Privacy Policy

Last updated: January 16, 2026

1. Introduction

Libre Bot ("we," "our," or "us") is operated by Kroonen AI, a Delaware-based company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI documentation assistant service at librebot.io (the "Service").

We are committed to protecting your privacy and ensuring transparency about our data practices. Please read this policy carefully. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address - Required for account creation and communication
  • Name - Optional, used for personalization
  • Password - Stored securely using PBKDF2-SHA256 with 100,000 iterations

2.2 Subscription and Billing Information

When you subscribe to a paid plan, we collect:

  • Payment information - Processed securely by Stripe; we do not store your credit card details
  • Billing address - Required for payment processing
  • Subscription status - Plan type, billing period, and usage limits

2.3 Site and Documentation Data

When you use our Service, we collect:

  • Site configuration - Domain, name, widget settings, and system prompts
  • Documents - Files you upload for AI processing (PDF, Markdown, text files)
  • Document embeddings - Vector representations of your content for search functionality

2.4 Usage and Analytics Data

We automatically collect:

  • Chat interactions - Questions asked and responses provided through your widget
  • Usage metrics - Request counts, token usage, and response times
  • Session information - Session IDs, IP addresses, and user agents for analytics

2.5 Technical Information

We collect standard technical data:

  • Browser type and version
  • Device information
  • IP address
  • Access timestamps

3. How We Use Your Information

We use the collected information to:

  • Provide the Service - Process your documents, generate AI responses, and deliver the chat widget
  • Manage your account - Handle authentication, subscriptions, and billing
  • Improve our Service - Analyze usage patterns to enhance performance and features
  • Communicate with you - Send service updates, security alerts, and support responses
  • Ensure security - Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations - Meet regulatory requirements and respond to legal requests

4. Data Storage and Security

4.1 Infrastructure

Your data is stored using Cloudflare's global infrastructure:

  • Database - Cloudflare D1 (distributed SQLite)
  • Vector storage - Cloudflare Vectorize for document embeddings
  • File storage - Temporary processing only; files are converted to embeddings

4.2 Security Measures

We implement industry-standard security practices:

  • Passwords hashed with PBKDF2-SHA256 (100,000 iterations)
  • JWT tokens for session management with automatic expiration
  • HTTPS encryption for all data in transit
  • API key authentication with secure hashing
  • Rate limiting to prevent abuse
  • Regular security audits and monitoring

4.3 Data Retention

We retain your data as follows:

  • Account data - Until you delete your account
  • Documents and embeddings - Until you delete them or your account
  • Chat history - Retained for analytics; can be deleted upon request
  • Usage logs - Aggregated data retained for service improvement

5. Third-Party Services

We use trusted third-party services to operate our platform:

5.1 Cloudflare

Infrastructure provider for hosting, database, AI processing, and content delivery. Cloudflare Privacy Policy

5.2 Stripe

Payment processor for subscription billing. We do not store your payment card details. Stripe Privacy Policy

5.3 SendGrid

Email service provider for transactional emails (verification, password reset). SendGrid Privacy Policy

5.4 Sentry

Error tracking and monitoring service for improving reliability. Sentry Privacy Policy

5.5 Mistral AI (EU AI Provider)

AI model provider for EU/EEA visitors. Mistral AI is headquartered in Paris, France, and processes all data within the EU. Mistral AI Privacy Policy

5.6 Anthropic (Global AI Provider)

AI model provider for non-EU visitors. Anthropic is headquartered in San Francisco, USA. Anthropic Privacy Policy

6. AI Processing and Regional Routing

Our Service uses AI to process your documentation and respond to queries. To ensure compliance with regional data protection regulations, we implement geographic-based AI provider routing:

6.1 EU/EEA Visitors (GDPR Compliance)

When visitors access the chat widget from the European Union, European Economic Area, or the United Kingdom, their queries are processed by:

  • AI Provider - Mistral AI (Paris, France)
  • Data Center Location - Paris, France (EU)
  • Data Residency - All AI processing occurs exclusively within the EU
  • No Cross-Border Transfers - Chat data is not transferred outside the EEA for AI processing

6.2 Non-EU Visitors

Visitors from outside the EU/EEA have their queries processed by:

  • AI Provider - Anthropic (Claude models)
  • Data Center Location - United States

6.3 How We Detect Your Location

We determine your geographic location using:

  • IP Geolocation - Cloudflare's CF-IPCountry header identifies your country based on your IP address
  • No Tracking - This detection is performed in real-time and is not stored for tracking purposes
  • Automatic Routing - The routing happens automatically; you don't need to take any action

6.4 EU Countries Covered

The following countries are routed through our EU infrastructure (Mistral AI):

  • EU Member States - Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden
  • EEA Countries - Iceland, Liechtenstein, Norway
  • United Kingdom - Treated as EU for GDPR compliance purposes

6.5 General AI Processing Principles

  • Document Processing - Your documents are converted to vector embeddings for semantic search
  • No Training - Your data is not used to train any AI models
  • Context Isolation - Each site's data is isolated and not shared across accounts
  • Encryption - All data in transit is encrypted using TLS/HTTPS

7. Your Rights

You have the following rights regarding your data:

  • Access - Request a copy of your personal data
  • Correction - Update inaccurate or incomplete data
  • Deletion - Delete your account and associated data
  • Export - Download your data in a portable format
  • Objection - Object to certain processing activities

To exercise these rights, contact us at [email protected].

8. GDPR Compliance (EU Users)

For users in the European Economic Area, we are committed to full GDPR compliance:

8.1 Legal Basis for Processing

  • Contract Performance - Processing necessary to provide the Service you subscribed to
  • Legitimate Interests - Analytics, security, and service improvement
  • Consent - Optional cookies and marketing communications (where applicable)

8.2 Data Residency for EU Users

We have implemented technical measures to ensure EU data residency for AI processing:

  • AI Processing - All chat queries from EU/EEA visitors are processed by Mistral AI in Paris, France
  • No US AI Transfers - EU visitor chat data is never sent to US-based AI providers (Anthropic) for processing
  • Automatic Detection - Your location is detected via IP geolocation to ensure proper routing

8.3 Infrastructure Data

Some non-AI data may be processed by our global infrastructure providers:

  • Cloudflare - CDN and hosting services with EU data centers
  • Database - Cloudflare D1 (distributed globally, with appropriate data protection measures)

For these services, we rely on Cloudflare's Data Processing Agreement and Standard Contractual Clauses for any international transfers.

8.4 Your GDPR Rights

  • You may lodge a complaint with your local supervisory authority
  • You have the right to data portability
  • You may request restriction of processing
  • You have the right to object to processing based on legitimate interests

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies - Required for authentication and session management
  • Analytics - Cloudflare Web Analytics for understanding usage patterns

We do not use third-party advertising cookies or tracking pixels.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Terms of Service Back to Home