Effective Date: May 1, 2026
Bombyx Labs, a Nevada corporation (“Bombyx Labs,” “Bombyx,” “we,” “us,” or “our”), respects privacy and takes data protection seriously.
This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our websites, software, applications, AI assistants, embedded widgets, WordPress plugin, workshops, consulting services, implementation services, and related products and services.
This Privacy Policy applies to:
Bombyx public websites, including bombyxlabs.com.
The Bombyx Labs web application.
Bombyx Website Assistant, Bombyx Brain, embedded website assistants, lead assistants, JavaScript embeds, iframe widgets, and WordPress embeds.
The Bombyx Website Assistant WordPress plugin.
Workshops, audits, consulting, custom development, setup, training, support, and related professional services.
Emails, forms, applications, demos, customer support, billing, and other communications with Bombyx.
This Privacy Policy should be read together with our Terms of Service.
1. Who We Are
Bombyx Labs is a Nevada corporation.
Bombyx Labs
584 Pinto Ct
Incline Village, NV 89451
United States
Email: [email protected]
Website: https://bombyxlabs.com
2. How Bombyx Acts With Personal Information
Bombyx handles personal information in different roles depending on the situation.
For our public website, account signup, marketing, billing, workshops, customer support, and direct business operations, Bombyx is generally the business or controller responsible for deciding how personal information is used.
For customer-published assistants, embedded widgets, WordPress plugin installations, uploaded source material, lead capture, organization memory, and customer-configured workflows, Bombyx often processes personal information on behalf of the customer organization that configured the service. In those cases, the customer organization is usually responsible for its own visitors, leads, customers, employees, policies, notices, and legal basis for using Bombyx.
Bombyx may also process some information for our own limited business purposes, such as security, abuse prevention, billing, debugging, service reliability, product improvement, and legal compliance.
3. Personal Information We Collect
We collect personal information in the ways described below.
4. Information You Provide Directly
We collect information you provide when you:
Create an account.
Join or manage an organization.
Sign in with email, password, Google, or another supported sign-in provider.
Fill out a form.
Join a waitlist.
Apply for services.
Register for a workshop.
Contact us by email, form, phone, social media, or another channel.
Request support.
Buy a subscription or service.
Sign an order form, proposal, statement of work, or invoice.
Upload source material.
Configure an assistant.
Connect a website, WordPress plugin, Shopify store, email account, calendar, customer relationship management system, or other integration.
Submit feedback, corrections, approval notes, or testing messages.
This information may include:
Name.
Email address.
Phone number.
Business name.
Organization name.
Website address.
Billing contact information.
Account credentials.
Sign-in provider information.
Organization role.
Messages you send us.
Workshop registration details.
Service application details.
Support requests.
Project details.
Business goals.
Uploaded files.
Website URLs.
Documents.
Frequently asked questions.
Policies.
Service descriptions.
Business notes.
Assistant instructions.
Brand settings.
Lead capture settings.
Integration settings.
Feedback and review notes.
Any other information you choose to provide.
We do not intentionally collect payment card numbers directly. Payment information is handled by our payment processor, Stripe. We may store limited billing details such as payment status, subscription status, plan, invoice information, card brand, and last four digits.
5. Account and Organization Information
When you use the Bombyx application, we collect account and organization information, including:
User name.
Email address.
Password hash.
Authentication method.
Organization name.
Organization website.
Organization role.
Team members.
Invitations.
Access permissions.
Organization settings.
Assistant settings.
Brand colors.
Allowed domains.
Published status.
Billing status.
Trial status.
Plan and package details.
Usage limits.
Team member limits.
Account activity.
Administrative actions.
Security events.
Support history.
We use this information to create accounts, authenticate users, manage organizations, control access, provide services, bill customers, prevent abuse, and support the product.
6. Customer Content
“Customer Content” means information submitted to, uploaded to, generated through, connected to, or processed by Bombyx by you, your users, your organization, your integrations, your website visitors, or your connected systems.
Customer Content may include:
Website content.
Public page content.
WordPress page and post content.
Documents.
Text files.
PDFs.
CSV files.
DOCX files.
Markdown files.
Source material.
FAQs.
Policies.
Owner notes.
Business descriptions.
