Legal
Privacy Policy
Last updated: April 24, 2026
This Privacy Policy explains how MightyBot Inc. ("MightyBot," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website, sales and marketing activities, and enterprise AI agent platform.
MightyBot provides policy-driven AI agents for regulated business workflows. The platform is currently available by invitation, pilot, design partner agreement, order form, or other written agreement. If a written customer agreement, data processing agreement, or order form conflicts with this Privacy Policy for customer platform data, the written agreement controls for that customer data.
Scope
This Privacy Policy applies to:
- Visitors to mightybot.ai and related MightyBot websites.
- People who request information, book a demo, download content, join a pilot, or communicate with us.
- Authorized users of the MightyBot platform.
- Personal information contained in customer data that MightyBot processes to provide platform services.
Our Role
We process information in different roles depending on the context:
- Website, marketing, sales, account, security, and administrative data: MightyBot generally acts as a controller or business because we decide why and how this information is processed.
- Customer data processed through the platform: MightyBot generally acts as a processor or service provider. We process that data on behalf of, and under instructions from, the customer that configures or uses the platform.
- Authorized users: If you use MightyBot through your employer or another organization, that organization may be the controller or business for your account and workflow activity. Privacy requests about platform customer data may need to be directed to that organization.
Definitions
- Authorized User means an individual permitted by a customer to access the MightyBot platform.
- Customer means an organization that evaluates, purchases, configures, or uses MightyBot services.
- Customer Data means data, documents, records, prompts, policies, workflow instructions, inputs, outputs, integration data, and other materials submitted to, connected to, generated by, or processed through the platform on behalf of a customer.
- Personal Information or Personal Data means information that identifies, relates to, describes, or can reasonably be linked to an individual.
- Platform means MightyBot's AI agent platform, including policy engines, agent execution layers, integrations, audit logs, dashboards, workflows, and related services.
- Services means the website, platform, support, pilots, professional services, and related offerings provided by MightyBot.
- Subprocessor means a third party that processes Customer Data or Personal Information on MightyBot's behalf to provide the Services.
Information We Collect
Information you provide to us. We may collect your name, work email, phone number, company, job title, industry, message content, demo request details, event registrations, whitepaper download information, and communications with us.
Website and device information. We may collect IP address, browser type, device identifiers, pages visited, referring URLs, campaign source, country or region inferred from IP address, timestamps, and interactions with website content, forms, scheduling links, and calls to action.
Account and platform information. For invited platform users, we may collect account profile information, organization and tenant identifiers, authentication metadata, roles and permissions, audit logs, workflow activity, API usage, support requests, and security events.
Customer Data processed through the platform. Depending on a customer's configuration, MightyBot may process business documents, emails, files, policies, workflow definitions, business rules, system records, extracted fields, evidence references, user instructions, prompts, agent outputs, approval history, exception handling notes, and audit records.
Integration data. If a customer connects MightyBot to third-party systems, we process the data the customer authorizes us to access. Those systems may include cloud storage, email, collaboration tools, CRMs, loan origination systems, case management systems, ERP systems, databases, ticketing systems, data warehouses, or other business applications.
Cookies and similar technologies. We use cookies, pixels, tags, scripts, local storage, and similar technologies for site operation, analytics, attribution, business visitor identification, scheduling, and content access. See our Cookie Policy for more information.
How We Use Information
We use information for the following purposes:
- Provide, configure, secure, operate, support, and improve the Services.
- Respond to inquiries, demo requests, whitepaper requests, support tickets, and other communications.
- Manage pilots, design partner programs, customer accounts, contracts, invoicing, and relationship management.
- Process Customer Data according to customer instructions, platform configuration, documentation, and applicable agreements.
- Run AI agent workflows, evaluate policies, generate outputs, route exceptions, support human review, and maintain audit trails.
- Analyze website performance, campaign attribution, product usage, page engagement, and conversion activity.
- Protect against fraud, abuse, security threats, unauthorized access, and misuse.
- Comply with legal obligations, enforce agreements, and protect our rights and the rights of customers and users.
AI Systems and Customer Data
MightyBot uses AI models and related infrastructure to provide workflow automation, document analysis, policy evaluation, extraction, classification, summarization, drafting, decision support, and agent execution features.
Unless a customer separately authorizes it in writing, MightyBot does not use Customer Data to train generalized or shared foundation models. We do not permit one customer's Customer Data to be used to train another customer's workspace, agents, or workflows. We may use aggregated, de-identified, or statistical information to operate, measure, secure, and improve the Services, provided it does not identify a customer, user, or individual.
AI outputs can be probabilistic and may require human review, especially for regulated, high-impact, financial, legal, compliance, employment, insurance, healthcare, or similarly sensitive workflows. Customers remain responsible for their policies, workflow configuration, review gates, notices, decisions, and use of outputs.
