Privacy Policy

Last updated: February 21, 2026

1. Introduction

This Privacy Policy describes how Bot-Hound and its proprietor (“Bot-Hound,” “we,” “us,” or “our”) collects, uses, and shares information in connection with the Bot-Hound service at bot-hound.com (the “Service”). By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

The Service is intended for users in the United States who are at least 18 years of age. Please review our Terms of Service for eligibility requirements.

2. Information We Collect

Information you provide through X authorization

When you connect your X (formerly Twitter) account, we receive and store:

X account identifiers: your X user ID and username
Profile information: your profile image URL
OAuth credentials: access token and refresh token, which allow Bot-Hound to act on your behalf on X. These tokens are encrypted at rest using AWS Key Management Service (KMS).

Information you configure

Through the Bot-Hound portal, you may set preferences that we store:

Bot detection sensitivity threshold
Blocking mode (automatic or manual review)
Subscription plan and billing period

Information about your X followers

To provide the Service, we collect and process publicly available information about accounts that follow you on X:

Account identifiers: X user ID and username of your followers
Profile metadata: account age, bio, follower/following counts, tweet count, and profile images
Recent public tweets: up to 20 recent public tweets per follower account, used for bot classification

This information is collected from the public X platform and is used solely for bot classification purposes.

Information generated by the Service

Through the bot classification process, we generate and store:

Bot probability scores: a numerical score (0.0 to 1.0) indicating the likelihood that an account is a bot
Classification reasons: AI-generated explanations for why an account was classified as a bot
Profile image hashes: perceptual hashes derived from public profile images, used to detect impersonation through image similarity. These are one-way hashes—the original images are not stored.
Block records: which accounts were blocked, allowed, or dismissed on your behalf
Subscription records: subscription status, plan tier, billing period, and relevant dates

Session information

When you log in, we create a session identified by a cryptographically random token. This session is stored as an HttpOnly, Secure cookie (bh_session) on the domain bot-hound.com. Sessions expire after 30 days.

Analytics information

We use Google Analytics and Cloudflare Web Analytics to collect aggregated usage data, including:

Google Analytics: pages visited, time spent on pages, referral sources, and general geographic region (country/city level). Google Analytics sets cookies (_ga, _ga_*) on your device to distinguish unique users and sessions.
Cloudflare Web Analytics: page views and visits in aggregate. Cloudflare does not use cookies or collect personally identifiable information.

Information we do NOT collect

Email addresses
Real names or legal identities
Direct messages
Private or protected tweets
Location data
Device fingerprints or tracking identifiers

We do not use advertising cookies or sell data to third-party advertisers.

3. How We Use Information

Provide the Service: authenticate your account, monitor your followers, classify potential bots, and execute blocking actions on your behalf
Maintain your account: store your preferences, manage your subscription, and maintain your session
Improve classification accuracy: use classification results to populate a shared cache (see Section 5) that benefits all users
Maintain billing records: track subscription status for account management and dispute resolution

4. Information Shared With Third Parties

xAI (Grok API)

To classify accounts as potential bots, we send the following information about your followers to xAI’s Grok large language model API:

X usernames
Public profile metadata (account age, bio, follower/following counts)
Recent public tweets (up to 20 per account)

This data is sent solely for the purpose of bot classification. xAI’s use of this data is governed by xAI’s privacy policy.

X platform

We make API calls to the X platform to read your followers list and to block or unblock accounts on your behalf. These API calls transmit your OAuth credentials and the identifiers of accounts being blocked or unblocked.

Infrastructure providers

The Service is hosted on Amazon Web Services (AWS). Your data is processed and stored on AWS infrastructure in accordance with AWS’s privacy practices.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors interact with the Service. Google Analytics uses cookies to collect information such as how often users visit the site, what pages they visit, and what other sites they visited prior to coming to the Service. We use the information from Google Analytics only to improve the Service. Google Analytics collects the IP address assigned to you on the date you visit the Service, but we do not combine this with other data we maintain about you.

Google’s ability to use and share information collected by Google Analytics about your visits to the Service is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You can learn more about how Google collects and processes data at How Google uses information from sites or apps that use our services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Cloudflare Web Analytics

We use Cloudflare Web Analytics, a privacy-first analytics service provided by Cloudflare, Inc. Cloudflare Web Analytics does not use cookies or collect personally identifiable information. It collects aggregated, anonymous data about page views and visits. Cloudflare’s use of this data is governed by Cloudflare’s Privacy Policy.

We do NOT

Sell your personal information to anyone
Share your data with advertisers
Share your data with any parties other than those listed above

5. Shared Bot Classification Cache

Bot-Hound maintains a shared classification cache that stores bot probability scores, classification reasons, and profile image hashes for X accounts that have been analyzed. When an account is classified for one Bot-Hound user, that classification result may be used when processing other users’ followers, without re-analyzing the account.

This means that if a follower of yours has already been classified for another Bot-Hound user, their existing classification may be applied to your account without sending their data to xAI again. Similarly, classifications generated from your followers may be used for other Bot-Hound users.

Classification cache entries expire after 14 days, after which accounts will be re-analyzed if encountered again.

6. Data Security

We implement the following security measures to protect your information:

Encryption at rest: your X OAuth tokens are encrypted using AWS Key Management Service (KMS) before storage
Secure sessions: session tokens are cryptographically random (32 bytes) and delivered as HttpOnly, Secure, SameSite cookies
HTTPS only: all communication between your browser, our API, and third-party services is encrypted in transit
Restricted CORS: API access is restricted to the bot-hound.com origin

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

7. Data Retention

Data type	Retention period
Bot classification cache	14 days (automatic expiry)
Session data	30 days (automatic expiry)
Follower tracking data	While your account is active
Account data and preferences	While your account is active
Block records	While your account is active
Subscription records	While your account is active

8. Your Rights and Choices

Revoke access: you may revoke Bot-Hound’s access to your X account at any time through your X account settings. This will immediately stop all Bot-Hound activity on your account.
Request information: you may contact us at [email protected] to request information about the data we hold about you.
Request deletion: you may contact us at [email protected] to request deletion of your account data. We are actively developing an automated account deletion feature.
Manage settings: you may adjust your bot detection sensitivity, blocking mode, and auto-refill settings at any time through the Bot-Hound portal.

9. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain rights regarding your personal information:

Right to know: you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you
Right to delete: you have the right to request deletion of your personal information, subject to certain exceptions
Right to opt-out of sale: we do not sell your personal information. We have not sold personal information in the preceding 12 months.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].