Service descriptions.
Assistant instructions.
Knowledge sources.
Organization memory.
Memory facts.
Memory proposals.
Conversation messages.
Visitor questions.
Assistant answers.
Lead details.
Names, email addresses, phone numbers, and other lead fields.
Feedback.
Corrections.
Approved answers.
Testing messages.
Attachments.
Images.
Audio recordings submitted for dictation.
Transcripts.
Page context.
Analytics events.
Source references.
Tool inputs and outputs.
Prepared action details.
Approval notes.
Integration data.
Workflow data.
Reports.
Client Loom content.
Custom project material.
We process Customer Content to provide, maintain, secure, troubleshoot, improve, and support the services.
7. Website Assistant and Widget Data
When a visitor interacts with a Bombyx-powered assistant on a website, we may collect and process:
Visitor questions.
Assistant answers.
Conversation history.
Pseudonymous visitor identifier.
Pseudonymous session identifier.
Conversation token.
Site URL.
Sanitized page URL.
Page title, after redaction.
Referrer domain or same-site referrer path.
Active visible time on page.
Scroll depth.
Recent same-site page trail.
Source link clicks.
Assistant opens and closes.
Assistant impressions.
Assistant engagement events.
Feedback events.
Lead-card events.
Dictation events.
Attachment events.
Helpful opener events.
Device and browser information.
Approximate location based on internet protocol address.
Abuse-prevention and rate-limit information.
We use this information to answer visitor questions, keep conversations connected, show assistant analytics to the organization owner, improve assistant performance, prevent abuse, debug issues, and support customer reporting.
Website assistant analytics are designed not to include raw visitor message text, lead form values, raw query strings, URL fragments, private page content, passwords, tokens, payment details, private account paths, or customer email and phone values.
8. Helpful Openers and Page Context
If helpful openers are enabled, Bombyx may process limited page context to decide whether to show one helpful opener and to measure whether it was used.
This may include:
Sanitized page URL.
Redacted page title.
Referrer domain.
Same-site referrer path.
Active visible time.
Scroll depth.
Recent same-site page trail.
Trigger type.
Trigger score.
Shown, dismissed, and responded events.
Helpful openers are designed to avoid private paths such as checkout, account, login, admin, password, billing, and payment pages.
Helpful openers are not designed to collect form values, query strings, URL fragments, payment information, passwords, tokens, private page content, or sensitive customer details.
9. WordPress Plugin Data
If you install or use the Bombyx Website Assistant WordPress plugin, the plugin may send information to Bombyx Labs so the assistant can work on your WordPress site.
This may include:
Widget key.
Site URL.
Sanitized current page URL.
Short-lived rendered page tokens.
Pseudonymous visitor identifier.
Pseudonymous session identifier.
Visitor questions.
Assistant messages.
WordPress plugin settings.
Public page and post URLs.
Public page and post titles.
Readable public WordPress page and post content when an administrator starts a page scan.
Signed source refresh events when public pages or posts are saved, published, unpublished, trashed, or deleted.
Privacy-safe assistant analytics events.
The plugin may send assistant analytics events for impressions, opens, closes, active visible time, source-link clicks, feedback, lead-card lifecycle, dictation lifecycle, attachment use, and helpful opener lifecycle.
The plugin is designed not to send visitor message text, lead field values, query strings, fragments, private page paths, private page content, passwords, tokens, payment details, or customer email and phone values in analytics events.
When a WordPress administrator starts a page scan, readable public WordPress page and post content may be made available to Bombyx so the assistant can use it as training material.
The WordPress site owner is responsible for telling site visitors about the use of Bombyx and for providing any required cookie, privacy, consent, or AI notices.
10. Source Material, Website Crawls, and Page Scans
When you add source material or ask Bombyx to scan a website, we may process:
URLs.
Page titles.
Page text.
Headings.
Structured page content.
Documents.
Uploaded files.
File names.
File metadata.
Public website content.
WordPress page and post content.
Crawl status.
Source status.
Extraction quality signals.
Source selections.
Source exclusions.
Approval records.
Retry records.
Memory records generated from source material.
We use this information to build and maintain the organization’s knowledge base, memory, assistant answers, source citations, and reporting.
