Privacy Policy

Last updated: March 18, 2026

1. Introduction

This Privacy Policy describes how Bot-Hound and its proprietor (“Bot-Hound,” “we,” “us,” or “our”) collects, uses, and shares information in connection with the Bot-Hound service at bot-hound.com (the “Service”). By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

The Service consists of two products: Bot Check (per-report audience verification of any public 𝕏 account) and subscriber monitoring (ongoing bot detection for your own 𝕏 account). This policy covers both products.

In this policy, “you” refers to an authenticated Bot-Hound user. A “target account” is the public 𝕏 account whose audience is being analyzed in a Bot Check report. The target account may or may not be a Bot-Hound user.

The Service is intended for users in the United States who are at least 18 years of age. Please review our Terms of Service for eligibility requirements.

2. Information We Collect

Information you provide through authentication

(a) 𝕏 (Twitter) OAuth. When you connect your 𝕏 account, we receive and store:

𝕏 account identifiers: your 𝕏 user ID and username
Profile information: your profile image URL
OAuth credentials: access token and refresh token, which allow Bot-Hound to read your followers list and profile on 𝕏. These tokens are encrypted at rest using AWS Key Management Service (KMS).

(b) Google OAuth. When you sign in with Google, we receive and store:

Google account identifiers: your Google user ID
Profile information: your name, email address, and profile picture

We do not receive or store your Google password. We do not request access to your Gmail, Google Drive, or any other Google service.

(c) Account linking. If you sign in with both 𝕏 and Google, your accounts are linked into a single Bot-Hound identity. The data from both providers is merged under one account and shares purchase history, prepaid balance, and reports.

Information you configure

Through the Bot-Hound portal, you may set preferences that we store:

Bot detection sensitivity threshold (subscribers)
Blocking mode — automatic or manual review (subscribers)
Subscription plan and billing period (subscribers)

Billing information

When you make a payment (subscription or Bot Check report purchase), the following information is collected by Stripe during checkout and shared with us:

Email address: collected by Stripe during checkout. Used to send billing-related notifications.
Stripe customer ID: used to associate payments with your Bot-Hound account.

We do not receive or store your payment card details. If you add funds to your prepaid balance, we store the balance amount associated with your account.

Information about your 𝕏 followers (subscriber monitoring)

For subscriber monitoring, we collect and process publicly available information about accounts that follow you on 𝕏:

Account identifiers: 𝕏 user ID and username of your followers
Profile metadata: account age, bio, follower/following counts, tweet count, and profile images
Recent public tweets: up to 20 recent public tweets per follower account, used for bot classification

This information is collected from the public 𝕏 platform and is used solely for bot classification purposes.

Information collected for Bot Check reports

When a Bot Check report is generated for a target account, we collect and process:

Target account metadata: the target account’s public username, display name, follower count, and profile image
Sampled follower IDs: a subset of the target account’s public followers, based on the chosen sample size
Public profile metadata and tweets: the same data types described above (profile metadata, recent tweets) for each sampled follower
Report data: the resulting report, including aggregate statistics (real, suspect, and bot percentages) and individual bot classifications

Bot Check reports may be generated by any authenticated user for any public 𝕏 account. The target account does not need to be a Bot-Hound user and is not notified when a report is generated.

Information generated by the Service

Through the bot classification process, we generate and store:

Bot probability scores: a numerical score (0.0 to 1.0) indicating the likelihood that an account is a bot
Classification reasons: AI-generated explanations for why an account was classified as a bot
Profile image hashes: perceptual hashes derived from public profile images, used to detect impersonation through image similarity. These are one-way hashes — the original images are not stored.
Block records: which accounts were blocked, allowed, or dismissed on behalf of subscribers
Subscription records: subscription status, plan tier, billing period, and relevant dates

Information accessed by the Chrome extension (subscribers only)

If you use the Bot-Hound Chrome extension, the extension accesses your 𝕏 session cookies (ct0 and auth_token) stored in your browser by x.com. These cookies are used locally within the extension to:

Verify your 𝕏 identity by calling 𝕏’s API directly from your browser
Execute block actions against detected bots by calling 𝕏’s API directly from your browser
Fetch your followers list from 𝕏’s API directly from your browser
Fetch public profiles and recent tweets of your followers from 𝕏’s API directly from your browser
Fetch your following list to support follow-back detection

Information collected and transmitted by the Chrome extension

When the extension fetches data from 𝕏 on your behalf, the following information is transmitted to Bot-Hound’s servers for bot classification processing:

Follower IDs: the list of 𝕏 user IDs that follow your account
Public profiles: usernames, bios, follower/following counts, account age, and profile images of your followers
Recent public tweets: up to 20 recent public tweets per follower account
Following list: the accounts you follow, used to detect mutual follows (follow-backs)

All data listed above is publicly available on 𝕏. This data is uploaded securely to Bot-Hound’s cloud storage (Amazon S3) and processed for bot classification. Some data — such as follower IDs, profile information, and cached tweets — may be retained to support service performance and provide accurate classification results.

