Security & Privacy
Learn how Formula Bot protects your data with industry-leading security practices and privacy commitments
Formula Bot is committed to protecting your data with industry-leading security practices. We work with enterprise customers and can collaborate with your security team to meet specific requirements.
Our Security Commitment
We adhere to industry-leading practices to ensure data security:
- Encryption in Transit: All data is transmitted over TLS (HTTPS)
- Encryption at Rest: Data is encrypted using AES-256 encryption
- Secure Infrastructure: Hosted on AWS, which meets 143 security standards and certifications
- Security Headers: HSTS, XSS protection, and MIME type sniffing prevention enabled on all requests
Enterprise Security
For enterprise customers with specific security requirements, contact us at hello@formulabot.com to discuss your needs.
Privacy Commitment
We are committed to user privacy with the following principles:
- No Data Selling: We never sell your data to third parties
- Data Minimization: We only collect data necessary for the service to function
- User Control: You can access, export, and delete your data at any time
- Transparency: We clearly disclose what data we collect and how it's used
Compliance
Formula Bot strives to comply with all applicable regulations:
- GDPR: We comply with the General Data Protection Regulation for EU users
- U.S. Regulations: We comply with applicable U.S. laws for technology providers
- SOC 2 Type II: Our infrastructure provider (AWS) maintains SOC 2 Type II certification
Data Storage & Protection
Where Is My Data Stored?
All data is stored in Amazon Web Services (AWS) data centers:
- 143 security certifications including SOC 2, ISO 27001, and PCI DSS
- TLS encryption for all data in transit
- AES-256 encryption for all data at rest
- Geographic redundancy for high availability
Data Isolation
Your data is isolated from other users through multiple layers:
- Row-Level Security (RLS): Database policies ensure users can only access their own data
- Folder Isolation: Each user has a dedicated folder in our storage system
- Encrypted Credentials: Database connection credentials are encrypted using a secure AWS encryption service
Rate Limiting & Protection
We implement multiple layers of protection against abuse:
- Login Rate Limiting: 5 attempts per 15 minutes, with 30-minute lockout
- Password Reset Limiting: 3 requests per hour, with 24-hour lockout
- API Rate Limiting: Configurable limits on all endpoints
- Brute-Force Protection: Automatic blocking of suspicious activity
Account Security Features
Multi-Factor Authentication (MFA)
Formula Bot supports TOTP-based two-factor authentication:
- Use any authenticator app (Google Authenticator, Authy, 1Password, etc.)
- Recovery codes provided for backup access
- MFA can be enabled in your account settings
Email Verification
New accounts require email verification with:
- 6-digit verification codes
- 15-minute code expiration
- 5-attempt limit to prevent brute-force attacks
Secure Password Reset
Password reset requests include:
- Time-limited reset links
- Rate limiting to prevent abuse
- Email notification of password changes
OAuth Security
Google integrations (Analytics, Search Console, Sheets) use:
- Industry-standard OAuth 2.0 protocol
- Minimal permission scopes (only what's needed)
- Secure token storage with automatic refresh
- Tokens are never exposed to the browser
Data Retention
How Long Is Data Stored?
Retention depends on your plan:
| Free Plan | Paid Plans (Starter, Pro, Business) | |
|---|---|---|
| Chats & Messages | Deleted after 60 days of inactivity | Retained indefinitely |
| Uploaded Files | Deleted after 60 days | Retained indefinitely |
| Account Data | Until you delete your account | Until you delete your account |
| Connection Credentials | Until you remove the connection | Until you remove the connection |
Free Plan Data Retention
On the free plan, chats and files that have been inactive for more than 60 days are automatically and permanently deleted, including all associated files stored on our servers. This deletion is irreversible. Upgrade to any paid plan for unlimited data retention.
What Happens When I Delete My Account?
Deleting your account permanently removes all associated data:
- Chat history and messages
- Uploaded files
- Database connections
- Playbooks and automations
- OAuth connections
- All user settings
Data Deletion Confirmation
Need written confirmation that your data has been deleted? Contact hello@formulabot.com after deleting your account.
Your Data Rights
You have full control over your data:
- Access: View all your data within the Formula Bot interface
- Export: Download your chat history and data
- Delete: Remove individual files, chats, or your entire account
- Portability: Export your data in standard formats
To exercise these rights or make a data request, contact hello@formulabot.com.
Third-Party Services
We integrate with select third-party services to provide our functionality:
| Service | Purpose | Data Shared |
|---|---|---|
| AWS | Infrastructure & storage | Encrypted user data |
| Stripe | Payment processing | Payment metadata (no card numbers stored) |
| Brevo | Email delivery | Email address, name |
| OpenAI | AI processing | User prompts and context |
| Anthropic | AI processing | User prompts and context |
| AI processing & OAuth | User prompts, OAuth tokens |
All third-party connections are secured with:
- HTTPS/TLS for all communications
- OAuth 2.0 for authorized connections
- Data Processing Agreements with all vendors
AI Model Training
Your Data Is Not Used for Training
Your data is NOT used to train AI models. We have agreements with our AI partners (OpenAI, Anthropic, Google) that explicitly prohibit using your data for model training.
Our AI usage policy:
- Data is only used to process your specific requests
- Conversations are not used to train or improve AI models
- We use API access with enterprise-grade privacy protections
- You can delete your conversation history at any time
Security Best Practices for Users
To keep your account secure:
- Enable MFA: Add an extra layer of protection to your account
- Use Strong Passwords: Use a unique, complex password for Formula Bot
- Review Connected Accounts: Periodically review your OAuth connections
- Monitor Activity: Check your chat history for any unauthorized access
- Keep Credentials Private: Never share your login credentials
Contact Us
For security questions or to report a vulnerability:
- General Inquiries: hello@formulabot.com
- Security Issues: hello@formulabot.com (include "SECURITY" in subject)
For more details, see our full Privacy Policy and Terms of Service.