You are responsible for making sure you have the right to provide source material to Bombyx and for removing or excluding content that should not be used.
11. Leads and Contact Handoff
If lead capture is enabled, visitors may submit contact information through a Bombyx assistant.
This may include:
Name.
Email address.
Phone number.
Message context.
Conversation history.
Lead status.
Lead notes.
Page where the lead was captured.
Time submitted.
Handoff details.
Delivery status.
We use this information to capture leads, notify the organization, show lead history, support follow-up workflows, and improve assistant handoff.
The organization that enabled the assistant is responsible for its own use of lead information, including follow-up, consent, marketing, opt-out, retention, and compliance with laws that apply to that organization.
12. Dictation, Audio, Images, and Attachments
Some Bombyx features allow visitors or users to submit audio, images, or attachments.
When dictation is used, we process the audio file to create a transcript. The transcript may be used as message text or assistant context. The audio file may be temporarily processed by Bombyx and by a transcription provider.
When image or file attachments are used, we process the file to support the conversation, generate a response, inspect the attachment, debug upload failures, prevent abuse, and provide the service.
Attachments may be associated with the relevant organization, conversation, message, or visitor session.
Do not submit sensitive information, payment information, government identification numbers, health information, private account credentials, or other regulated information unless your agreement with Bombyx expressly allows it.
13. Integrations and Connected Services
If you connect a third-party service to Bombyx, we may collect and process information from that service based on the permissions you grant.
Connected services may include:
Website platforms.
WordPress.
Shopify.
Email services.
Calendar services.
Customer relationship management systems.
Forms.
Spreadsheets.
Databases.
Communication tools.
Project management tools.
Code repositories.
Analytics tools.
Payment tools.
Other business systems you choose to connect.
Information from connected services may include account identifiers, profile information, metadata, content, messages, records, files, events, calendar entries, customer information, product information, order information, task information, or other data made available by the integration.
We use connected-service data only as needed to provide the integration, workflow, automation, reporting, assistant, or service you request or configure.
You are responsible for making sure you have authority to connect each service and share the connected data with Bombyx.
14. Developer, Voice, and Agent Tools
If you use Bombyx developer tools, voice tools, coding-agent tools, local launchers, repository tools, or similar features, we may process:
Pairing codes.
Host identifiers.
Repository metadata.
Task descriptions.
Commands.
Command status.
Execution events.
Approval records.
Review notes.
Voice session metadata.
Audio submitted for transcription.
Transcripts.
Agent activity logs.
Tool run records.
Error logs.
Performance logs.
Connected repository or project information.
We use this information to provide the tool, maintain state, support review and approval, debug problems, prevent abuse, and keep an audit trail of actions.
Do not connect repositories, files, secrets, production systems, or customer data unless you have authority and are comfortable with Bombyx processing the information needed to provide the service.
15. Usage, Device, Log, and Security Information
When you use Bombyx, we automatically collect certain technical information, including:
Internet protocol address.
Browser type.
Device type.
Operating system.
Referring page.
Pages viewed.
Routes and screens used.
Date and time of access.
Session information.
Authentication state.
Organization role.
Feature usage.
Error logs.
Performance logs.
Security logs.
Rate-limit events.
Abuse-prevention signals.
Approximate location based on internet protocol address.
We use this information to provide the service, keep users signed in, secure accounts, prevent abuse, troubleshoot issues, understand product usage, improve performance, and maintain service reliability.
16. Cookies, Local Storage, and Similar Technologies
Bombyx uses cookies, local storage, session storage, and similar technologies.
We use these technologies to:
Keep users signed in.
Protect against cross-site request forgery.
Remember session state.
Remember assistant open or closed state.
Maintain a conversation token.
Maintain pseudonymous visitor and session identifiers.
Support helpful openers.
Support page trail and engagement tracking.
Support app settings.
Support analytics.
Secure the service.
Debug and improve the product.
The Bombyx application may use cookies for authentication, sessions, security, and account functionality.
Embedded assistants may use local storage or session storage for visitor identifiers, conversation tokens, assistant open state, page trail, proactive opener state, and analytics session identifiers.
The WordPress plugin may store plugin settings in WordPress and may use browser storage for assistant behavior.
