DRAGbot Terms of Service

Last Updated: February 2025

These terms govern your use of DRAGbot ("the Platform," "we," "us"). By using DRAGbot, you agree to these terms.

1. What DRAGbot Is

DRAGbot is a platform that helps you create, deploy, and manage AI-powered conversational bots. We provide:

  • A no-code interface for configuring bots
  • Document processing and retrieval capabilities
  • Deployment infrastructure via third-party providers
  • Team collaboration features ("Bot Spaces")
  • Conversation logging with integrity verification

We do not provide the underlying AI models. You connect your own API keys from providers like OpenAI, Anthropic, Google, or Cohere.

2. What DRAGbot Is Not

We are not a compliance certification. While DRAGbot includes architectural features designed to support privacy and compliance goals (such as client-side form handling that keeps certain data from reaching our servers), using DRAGbot does not automatically make your deployment compliant with HIPAA, GDPR, SOC 2, or any other regulatory framework.

You are responsible for:

  • Determining whether DRAGbot is appropriate for your use case
  • Configuring your bots in accordance with applicable regulations
  • Obtaining necessary legal, compliance, or security reviews
  • The content and behavior of bots you deploy
  • How you collect, store, and process end-user data

3. The Ghostform Architecture

DRAGbot offers a "Ghostform" mode where form inputs entered by end users are stored only in their browser and submitted directly to your designated webhook. In this mode:

  • Form field values are replaced with structural markers (e.g., {email_filled}) before reaching the AI model
  • Actual form data is transmitted directly from the end user's browser to your webhook
  • DRAGbot infrastructure does not receive, store, or process the actual form values

Important limitations:

  • Ghostform applies only to designated form fields, not to free-text conversation
  • End users may still type sensitive information in regular chat messages
  • You should instruct end users appropriately and design your bot prompts to minimize this risk
  • Ghostform is an architectural pattern, not a guarantee; you must verify it meets your requirements

4. Your Data

4.1 Documents You Upload

Documents you upload are:

  • Stored in our infrastructure (via Supabase)
  • Processed to extract text for retrieval purposes
  • Summarized by AI models using your API keys
  • Downloaded to your deployed bot containers

You retain ownership of your documents. You grant us a license to store, process, and transmit them as necessary to provide the service.

4.2 Conversations

Conversations between end users and your deployed bots are:

  • Stored in your bot's individual container database
  • Accessible to you through the DRAGbot dashboard
  • Protected by cryptographic hash chains for integrity verification

When you delete a deployment, the associated container and its conversation data are destroyed.

4.3 API Keys

Your LLM provider API keys are:

  • Encrypted at rest using AES-256-GCM
  • Used only to make requests on your behalf
  • Never pooled, shared, or used for other customers
  • Your responsibility to manage, rotate, and secure

5. Bot Spaces and Team Access

Bot Spaces allow multiple users within your organization to collaborate on bots and share documents. When you add someone to a Bot Space:

  • They gain access to view, and potentially modify, bots and documents in that space
  • Their actions are logged
  • You are responsible for managing access levels appropriately

Access levels (read, write, admin) control what members can do. Organization administrators can view and manage all spaces within their organization.

6. Acceptable Use

You agree not to use DRAGbot to:

  • Violate any applicable law or regulation
  • Deploy bots that provide medical diagnoses, legal advice, or financial recommendations without appropriate professional oversight and disclaimers
  • Collect sensitive personal information without proper consent and legal basis
  • Deceive end users about whether they are interacting with an AI
  • Generate or distribute harmful, abusive, or illegal content
  • Attempt to circumvent security measures or access other users' data
  • Use the platform in ways that could harm DRAGbot, its infrastructure, or other users

We reserve the right to suspend or terminate accounts that violate these terms.

