Table of Contents

Landbot's Privacy & Security Policies

Compliance

We are in compliance with data protection requirements, namely the GDPR (the 2018 EU General Data Protection Regulation, which replaced the Data Protection Directive 95/46/EC).

If you need more information about our Privacy and Security Policies, please check out our Privacy Policies, download our Data Processing Agreement, and check our here our article about the GDPR.

Privacy Policies

Where is my data stored?

Landbot’s infrastructure is distributed between different services and instances inside our cloud servers. These servers are isolated from the outside and communicated by local connections.

All instances are located in Google's servers in Belgium, Europe (Google Cloud Engine, west-1). You can read more about Google’s Security and Infrastructure here, and its compliance here.

Moreover, our offices include 24-hour access monitoring, cameras, visitor logs, and biometric access control.

Who can access my data?

Users are the exclusive owner of the data at all times, so only the Users and their Teammates can access the data.

Landbot will never share your data with third parties, unless it’s necessary for the performance of our Services (such as integrations via Zapier, Google Sheets, etc).

We may share your data if you explicitly request or allow us to do so, following a strict procedure.

Also, Landbot may be compelled to share data if legally requested by official authorities. We are governed by the laws of Spain, so any and all requests must comply with local laws and procedures.

For how long is my data kept?

We retain the data associated with your account for as long as your account is active or until you request the deletion of the account itself. If your account remains inactive for an extended period, it will be deactivated based on our retention policy:

  • 6 months for accounts that have downgraded from a paid subscription to the Sandbox plan;
  • 30 calendar days for Sandbox accounts with no paid subscriptions.

Upon account deactivation, non-personal data will be promptly deleted, while personal data will be archived and permanently deleted after 3 years, and financial data after 6 years, in compliance with legal requirements.

Please note that while we perform regular database backups for disaster recovery purposes, these backups are not intended for customer data recovery requests. Once data is deleted from your Landbot account, it will be permanently erased from our servers, and no restoration will be possible in case of account data deletion.

For more information regarding our Data Retention policies, please refer to the clause 8.3 q. of our Privacy Policy.

How do I delete my account?

You can delete your account at any moment by accessing your account and permanently deleting it manually. Please check out a step-by-step guide to deleting your account here

We can delete the account for you if necessary, but we follow a very strict procedure in order to do so.

Can Landbot delete my account without my consent?

We never delete your account without your consent. However, we take our Terms and Conditions and Abuse Policy very seriously, so in case of breach of these terms we may block your bots and revoke the access to the account.

What Cookies does Landbot use?

Please read more about our Cookies Policy here, and find more general information about cookies at: www.allaboutcookies.org .

You can also manage the cookies in your browser. The following links will take you to the ‘Help’ sections for each of the major browsers so that you can find out more about how to manage your cookies: Google Chrome, Internet Explorer, Firefox, Safari, Safari iOS, Android, Opera.

Security Policies

Does Landbot conduct audits, penetration tests or vulnerability scans?

We conduct regular internal and external penetration tests, as well as periodic scans, identification of security vulnerabilities, and remediate according to severity for any weakness found.

Considering the management of risk and security, Landbot uses Google Cloud Platform (GCP) as its cloud hosting provider, meaning that part of our technical security measures relies on Google’s controls. For instance, all Physical security restrictions are managed by Google in its data centers.

For more information about the technical and organizational measures we have implemented, please reach out to us at security@landbot.io.

How to report a security vulnerability?

We don’t have a current bug bounty program in place. However, if you believe you've found a security vulnerability on Landbot, please let us know by writing to help@landbot.io.

We investigate all legitimate reports, evaluate them, and do our best to quickly fix the issue if applicable.

If you find a vulnerability, do not share the information with others until the problem has been fixed. if this happens we will be entitled to pursue legal action.

For more information about our Privacy and Security Policies, please write to legal@landbot.io .

How did we do?

Compliance with the GDPR -  General Data Protection Regulation

Contact