Our public website and application may use Google Analytics 4 or Google Tag Manager if enabled. These tools help us understand product and website usage. We do not intentionally send organization names, emails, message bodies, raw page URLs, or high-cardinality tenant-specific content to Google Analytics or Google Tag Manager from the Bombyx app.
You can control cookies through your browser settings. If you block or delete cookies or local storage, some features may not work correctly.
At this time, we do not respond to browser “Do Not Track” signals because there is no uniform industry standard for those signals. You can use browser controls, cookie controls where available, and privacy requests to manage your choices.
17. How We Use Personal Information
We use personal information to:
Provide the services.
Create and manage accounts.
Authenticate users.
Manage organizations and team access.
Provide assistants, widgets, embeds, and WordPress plugin features.
Answer visitor questions.
Generate assistant responses.
Process source material.
Create and maintain organization memory.
Process leads.
Send lead handoffs.
Provide analytics and reporting.
Support helpful openers.
Process dictation, audio, images, and attachments.
Operate integrations and workflows.
Prepare, approve, reject, pause, or run actions.
Provide workshops, consulting, audits, and implementation services.
Process payments and subscriptions.
Send invoices and billing notices.
Respond to support requests.
Send service, security, product, and administrative messages.
Send marketing communications where permitted.
Prevent fraud, spam, abuse, and unauthorized access.
Monitor service reliability and performance.
Debug and fix issues.
Improve services.
Develop new features.
Enforce our Terms of Service.
Comply with legal obligations.
Protect the rights, privacy, safety, and property of Bombyx, our customers, visitors, users, and others.
18. AI Processing
Bombyx uses artificial intelligence, language models, retrieval tools, transcription tools, classification tools, and related software to provide parts of the service.
Depending on the feature, we may send Customer Content, prompts, source material, conversation context, attachments, audio, transcripts, or other relevant information to AI service providers so they can return answers, summaries, classifications, transcriptions, embeddings, retrieval results, or other outputs.
Examples of AI-related processing include:
Answering assistant questions.
Summarizing source material.
Extracting useful facts.
Generating memory proposals.
Retrieving relevant source material.
Creating suggested corrections.
Classifying feedback.
Drafting lead responses.
Generating helpful openers.
Transcribing audio.
Inspecting images or attachments.
Preparing workflow outputs.
Bombyx does not use Customer Content to train a general Bombyx foundation model.
Bombyx may use de-identified, aggregated, or anonymized information to understand and improve the service.
Third-party AI providers process information according to their agreements with Bombyx and their own applicable terms. We choose business-oriented providers and settings where available, but no third-party service is under Bombyx’s full control.
You should not submit sensitive or regulated information to AI-powered features unless your written agreement with Bombyx expressly allows it.
19. Legal Bases for Processing
If you are in a location where legal bases are required, we process personal information under one or more of the following legal bases:
Contract. We process information to provide services you requested, manage your account, deliver subscriptions, process payments, provide support, and perform agreements.
Legitimate interests. We process information to secure the service, prevent abuse, improve products, support customers, understand usage, market our services, develop features, and operate our business.
Consent. We process information based on consent where required, such as certain marketing communications, optional cookies, optional integrations, or other consent-based uses.
Legal obligations. We process information to comply with tax, accounting, legal, security, regulatory, dispute, and law-enforcement obligations.
Vital or public interests. We may process information where necessary to protect safety, prevent serious harm, or respond to lawful requests.
20. How We Disclose Personal Information
We disclose personal information in the ways described below.
21. Customer Organizations and Their Admins
If you interact with a Bombyx assistant on a customer website, the organization that owns or manages that assistant may be able to access:
Your conversation.
Your questions.
Assistant answers.
Lead details you submit.
Feedback.
Source-link activity.
Page attribution.
Conversation analytics.
Helpful-opener activity.
Related reporting.
If you are a member of a Bombyx organization, owners and admins may be able to access information associated with your account activity inside that organization.
22. Service Providers and Subprocessors
We disclose information to vendors, service providers, contractors, and subprocessors who help us operate Bombyx.
These may include providers for:
Hosting and infrastructure.
Database storage.
Cloud services.
Payment processing.
Email delivery.
Customer support.
Analytics.
