHub user ID (to uniquely identify your account)

We do not receive access to your GitHub repositories, code, private activity, or any data beyond what is described above.

1.2 Billing and Payment Information

Billing is handled exclusively by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We retain the following Stripe-provided identifiers:

  • Stripe Customer ID
  • Stripe Subscription ID and status
  • Subscription plan and billing period dates
  • Payment event history (for deduplication and audit purposes)

1.3 Instance and Usage Data

When you deploy and operate a Coqui agent instance, we collect:

  • Instance configuration (region, plan type, creation date)
  • Assigned hostname and IP address
  • Instance status and lifecycle events (created, started, stopped, deleted)
  • Resource metrics (CPU, memory, disk, and network utilization)
  • Historical metrics for up to 30 days for display in your dashboard

We do not monitor, log, or store the content of conversations, tool calls, or any inputs/outputs processed by your AI agent. Your API keys for third-party AI providers (e.g., OpenAI, Anthropic) are stored on your instance VM and are never transmitted to or accessible by our platform code.

1.4 Log Data

When you interact with our website and API, our systems may automatically record standard server logs including:

  • IP address and general geographic region
  • Browser type and user agent string
  • Requested URLs and HTTP status codes
  • Timestamps of requests

Logs are retained for up to 90 days and are used solely for security, debugging, and abuse prevention.

1.5 Communications

If you contact us via our contact form or by email, we retain your name, email address, and message content to respond to your inquiry. We do not add you to marketing lists without explicit consent.

1.6 Analytics

We use Umami, a privacy-friendly analytics tool, to understand how visitors interact with our website. Umami does not use cookies and does not collect personally identifiable information. Analytics data is aggregated and cannot be used to identify individual users.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your sessions
  • Provision, operate, and manage your VM instances on your behalf
  • Process subscription payments and send billing-related notifications
  • Send transactional emails (account creation, subscription confirmation, payment failures, instance provisioning)
  • Display usage metrics and instance status in your dashboard
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with applicable legal obligations
  • Improve the reliability, performance, and features of our Service

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Data Sharing and Third-Party Services

We share your data only to the extent necessary to provide the Service. The following third-party processors may process your data:

Stripe — Payment Processing

Handles all payment card data and subscription management. Subject to Stripe's Privacy Policy.

Vultr — Cloud Infrastructure

Your VM instances are hosted on Vultr's infrastructure. Vultr may store instance data on servers in your selected region. Subject to Vultr's Privacy Policy.

GitHub — Authentication

We use GitHub OAuth for authentication. Subject to GitHub's Privacy Statement.

Resend — Transactional Email

We send transactional emails (account, billing, and instance notifications) via Resend. Your email address is transmitted to Resend solely for delivery purposes. Subject to Resend's Privacy Policy.

Cloudflare — DNS and Network

We use Cloudflare to manage DNS records for your instance subdomains. Subject to Cloudflare's Privacy Policy.

Umami — Analytics

Cookie-free, privacy-respecting analytics. No personal data is collected by Umami. Subject to Umami's Privacy Policy.

4. Data Storage and Security

Your account data is stored in a PostgreSQL database hosted in the United States. We implement industry-standard security measures including encrypted connections (TLS), hashed session tokens, and access controls to protect your information.

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4.1 Data Retention

  • Active account data is retained for the duration of your subscription.
  • Upon account or subscription termination, your instance data is deleted within 30 days, and your account data within 90 days.
  • Anonymized or aggregated analytics data may be retained indefinitely.
  • Billing records may be retained for up to 7 years for tax and accounting purposes.
  • Server logs are retained for up to 90 days.

5. Cookies and Tracking

We use a minimal number of cookies necessary to operate the Service:

  • Session cookie: A secure, HttpOnly session cookie is set when you sign in to maintain your authenticated session. This cookie is required for the Service to function and is deleted when you sign out or your session expires.

We do not use advertising cookies, cross-site tracking cookies, or third-party marketing cookies. Our analytics provider (Umami) does not use cookies.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request correction of inaccurate or incomplete data.
  • Deletion: You may request deletion of your account and associated personal data. Note that billing records required for legal compliance may be retained.
  • Portability: You may request an export of your data in a machine-readable format.
  • Objection: You may object to certain processing of your data where we rely on legitimate interests.

To exercise any of these rights, please contact us at support@coquibot.ai. We will respond within 30 days.

7. Children's Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us and we will promptly delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our website. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

9. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Coqui Bot

Newburgh, New York, United States

Email: support@coquibot.ai

Contact form: coquibot.ai/contact