← Back to Bot Hound

Privacy Policy

Last updated: July 11, 2026

1. Introduction

This Privacy Policy describes how Bot-Hound and its proprietor (“Bot-Hound,” “we,” “us,” or “our”) collects, uses, and shares information in connection with the Bot-Hound service at bot-hound.com (the “Service”). By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

The Service consists of:

This policy covers Bot Check. The sections below say which data applies.

In this policy, “you” refers to an authenticated Bot-Hound user. A “target account” is the public 𝕏 account being checked. A target account may or may not be a Bot-Hound user.

The Service is intended for users in the United States who are at least 18 years of age. Please review our Terms of Service for eligibility requirements.

2. Information We Collect

Information you provide through authentication

𝕏 (Twitter) OAuth. When you connect your 𝕏 account, we receive and store:

To run a Bot Check, we request identity-only access (users.read, tweet.read). This lets us identify your account and nothing more. We do not request access to your followers list, and we do not receive a refresh token — so our access ends when the short-lived access token expires.

Billing information

When you make a payment (a Bot Check purchase or prepaid top-up), the following information is collected by Stripe during checkout and shared with us:

We do not receive or store your payment card details. If you add funds to your prepaid balance, we store the balance amount associated with your account.

Information collected for a Bot Check

When you run a Bot Check on a target account, we collect and process publicly available information about that account itself. We do not collect its followers.

A Bot Check may be run by any authenticated user against any public 𝕏 account. The target account does not need to be a Bot-Hound user and is not notified when it is checked. Protected (private) accounts cannot be checked.

Information generated by the Service

Through the bot classification process, we generate and store:

Session and report-access cookies

When you log in, we create a session identified by a cryptographically random token. It is stored as an HttpOnly, Secure, SameSite=Lax cookie named bh_session, set directly by our API server and readable only by it. Sessions expire after 30 days.

If you purchase or run a report, we also set an HttpOnly, Secure, SameSite=Lax cookie named bh_purchaser, which holds random access tokens for the reports you have paid for. It lets you return to those reports without logging in, and expires after 90 days. It contains no personal information.

Both cookies are host-only: they are scoped to the single API hostname that set them and are not shared with any other subdomain. Neither cookie is used for advertising or tracking.

Analytics information

We use Google Analytics and Cloudflare Web Analytics to collect aggregated usage data, including:

Information we do NOT collect

We use Google Ads conversion cookies solely to measure advertising effectiveness (see Section 4). We do not sell data to third-party advertisers.

3. How We Use Information

4. Information Shared With Third Parties

xAI (Grok API)

To classify accounts as potential bots, we send the following information to xAI’s Grok large language model API:

The data sent to xAI is the target account’s own profile, tweets, and profile image — not its followers, and not the person requesting the check.

xAI’s use of this data is governed by xAI’s privacy policy.

𝕏 platform

We make API calls to the 𝕏 platform (directly or via a third-party 𝕏 data provider) to fetch a target account’s own public profile and recent tweets for a Bot Check, and we download its public profile image from 𝕏’s image servers.

Infrastructure providers

The Service is hosted on Amazon Web Services (AWS). Your data is processed and stored on AWS infrastructure in accordance with AWS’s privacy practices.

Stripe

We use Stripe, Inc. to process all payments (Bot Check purchases and prepaid balance top-ups). Stripe collects your payment information and email address directly. Stripe shares your email address with us so we can send billing-related notifications. We do not receive or store your payment card details. Stripe’s use of your data is governed by Stripe’s Privacy Policy.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors interact with the Service. Google Analytics uses cookies to collect information such as how often users visit the site, what pages they visit, and what other sites they visited prior to coming to the Service. We use the information from Google Analytics only to improve the Service. Google Analytics collects the IP address assigned to you on the date you visit the Service, but we do not combine this with other data we maintain about you.