Security.
Logging.
Error monitoring.
AI processing.
Transcription.
Website crawling.
File processing.
Content delivery.
Authentication.
Product operations.
Examples may include Stripe, OpenAI, Google, Brevo, Firecrawl, hosting infrastructure providers, and other providers used to deliver the service.
These providers may access personal information only as needed to provide services to Bombyx or as otherwise allowed by their agreements with us.
23. Third-Party Integrations You Choose
If you connect Bombyx to a third-party service, we disclose and receive information as needed to provide that integration.
For example, if you connect a website, store, email account, calendar, customer relationship management system, code repository, or other tool, Bombyx may exchange information with that service based on your settings and permissions.
Your use of third-party integrations is also governed by the third party’s terms and privacy policy.
24. Legal, Safety, and Compliance Disclosures
We may disclose information if we believe it is reasonably necessary to:
Comply with law.
Respond to a subpoena, court order, legal process, or government request.
Enforce our Terms of Service.
Protect Bombyx’s rights, property, and safety.
Protect customers, visitors, users, or the public.
Prevent fraud, spam, abuse, security threats, or illegal activity.
Investigate suspected violations.
Defend legal claims.
Comply with tax, accounting, or regulatory obligations.
25. Business Transfers
If Bombyx is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, personal information may be disclosed or transferred as part of that transaction.
26. Aggregated, De-Identified, or Anonymized Information
We may disclose aggregated, de-identified, or anonymized information that does not reasonably identify you, your organization, or any individual.
We may use this information for analytics, reporting, product improvement, research, marketing, benchmarking, and business operations.
27. We Do Not Sell Customer Content
Bombyx does not sell Customer Content.
Bombyx does not sell visitor conversations, lead details, uploaded documents, organization memory, source material, or customer assistant data.
Bombyx does not intentionally make one customer’s private Customer Content available to another customer.
Bombyx does not share Customer Content with third parties for cross-context behavioral advertising.
Bombyx may use analytics or marketing tools on our own public website or application. Depending on applicable law, some use of analytics or advertising tools may be considered a “sale” or “sharing” of personal information. You may opt out by contacting [email protected] with the subject line “Do Not Sell or Share.”
28. Marketing Communications
We may send you service emails, security notices, billing notices, support messages, product updates, workshop information, and administrative messages.
We may send marketing emails if you sign up, request information, attend an event, become a customer, or otherwise provide your contact information in a way that permits us to contact you.
You can unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting [email protected].
You cannot opt out of necessary service, billing, security, legal, or transactional messages.
29. Data Retention
We retain personal information for as long as needed to provide the services, operate our business, comply with legal obligations, resolve disputes, enforce agreements, protect security, prevent abuse, and maintain records.
Retention periods depend on the type of information and the reason we process it.
Account information is generally retained while your account is active and for a reasonable period after deletion or termination.
Organization information is generally retained while the organization is active and for a reasonable period after deletion or termination.
Billing and transaction records are retained as needed for accounting, tax, dispute, compliance, and legal purposes.
Customer Content is generally retained while the relevant organization, service, workflow, assistant, or project remains active, unless deleted earlier through product controls or by request.
Conversation history, leads, assistant answers, source material, memory records, and analytics may be retained to provide customer reporting, improve assistant quality, maintain audit trails, and support the organization.
Security logs, audit logs, rate-limit logs, abuse-prevention records, and error logs may be retained as needed to protect the service and investigate issues.
Backups may retain copies for a limited period after deletion from active systems.
We may retain information longer if required by law, legal process, dispute, security need, or legitimate business purpose.
We may retain de-identified, aggregated, or anonymized information without time limit.
30. Deletion and Export
Account holders and organization owners may have product controls to access, update, export, delete, or exclude certain information.
You may contact [email protected] to request access, correction, deletion, or export of personal information.
If you are a visitor who interacted with a Bombyx assistant on a customer website, we may need to refer your request to the organization that controls that assistant.
Deletion may not immediately remove information from backups, logs, billing records, audit records, legal records, or de-identified data.
We may deny or limit a request where allowed by law, such as when retention is required for security, fraud prevention, legal compliance, billing, dispute resolution, or another lawful purpose.
