Skip to main content

Data Security

Once integrated into your app, the Botsi SDK collects relevant subscription and engagement data to power features like analytics, retention tracking, paywall A/B testing, and more. All data collection is passive by default and designed to respect user privacy and comply with regulatory requirements.

How the Botsi SDK Collects Data

The Botsi SDK automatically tracks in-app events and subscription lifecycle changes after installation. This includes:

  • Subscription events: purchases, renewals, cancellations, trials
  • User behavior: onboarding completion, screen views, conversion events
  • Device metadata: platform, app version, locale (non-sensitive)

By default, the SDK does not collect personally identifiable information (PII). However, you can configure the SDK to send custom events or attach user identifiers, depending on your business needs and privacy requirements.

Data Transmission

All data is securely transmitted from the customer app to Botsi’s servers via:

  • Transport Layer Security (TLS): Ensures data is encrypted in transit over HTTPS.
  • Minimal payloads: Only necessary metadata is sent, reducing risk and exposure.

Data is queued and batched intelligently to avoid performance impacts on your app.

Security Practices

Botsi is built with security at the core. It recognizes that financial data and behavioral insights require strict protection, even if we’re not a payment processor. Botsi’s security model is built on a multi-layered foundation that protects customer data at every stage , including collection, transmission, and storage.

All SDK data is transmitted over HTTPS using industry-standard TLS encryption, ensuring it remains secure in transit. Once received, the data is encrypted at rest using AES-256, the same encryption standard trusted by leading financial institutions.

Botsi operates on infrastructure that complies with SOC 2 Type II and ISO 27001 standards. This environment is continuously monitored for threats, with systems in place to detect anomalies, prevent attacks, and ensure resilience through features like DDoS protection and automatic failover.

Internally, Botsi maintains strict access control policies. Employee access follows a least-privilege model, meaning only those who need access to certain data are granted it. Every access event is logged and subject to audit, reinforcing transparency and accountability.

In terms of compliance, Botsi aligns its practices with global data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Importantly, Botsi does not collect personal user data by default, and publishers retain full control over what is shared through the SDK.