The extension also maintains a persistent WebSocket connection to Bot-Hound’s servers while active. This connection is used to receive work assignments (e.g., “fetch followers now”) and report progress. No 𝕏 credentials are transmitted over this connection.

Your 𝕏 session cookies are never transmitted to Bot-Hound’s servers. All 𝕏 session cookie access occurs locally in your browser. The extension calls 𝕏’s API directly from your browser — only the resulting data (follower IDs, profiles, tweets) is sent to Bot-Hound for processing. Bot-Hound’s backend never receives or stores your 𝕏 session cookies.

You can revoke this access at any time by removing the Bot-Hound extension from your browser.

Session information

When you log in, we create a session identified by a cryptographically random token. This session is stored as an HttpOnly, Secure cookie (bh_session) on the domain bot-hound.com. Sessions expire after 30 days.

Analytics information

We use Google Analytics and Cloudflare Web Analytics to collect aggregated usage data, including:

Google Analytics: pages visited, time spent on pages, referral sources, and general geographic region (country/city level). Google Analytics sets cookies (_ga, _ga_*) on your device to distinguish unique users and sessions.
Google Ads: we use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. Google Ads may set cookies (_gcl_au, _gcl_aw) on your device to attribute conversions (such as sign-ups) to specific ads. No personal information from your Bot-Hound account is shared with Google Ads.
Cloudflare Web Analytics: page views and visits in aggregate. Cloudflare does not use cookies or collect personally identifiable information.

Information we do NOT collect

Google passwords or access to Gmail, Google Drive, or other Google services
Direct messages on 𝕏
Private or protected tweets
Location data
Device fingerprints or tracking identifiers

We use Google Ads conversion cookies solely to measure advertising effectiveness (see Section 4). We do not sell data to third-party advertisers.

3. How We Use Information

Provide the Service: authenticate your account, generate Bot Check reports, monitor your followers (subscribers), classify potential bots, and support blocking actions through the Chrome extension (subscribers)
Maintain your account: store your preferences, manage your subscription or prepaid balance, link authentication providers, and maintain your session
Improve classification accuracy: use classification results to populate a shared cache (see Section 5) that benefits all users
Maintain billing records: track subscription status and purchase history for account management and dispute resolution
Send service notifications: notify you of changes to your subscription status, including when your follower count exceeds your current plan’s limits

4. Information Shared With Third Parties

xAI (Grok API)

To classify accounts as potential bots, we send the following information to xAI’s Grok large language model API:

𝕏 usernames
Public profile metadata (account age, bio, follower/following counts)
Recent public tweets (up to 20 per account)

This data may originate from subscriber monitoring scans or from Bot Check reports. For Bot Check, the data sent to xAI pertains to the target account’s followers, not the purchaser. xAI’s use of this data is governed by xAI’s privacy policy.

𝕏 platform

We make API calls to the 𝕏 platform to read followers lists for monitoring purposes (subscribers) and to fetch target account follower data for Bot Check reports. These API calls transmit OAuth credentials where applicable.

Google

When you sign in with Google OAuth, we exchange an authorization code with Google’s servers to receive your profile information. We do not share your Bot-Hound data with Google beyond what is required for the OAuth flow.

Infrastructure providers

The Service is hosted on Amazon Web Services (AWS). Your data is processed and stored on AWS infrastructure in accordance with AWS’s privacy practices.

Stripe

We use Stripe, Inc. to process all payments (subscriptions, per-report purchases, and prepaid balance top-ups). Stripe collects your payment information and email address directly. Stripe shares your email address with us so we can send billing-related notifications. We do not receive or store your payment card details. Stripe’s use of your data is governed by Stripe’s Privacy Policy.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors interact with the Service. Google Analytics uses cookies to collect information such as how often users visit the site, what pages they visit, and what other sites they visited prior to coming to the Service. We use the information from Google Analytics only to improve the Service. Google Analytics collects the IP address assigned to you on the date you visit the Service, but we do not combine this with other data we maintain about you.

