Security & Privacy
Bottari connects to your code, Slack, and email to know what's next.
“Most tools earn trust by touching as little as possible. Bottari reads broadly so it can think alongside you — so we hold ourselves to one rule: see only what you allow, keep as little as possible, and never act without your say-so.”
Connect only the repos, channels, and inboxes you want. Bottari works only within what you turn on. Sensitive sources stay off by default.
Bottari learns from your code and conversations, but keeps distilled context — not raw files or messages. Disconnect a source and its raw content is purged.
Remove any memory, disconnect any source, or export and close your account whenever you like. When you delete, it's gone from backups within 30 days.
Your code, messages, and email help you — never to train AI models, ours or anyone's. AI processing runs through providers under zero-retention terms, so nothing you connect is stored or learned by them.
Passwords, API keys, and tokens are detected and stripped before anything is stored — and never written into the code Bottari generates. Connection tokens live in an encrypted vault, revoked the moment you disconnect.
Connect a personal inbox and your teammates never see your raw emails. Bottari extracts only what helps the shared backlog — private content stays yours alone.
Bottari proposes work and writes code, but never pushes to production. Every change arrives as a pull request your team reviews and merges. And anything it reads is treated as information, never instructions — so a stray email can't tell it what to do.
Your code and messages are encrypted, and our team can't read them in the clear. Access requires explicit approval, is fully logged, and you're notified for anything sensitive.
Every workspace is isolated at both the application and infrastructure layers. Your data is never reachable from another customer's account.
Please don't paste things into connected tools that no product should hold — card numbers, government IDs, passwords, or private keys. We do our best to detect and strip them, but the safest data is the data we never receive. If something sensitive slips in, tell us and we'll delete it.
Straight answers, no fine print.
No.Your data is used to help you and nothing else. AI processing is routed through providers under zero-retention agreements, so they don't keep or train on anything you connect. Every provider that touches your data is listed in our subprocessor list.
Not in the clear.Your raw content is encrypted, and our team can't browse it. On the rare occasion someone needs access to debug an issue, it requires explicit approval, every access is logged, and you're notified for anything sensitive.
No. Bottari writes code and opens it as a pull request. Your team reviews and merges. It never pushes to production or changes your infrastructure without your approval.
Syncing stops and the raw content is purged. The high-level context Bottari learned can remain so your backlog stays useful — and you can wipe that in one click too. Delete your account and everything is gone from backups within 30 days.
No. Personal sources feed the shared backlog only as product signal — the actionable part. The raw emails and anything unrelated stay private to the person who connected them.
It's stored encrypted, and processed for AI only through zero-retention providers. We publish every subprocessor that touches your data and offer a Data Processing Agreement on request.
We publish our subprocessor list, offer a Data Processing Agreement, and give you a direct line to report security concerns. We're building toward SOC 2 as we grow — and we'll say so plainly when we get there.
Start with a 14-day free trial. Connect a single source and see what Bottari proposes.
Get started