Google’s ability to use and share information collected by Google Analytics about your visits to the Service is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You can learn more about how Google collects and processes data at How Google uses information from sites or apps that use our services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Google Ads

We use Google Ads conversion tracking, a service provided by Google LLC, to measure the effectiveness of our advertising campaigns. When you visit Bot-Hound after clicking a Google ad, Google Ads may set cookies on your device to attribute your visit or sign-up to that ad. The information collected is aggregated and does not include your Bot-Hound account data, 𝕏 credentials, or follower information. Google’s use of this data is governed by the Google Privacy Policy. You can opt out of personalized advertising by visiting Google Ads Settings.

Cloudflare Web Analytics

We use Cloudflare Web Analytics, a privacy-first analytics service provided by Cloudflare, Inc. Cloudflare Web Analytics does not use cookies or collect personally identifiable information. It collects aggregated, anonymous data about page views and visits. Cloudflare’s use of this data is governed by Cloudflare’s Privacy Policy.

We do NOT

5. Shared Bot Classification Cache

Bot-Hound maintains a shared cache so that an account already analyzed does not need to be re-analyzed. The cache is shared across all users: a verdict produced for one user’s check may be reused when serving another user’s request, and vice versa. Cache entries are keyed only to the analyzed 𝕏 account — they do not record who requested the analysis.

There is one cache: the Bot Check verdict cache — stores the verdict for a checked account (bot probability, confidence band, reasons, avatar description, display name, and profile image URL), keyed by username. Entries expire automatically after 7 days, after which the account is re-analyzed if checked again.

If you are the owner of an analyzed account and want its cached classification removed, contact us at [email protected].

6. Public Data and Target Account Rights

Bot Check analyzes publicly available data from public 𝕏 accounts. When a target account is analyzed:

A Bot Check produces an AI-generated verdict — including a bot probability score and written reasons — about the target account itself, and that verdict can be viewed by anyone with the report’s URL (see Section 7). Verdicts are automated estimates and may be wrong.

There is no automatic opt-out for public accounts, as we process only data that is already publicly available on 𝕏. However, every completed Bot Check verdict links to our X account, @BotHound_: to dispute a verdict about your account or request a takedown, tag or DM @BotHound_, or email us at [email protected]. If we take a report offline, the public report page then shows only an “under review” notice, with no score, band, or reasons. You may also contact us at [email protected] to request permanent removal of a report about your account, or deletion of its cached classification. We review such requests in good faith. Taking a report offline affects only the report page we host; we cannot remove copies cached elsewhere, such as a social-media link preview or a screenshot already posted.

7. Report Access and Sharing

Reports are associated with the purchaser’s account via a purchaser token stored in the bh_purchaser cookie. Reports may be accessed by:

Completed Bot Check verdicts are public to anyone holding the URL. No login, account, or purchaser token is required to view a finished verdict — the report page displays the checked account’s username, display name, profile image, bot probability, confidence band, and the AI-generated reasons. Report URLs contain a long random identifier and are not listed or indexed by us, but they are not otherwise access-controlled. Treat a report URL as a shareable link: anyone you send it to can read the verdict, and so can anyone they forward it to.

We log access to reports for security and abuse prevention purposes. We do not control how purchasers distribute report URLs and are not responsible for downstream use of shared report data.

8. Data Security

We implement the following security measures to protect your information:

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

9. Data Retention

Data type Retention period
Bot Check verdict cache 7 days (automatic expiry)
Session data 30 days (automatic expiry)
Account data and preferences While your account is active
Prepaid balance records While your account is active
Bot Check verdicts Retained indefinitely, and remain reachable at their URL, until deleted upon request
Session cookie (bh_session) 30 days
Purchaser cookie (bh_purchaser) 90 days
Target account data Classification data enters the shared cache (see Section 5); report data follows report retention above

10. Your Rights and Choices

(a) All users

(b) Target accounts

If you are the owner of an 𝕏 account that has been checked or analyzed, you may contact us at [email protected] to:

While we analyze only publicly available data, we review these requests in good faith.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain rights regarding your personal information:

To exercise these rights, please contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].