How We Disclose Information
We may disclose information in the following circumstances:
- Service providers and subprocessors. We use vendors for hosting, security, analytics, communications, scheduling, model access, observability, and other operational needs. See our Subprocessors page for platform Customer Data subprocessors.
- Customers and administrators. If you use the platform through an organization, that organization and its administrators may access account, workflow, audit, and usage information associated with its workspace.
- Customer-directed integrations. We disclose or transmit data to systems a customer connects or directs us to use.
- Professional advisors. We may disclose information to lawyers, auditors, insurers, banks, and other advisors.
- Legal and safety reasons. We may disclose information if required by law, legal process, or government request, or to protect rights, safety, security, and property.
- Business transactions. Information may be transferred as part of a merger, acquisition, financing, restructuring, sale of assets, or similar transaction.
- With consent or direction. We may disclose information when you or the relevant customer instructs or authorizes us to do so.
We do not sell Personal Information for money. We may use analytics, attribution, and B2B marketing technologies that could be considered a "sale," "sharing," or targeted advertising under some U.S. state privacy laws when they identify business visitors or measure advertising and referrals. See our Cookie Policy for choices and additional details.
Data Retention
We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security and audit records, manage business records, comply with legal obligations, resolve disputes, and enforce agreements.
Customer Data retention, deletion, and return are governed by the applicable customer agreement, data processing agreement, order form, platform configuration, or written instructions. Website lead and marketing data may be retained for relationship management and compliance unless you request deletion or opt out, subject to legal and operational retention needs.
Security
We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encryption in transit and at rest where appropriate, tenant isolation, logging, vulnerability management, and security reviews. MightyBot maintains SOC 2 controls for applicable production systems. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
For more information about our security posture, visit Platform Security or contact us.
Security Incident Notices
If we become aware of a security incident that affects Personal Information or Customer Data, we will notify affected customers without undue delay and in accordance with applicable law and any applicable written agreement. We may also provide notices to individuals or regulators where required by law.
International Data Transfers
MightyBot is based in the United States, and information may be processed in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers, such as data processing agreements, standard contractual clauses, or other lawful transfer mechanisms.
Privacy Rights and Choices
Depending on your location and the context of processing, you may have rights to access, correct, delete, restrict, object to, port, or opt out of certain processing of your Personal Information. You may also have the right to withdraw consent where processing is based on consent.
To exercise rights for website, marketing, or sales data, contact us using the details below. If your request relates to Customer Data controlled by your employer or another MightyBot customer, we may direct your request to that customer or act on the customer's instructions.
You may opt out of marketing emails by using the unsubscribe link in the email or contacting us. You can also manage cookies through browser settings and, where available, vendor controls described in our Cookie Policy.
California Privacy Notice
This section supplements the rest of this Privacy Policy for California residents. The categories below describe information we may collect, use, and disclose depending on how you interact with MightyBot.
| Category | Examples | Purposes |
|---|---|---|
| Identifiers | Name, work email, company, IP address, account identifiers. | Provide services, respond to requests, manage accounts, security, marketing. |
| Commercial and business information | Demo requests, customer relationship details, pilot participation, contract information. | Sales, customer support, relationship management, contract administration. |
| Internet or network activity | Pages visited, referral URLs, device data, website engagement, platform logs. | Analytics, attribution, security, troubleshooting, platform operation. |
| Professional information | Employer, job title, department, industry, business contact details. | B2B sales, support, account administration, personalization. |
| Geolocation information | Approximate location inferred from IP address. | Security, fraud prevention, analytics, localization. |
| Sensitive personal information | Account credentials, contents of documents or communications processed in Customer Data, or other sensitive data a customer chooses to process. | Provide the platform, secure accounts, process customer workflows, comply with law. |
| Inferences | Business interest, likely company affiliation, product engagement, lead scoring. | Sales prioritization, analytics, marketing, service improvement. |
We collect these categories from you, your organization, your device, customer-directed integrations, service providers, analytics providers, marketing providers, and public or commercially available business sources. We disclose these categories to the recipients described in "How We Disclose Information."
We do not knowingly sell or share Personal Information of individuals under 16. We do not use sensitive personal information for purposes that require a separate right to limit under California law unless we provide the required notice and choice.
California residents may request to know, access, correct, delete, or opt out of sale or sharing of Personal Information, subject to legal exceptions. We will not discriminate against you for exercising privacy rights.
Children's Privacy
The Services are intended for business use and are not directed to children under 13. We do not knowingly collect Personal Information from children under 13. If you believe a child has provided us Personal Information, contact us and we will take appropriate steps.
Third-Party Links
Our website and Services may link to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date above indicates when this Privacy Policy was last revised. Material changes will be communicated as required by law or applicable agreement.
Contact Us
If you have questions or requests about this Privacy Policy or our privacy practices, contact us at [email protected].