31. Security
Bombyx uses reasonable administrative, technical, and organizational safeguards designed to protect personal information.
These safeguards may include access controls, authentication, encryption in transit, credential protections, logging, rate limits, abuse detection, security review, and operational controls.
No system is perfectly secure. We cannot guarantee that personal information will never be accessed, disclosed, altered, lost, or destroyed.
You are responsible for protecting your account, passwords, devices, websites, WordPress installations, third-party accounts, credentials, integrations, and backups.
If you believe there is a security issue, contact [email protected].
32. International Data Transfers
Bombyx is based in the United States.
We process and store information in the United States and may use service providers in the United States and other countries.
If you access Bombyx from outside the United States, your information may be transferred to, stored in, and processed in the United States and other jurisdictions that may have privacy laws different from those in your location.
Where required, we use legally recognized transfer mechanisms or other safeguards for international transfers.
33. Children’s Privacy
Bombyx services are not directed to children under 13.
We do not knowingly collect personal information from children under 13.
If you believe a child under 13 has provided personal information to Bombyx, contact [email protected] and we will review the request.
Users under 18 may use Bombyx only with permission from a parent or legal guardian and only if allowed by the applicable service.
Customer organizations are responsible for making sure their own websites, assistants, and data collection practices comply with laws that apply to children, minors, students, parents, and families.
34. Sensitive Information
Do not submit sensitive personal information unless your written agreement with Bombyx expressly permits it.
Sensitive information includes:
Social Security numbers.
Government identification numbers.
Driver’s license numbers.
Passport numbers.
Payment card numbers.
Bank account numbers.
Health information.
Medical records.
Protected health information.
Biometric identifiers.
Precise geolocation.
Children’s data.
Student records.
Passwords.
Private keys.
Access tokens.
Security credentials.
Legal records.
Financial records.
Insurance records.
Employment records.
Information about race, ethnicity, religion, union membership, sexual orientation, sex life, genetic data, or similar sensitive categories.
Bombyx does not use sensitive personal information to infer characteristics about people.
Bombyx is not a HIPAA business associate unless we sign a business associate agreement.
Bombyx is not a financial institution, credit reporting agency, law firm, medical provider, accounting firm, insurance provider, or other regulated professional provider.
35. Automated Decision-Making
Bombyx services may use AI to generate answers, draft responses, classify messages, suggest next steps, summarize information, prepare actions, score engagement, or support workflows.
Bombyx does not use personal information to make solely automated decisions that have legal or similarly significant effects on individuals.
Customer organizations are responsible for how they use Bombyx outputs and whether human review is required for their own workflows.
AI outputs can be wrong. Do not rely on AI outputs for legal, medical, financial, employment, housing, credit, insurance, education, safety, or similarly significant decisions without qualified human review.
36. Your Privacy Rights
Depending on where you live, you may have rights to:
Access personal information.
Know what categories of personal information we collect.
Know the categories of sources of personal information.
Know why we collect, use, and disclose personal information.
Know the categories of third parties to whom we disclose personal information.
Correct inaccurate personal information.
Delete personal information.
Receive a copy of personal information.
Object to certain processing.
Restrict certain processing.
Withdraw consent where processing is based on consent.
Opt out of sale or sharing where applicable.
Opt out of certain targeted advertising where applicable.
Opt out of certain profiling where applicable.
Limit use of sensitive personal information where applicable.
Appeal a denied request where applicable.
Not be discriminated against for exercising privacy rights.
To exercise rights, contact [email protected].
We may need to verify your identity before fulfilling a request. We may ask for information such as your email address, account details, organization details, or other information needed to confirm the request.
If you submit a request through an authorized agent, we may require proof of authorization and may still ask you to verify your identity directly.
37. California Privacy Notice
This section applies to California residents where the California Consumer Privacy Act, as amended, applies.
In the past 12 months, Bombyx may have collected the following categories of personal information:
Identifiers, such as name, email address, phone number, internet protocol address, account identifiers, visitor identifiers, session identifiers, and organization identifiers.
Customer records, such as billing contact information, payment status, invoice information, and support records.
Commercial information, such as subscriptions, purchases, invoices, services requested, plans, usage, and transaction history.