Google’s ability to use and share information collected by Google Analytics about your visits to the Service is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You can learn more about how Google collects and processes data at How Google uses information from sites or apps that use our services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Google Ads

We use Google Ads conversion tracking, a service provided by Google LLC, to measure the effectiveness of our advertising campaigns. When you visit Bot-Hound after clicking a Google ad, Google Ads may set cookies on your device to attribute your visit or sign-up to that ad. The information collected is aggregated and does not include your Bot-Hound account data, 𝕏 credentials, or follower information. Google’s use of this data is governed by the Google Privacy Policy. You can opt out of personalized advertising by visiting Google Ads Settings.

Cloudflare Web Analytics

We use Cloudflare Web Analytics, a privacy-first analytics service provided by Cloudflare, Inc. Cloudflare Web Analytics does not use cookies or collect personally identifiable information. It collects aggregated, anonymous data about page views and visits. Cloudflare’s use of this data is governed by Cloudflare’s Privacy Policy.

We do NOT

Sell your personal information to anyone
Share your Bot-Hound account data, 𝕏 credentials, Google credentials, or follower information with advertisers
Share your data with any parties other than those listed above

5. Shared Bot Classification Cache

Bot-Hound maintains a shared classification cache that stores bot probability scores, classification reasons, and profile image hashes for 𝕏 accounts that have been analyzed. When an account is classified — whether through subscriber monitoring or a Bot Check report — that classification result may be reused without re-analyzing the account.

This means that classifications generated from one user’s scan may be applied when processing another user’s followers or a Bot Check report, and vice versa.

Classification cache entries expire after 14 days, after which accounts will be re-analyzed if encountered again.

6. Public Data and Target Account Rights

Bot Check analyzes publicly available data from public 𝕏 accounts. When a Bot Check report is generated for a target account:

Only publicly available follower data is collected and analyzed
The target account is not notified
No private or protected data is accessed
The target account does not need to be a Bot-Hound user

There is no opt-out mechanism for public accounts, as Bot Check processes only data that is already publicly available on 𝕏. However, if you are the owner of a target account and have concerns about a report generated for your account, please contact us at [email protected].

7. Report Access and Sharing

Bot Check reports are associated with the purchaser’s account via a purchaser token. Reports may be accessed by:

The purchaser who ordered the report
Anyone with the report’s shareable URL

We log access to reports for security and abuse prevention purposes. We do not control how purchasers distribute report URLs and are not responsible for downstream use of shared report data.

8. Data Security

We implement the following security measures to protect your information:

Encryption at rest: your 𝕏 OAuth tokens are encrypted using AWS Key Management Service (KMS) before storage
Secure sessions: session tokens are cryptographically random (32 bytes) and delivered as HttpOnly, Secure, SameSite cookies
HTTPS only: all communication between your browser, our API, and third-party services is encrypted in transit
Restricted CORS: API access is restricted to the bot-hound.com origin

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

9. Data Retention

Data type	Retention period
Bot classification cache	14 days (automatic expiry)
Extension-collected data (S3)	Publicly available data; may be retained to support service performance and accuracy
Session data	30 days (automatic expiry)
Follower tracking data (subscribers)	While your account is active
Account data and preferences	While your account is active
Block records (subscribers)	While your account is active
Subscription records	While your account is active
Prepaid balance records	While your account is active
Bot Check reports	While the purchaser’s account is active; may be deleted upon request
Bot Check target account data	Classification data enters the shared cache (14-day expiry); report data follows report retention above

10. Your Rights and Choices

(a) All users

Request information: you may contact us at [email protected] to request information about the data we hold about you.
Request deletion: you may contact us at [email protected] to request deletion of your account data, including any Bot Check reports you purchased.

(b) Subscribers

Revoke 𝕏 access: you may revoke Bot-Hound’s access to your 𝕏 account at any time through your 𝕏 account settings. This will immediately stop all monitoring activity on your account.
Manage settings: you may adjust your bot detection sensitivity, blocking mode, and preferences at any time through the Bot-Hound portal.

(c) Bot Check users (Google OAuth)

Revoke Google access: you may revoke Bot-Hound’s access through your Google account settings.

(d) Target accounts

If you are the owner of an 𝕏 account that has been analyzed in a Bot Check report and have concerns, please contact us at [email protected]. While we analyze only publicly available data, we will review concerns in good faith.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain rights regarding your personal information:

Right to know: you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you
Right to delete: you have the right to request deletion of your personal information, subject to certain exceptions
Right to opt-out of sale: we do not sell your personal information. We have not sold personal information in the preceding 12 months.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].