What payment methods do you accept?

We accept Bitcoin (BTC) only. No credit cards, no PayPal, no KYC required. Your privacy is protected from the first transaction.

Is mB0t Swiss-hosted?

Yes. Our infrastructure is hosted in Switzerland, benefiting from strong privacy laws and neutral jurisdiction.

Can you read my campaigns, contacts, or content?

No. mB0t is end-to-end encrypted by design—we architecturally cannot access your data.

Can I cancel anytime?

Yes. Plans are month-to-month and you can cancel whenever you want. No refunds on crypto payments, but unused time remains active.

What's included in Standard vs Premium?

Standard covers the essentials (routing, validation, deliverability). Premium adds advanced monitoring, AI optimization, and priority support.

PrivacyPrivacy Policy

Privacy Policy

mB0t is built privacy-first: every customer runs on their own dedicated VPS instance. Your contacts, templates, and campaign data stay inside that instance. We process billing and licensing information, and optional aggregate service metrics when enabled. Some optional features (like AI assistance) may send the text you submit to third-party APIs to generate outputs.

Effective date: March 1, 2024privacy [at] mailb0t.ai

Single-tenant VPS

Your own isolated server

No routine access

We don't read your content in normal operation

No centralized content

Your data stays in your dedicated instance

What We Are / Aren't

We ARE

A software vendor shipping an automation tool you deploy to your own VPS (provided by us).

We AREN'T

Your ESP, list host, wallet custodian, data broker, or mail relay.

Information We Collect (Minimal)

We collect only what's necessary for billing, licensing, and operating the service. We do not collect or store message bodies or recipient lists in a shared, centralized system.

Billing only: Company name, billing email, plan, invoice/transaction IDs.
Service telemetry (optional): Aggregate counters (emails sent, success/fail counts, active campaigns, total contact count), version, and basic instance health metrics. No message content.
AI features (optional): If you use AI assistance, the text you submit may be sent to the configured third-party AI provider to generate outputs.
No centralized content: Contacts, templates, and campaign data remain on your dedicated instance; we don't copy them into our billing systems.

Data & Privacy Architecture

Your data lives on your own dedicated VPS instance under your domain. We don't centralize your contacts, templates, or message content into a shared SaaS database.

Data residency: Customer data lives on your dedicated VPS instance.
No centralized ingestion: We don't ingest your contacts, templates, or message content into our own multi-tenant storage.
No central logs: We don't centralize message logs by default.
Suppression local-only: Unsubscribes/bounces/complaints stored on your VPS only.
Credentials stay local: SMTP/proxy credentials are stored on your instance and used only for sending.

Security (How It's Built)

Encryption in Transit

HTTPS/TLS for the dashboard API. SMTP can be configured with TLS/SSL (recommended).

Per-Tenant Domains

Mandatory customer CNAMEs for tracking/unsub (or disable tracking entirely).

No Shared Infrastructure

Each customer runs on an isolated instance (app + database) to reduce cross-tenant risk.

Access Revocation

After provisioning, bootstrap credentials can be rotated/removed. Support access, if granted, can be revoked.

Logging & Retention

✗

We don't centralize message logs, recipient lists, or content on our own servers.

✓

We do keep minimal billing records for tax/audit periods.

✓

On your VPS: you control system logs; defaults use short retention.

Payments & Billing

Crypto-only

Bitcoin (BTC) only via supported gateways; we never custody your funds.

What We Keep

Company name, billing email, plan, invoice/tx IDs—that's it.

Refunds

Crypto refunds sent back to customer-provided address (subject to AML/sanctions checks).

Hosting & Jurisdiction

Company: mB0t Labs is incorporated in Hong Kong SAR. Governing law follows Hong Kong jurisdiction.

Hosting: Customer Instances are hosted in Switzerland (CH primary) for data privacy and sovereignty. EU edge (NL/DE) available for latency.

Law follows the users: Your marketing compliance depends on where you email, not where the VPS sits.

Software vendor: mB0t acts as a software licensor; if you enable optional features that process personal data on our infra, we'll offer a DPA.

Compliance Posture (Who Does What)

You are the sender/controller

Under GDPR, CAN-SPAM, CASL, and other regulations, you control recipient data and decide when to send. We process billing/licensing info and optional aggregate telemetry if enabled.

We're the software licensor

We provide the tool. We don't routinely access your contacts or message content. If you enable optional analytics that touch our servers, we'll sign a DPA.

Deliverability rules enforced

We block obvious spam patterns (purchased lists, no unsubscribe link, blacklisted domains) to reduce abuse and protect deliverability.

Business Logic (How the App Behaves)

The software performs pre-flight checks and real-time health monitoring to protect deliverability:

Pre-flight checks: DMARC/SPF/DKIM, sender domain reputation, required headers (List-Unsubscribe).
Rate & health controls: Automatic pausing if bounce rate >5%, complaint rate >0.1%, or blacklist detection.
Diagnostics without content: We may see aggregate success/fail counts and basic health signals, but not message bodies or recipient addresses.

Customer Responsibilities

You must comply with applicable laws and regulations when using mB0t:

✓

Obtain valid consent before sending (GDPR, CASL, etc.)

✓

Include working unsubscribe links in every message

✓

Honor opt-outs within 10 days (CAN-SPAM) or 30 days (GDPR)

✓

Configure SPF, DKIM, and DMARC for your sending domains

✓

Keep your VPS and software updated (we'll notify you of critical patches)

✓

Maintain backups of your data (we provide daily snapshots, but you own the data)

✓

Secure your instance secrets (SMTP credentials, proxy credentials, API keys)

Acceptable Use (Hard Lines)

We terminate accounts immediately for:

✗

Purchased, scraped, or rented email lists

✗

Phishing, malware, or fraudulent content

✗

Spam complaints >0.3% sustained over 7 days

✗

Attempts to bypass pre-flight checks or rate limits

✗

Sending without consent or to suppression-listed addresses

✗

Adult content, gambling, payday loans, or crypto schemes (case-by-case review)

Violations may result in immediate suspension without refund. Serious abuse reported to authorities.

Our Commitments

✓

We will never sell, share, or monetize your customer data

✓

We will notify you of any security incidents within 72 hours

✓

We will provide 30 days notice before material privacy policy changes

✓

We will maintain SOC 2 Type II compliance once achieved

✓

We will delete your billing data within 90 days of account closure (unless required for tax/audit)

Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the use of your data. Submit requests through the privacy center in the dashboard or email privacy@mailb0t.ai. We respond within 30 days.

Changes to This Policy

We will post any updates on this page and notify workspace owners in-app at least 30 days before changes take effect. Material changes require your acceptance to continue using the service.

Contact

Privacy questions? Email privacy@mailb0t.ai or write to mB0t Labs, Hong Kong SAR.

We are GDPR compliant and pursue SOC 2 Type II certification. Details are available in our security addendum.