7. Regulated Industries

If you operate in a regulated industry (healthcare, legal, financial services, etc.):

  • You acknowledge that compliance is your responsibility
  • You should conduct your own legal and compliance review before deploying
  • DRAGbot's features (Ghostform, audit trails, etc.) are tools that may support compliance but do not constitute compliance
  • We recommend consulting with qualified legal and compliance professionals
  • You should not rely solely on DRAGbot's architecture to meet regulatory obligations

8. Third-Party Services

DRAGbot integrates with third-party services including:

  • LLM Providers (OpenAI, Anthropic, Google, Cohere): Your use is subject to their terms
  • Fly.io: Hosts your deployed bot containers
  • Supabase: Provides database and storage infrastructure
  • Calendly (if using appointment features): Subject to their terms

We are not responsible for the availability, performance, or policies of these services. Outages or changes to third-party services may affect DRAGbot functionality.

9. Service Availability

We strive to maintain reliable service but do not guarantee uninterrupted availability. We may:

  • Perform maintenance that temporarily affects availability
  • Modify features with reasonable notice
  • Discontinue the service with 90 days notice (we will provide data export options)

For production deployments in regulated environments, you should have contingency plans.

10. Intellectual Property

  • Your Content: You retain all rights to documents, configurations, and bot designs you create
  • Our Platform: DRAGbot's software, interface, and documentation remain our property
  • Generated Content: AI-generated responses are subject to your LLM provider's terms

11. Limitation of Liability

To the maximum extent permitted by law:

  • DRAGbot is provided "as is" without warranties of merchantability or fitness for a particular purpose
  • We are not liable for indirect, incidental, or consequential damages
  • Our total liability is limited to fees you paid in the 12 months preceding the claim
  • We are not liable for actions taken by AI models, which are provided by third parties

This does not limit liability for fraud, gross negligence, or matters that cannot legally be excluded.

12. Indemnification

You agree to indemnify DRAGbot against claims arising from:

  • Your use of the platform
  • Bots you deploy and their interactions with end users
  • Your violation of these terms
  • Your violation of applicable laws or regulations

13. Termination

By You: You may delete your account at any time via Settings → Delete Account. The deletion process:

  1. Shows a preview of all data that will be deleted
  2. Requires email confirmation for security
  3. Automatically destroys your deployed bots (including Fly.io containers)
  4. Removes your documents, API keys, and profile data

For Admins: Deleting your account also deletes:

  • All bot spaces in your organization
  • Contributor accounts that belong only to your organization (contributors with memberships in other organizations retain their accounts)

For Contributors: Your account and personal data are deleted, but bot spaces and other users are unaffected.

We recommend exporting any data you wish to retain before deletion.

By Us: We may terminate or suspend your account for:

  • Violation of these terms
  • Non-payment (if applicable)
  • Extended inactivity
  • Legal requirement

Upon termination, your deployed bots will be destroyed and data deleted according to our data retention policy.

14. Changes to Terms

We may update these terms. For material changes:

  • We will notify you via email or dashboard notification
  • Changes take effect 30 days after notice
  • Continued use after that period constitutes acceptance
  • If you disagree with changes, you may terminate your account

15. Dispute Resolution

  • These terms are governed by the laws of Ontario, Canada
  • We encourage resolving disputes informally first
  • Formal disputes will be resolved through the courts of Ontario, Canada
  • Class action waiver: disputes must be brought individually, not as part of a class

16. Contact

For all inquiries: admin@dragbot.io

Toronto, ON, Canada

Summary of Key Points

TopicKey Takeaway
ComplianceYour responsibility; we provide tools, not certification
GhostformArchitectural privacy feature; verify it meets your needs
API KeysYou provide them; we encrypt and never share them
DataYou own your content; we process it to provide service
ConversationsStored in your bot containers with integrity verification
Account DeletionSelf-service via Settings; shows preview before confirmation
Regulated UseConsult professionals; don't rely solely on our architecture
LiabilityLimited; AI responses are from third-party providers

These terms are meant to be read and understood. If anything is unclear, please contact us.