Internet or other network activity, such as pages viewed, features used, assistant interactions, device information, browser information, log data, analytics events, and referrer information.
Approximate geolocation, such as general location inferred from internet protocol address.
Audio, electronic, visual, or similar information, such as audio submitted for dictation, transcripts, uploaded images, attachments, and electronic messages.
Professional or business information, such as company name, role, website, project details, business needs, and service information.
Inferences, such as product usage patterns, lead status, engagement signals, assistant performance signals, and service recommendations.
Sensitive personal information, only if you choose to provide it or configure a service to process it. Bombyx does not use sensitive personal information to infer characteristics.
We collect this information from you, your organization, your users, your website visitors, your connected services, public websites you ask us to scan, devices and browsers, payment processors, service providers, and communications with us.
We use this information for the purposes described in this Privacy Policy, including providing services, managing accounts, processing payments, answering questions, supporting assistants, operating integrations, securing the service, preventing abuse, debugging, analytics, support, and legal compliance.
We disclose these categories of information to service providers, customer organizations and their admins, payment processors, AI providers, hosting providers, analytics providers, email providers, crawling providers, security providers, connected third-party services, professional advisors, authorities where required by law, and parties involved in business transfers.
We do not sell Customer Content.
We do not sell visitor conversations, lead details, uploaded source material, organization memory, or assistant data.
We do not share Customer Content for cross-context behavioral advertising.
To submit a “Do Not Sell or Share” request, contact [email protected] with the subject line “Do Not Sell or Share.”
California residents may request access, deletion, correction, portability, and information about our privacy practices. California residents may also opt out of sale or sharing where applicable and may limit use of sensitive personal information where applicable.
We will not discriminate against you for exercising your California privacy rights.
38. Nevada Privacy Notice
Nevada residents may request to opt out of the sale of certain covered information under Nevada law.
Bombyx does not currently sell covered information as defined by Nevada law.
If you are a Nevada resident and want to submit a Nevada privacy request, contact [email protected] with the subject line “Nevada Privacy Request.”
39. European Economic Area, United Kingdom, and Switzerland
If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws.
These rights may include access, correction, deletion, restriction, objection, portability, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.
Bombyx Labs is the controller for personal information we process for our own public website, account, billing, marketing, support, and business operations.
For customer-published assistants and customer-controlled source material, Bombyx may act as a processor for the customer organization that configured the service.
You can contact us at [email protected].
If your request relates to a customer organization’s assistant, we may direct you to that organization or work with that organization to respond.
40. Other U.S. State Privacy Rights
Residents of certain U.S. states may have rights to access, correct, delete, obtain a copy of, or opt out of certain uses of personal information.
If those rights apply to you, you may exercise them by contacting [email protected].
If we deny your request and your state gives you a right to appeal, you may appeal by replying to our decision email with the subject line “Privacy Appeal.”
41. Customer Responsibilities
If you use Bombyx for your own organization, website, customers, visitors, employees, clients, or leads, you are responsible for your own privacy obligations.
This includes:
Providing required privacy notices.
Providing required cookie notices.
Providing required AI disclosures.
Obtaining required consents.
Managing opt-outs.
Responding to privacy requests.
Keeping source material accurate.
Removing information that should not be processed.
Configuring assistant behavior appropriately.
Using lead information lawfully.
Reviewing AI outputs before relying on them.
Complying with laws that apply to your business.
If you install a Bombyx assistant on your website, you should update your own privacy policy to explain that the assistant may collect visitor questions, conversation data, lead details, page context, analytics events, and related information.
42. Links to Other Websites
Bombyx websites and services may link to third-party websites, platforms, services, plugins, stores, documentation, or tools.
This Privacy Policy does not apply to third-party websites or services.
You should review the privacy policies of third-party services before using them.
43. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will provide notice by posting the updated Privacy Policy, updating the effective date, sending email, showing in-product notice, or using another reasonable method.
Your continued use of the services after an updated Privacy Policy becomes effective means you acknowledge the updated policy.
44. Contact Us
Bombyx Labs
584 Pinto Ct
Incline Village, NV 89451
United States
Email: [email protected]
Website: https://bombyxlabs.com
For security issues, contact: [email protected]
For copyright complaints, contact: [email protected]