bots.so — The AI Inference Model Index

Site: bots.so (the “Site”)

Operator/Data Controller: ESUS LLC (“we,” “us,” “our”)

Effective Date: January 20, 2026

Last Updated: January 20, 2026

This Privacy Policy explains how we handle information when you use our Site and related tools, content, and services (collectively, the “Services”).

Plain-English summary (high level):

We build mostly client-side tools and try to collect the least data possible. We host on Cloudflare (performance + security). We use Rybbit analytics with privacy-protective settings (no session replay; no web vitals; no error tracking; no URL parameter tracking; no fingerprinting; and salted user IDs that rotate daily). We do not embed Beehiiv. Newsletter links send you to Beehiiv (third-party). We may embed Youform forms, but we configure them so nothing is collected until you explicitly consent within the form’s first screen (consent gate). We may earn money via affiliate/referral links, which may involve third-party tracking on their sites after you click out.

1) Who We Are

Operator/Data Controller: ESUS LLC

Address: 5203 Juan Tabo Blvd STE 2B, Albuquerque, New Mexico 87111

Email: privacy@bots.so

Privacy Contact: privacy@bots.so

“Data Controller” means we decide why and how personal data is processed when you use our Site.

2) Information We Collect

Data minimization principle:

We design our Services to collect as little personal data as possible. The only personal data we purposefully collect is your email address & other details you provide when you voluntarily submit it through forms or contact us directly. Other data (analytics, security logs) is collected automatically by our infrastructure providers for site operation and security, as described below.

A) Information you provide to us

You may provide information when you:

email us or contact support (name, email, message content),
submit information into tools (depending on the tool),
submit a form (if we use Youform or another form provider),
make a purchase or sign up for a paid service (if offered in the future),
request a privacy rights action (verification details).

Sensitive data warning: Please do not submit sensitive or confidential information (passwords, payment cards, government IDs, medical records, confidential student records, etc.) unless you have authorization and accept the risks.

B) Information collected automatically (technical + security)

When you visit the Site, we and/or our infrastructure providers may process technical data such as:

IP address (and/or an approximation such as region/country),
device/browser type and settings,
pages requested, timestamps, referrer URLs,
security events (rate limiting, bot detection, abuse prevention).

This is typically necessary to deliver the Site securely and reliably.

C) Analytics data (Rybbit)

We use Rybbit to understand aggregate usage (e.g., page views, navigation patterns). We configure analytics to minimize data and tracking, including:

Session Replay: OFF
User ID salting: ON (with a daily rotating key)
Web vitals: OFF
Error tracking: OFF
Track URL parameters: OFF

We do not intend to identify you personally through analytics. Analytics is used to measure and improve the Site.

D) Forms (Youform, when used)

When we embed forms using Youform:

Before you consent:

The first screen is an explicit consent screen. Until you click “Agree” (or similar), no personal data is collected. You can close the form at any time without providing data.

After you consent:

Youform collects anonymous analytics (form view counts, completion counts)
Youform stores whatever information you provide in the form (typically your email address)
Youform uses local storage for form functionality (not for tracking)
No device fingerprinting is performed

Youform acts as our data processor and stores form submissions on our behalf. The email addresses you provide are subject to the retention periods in Section 8.

We do not embed Beehiiv on our Site. If you click “Subscribe,” you will be sent to Beehiiv (a third party). Beehiiv’s privacy policy and practices apply to subscription flow and newsletter emails.

F) Affiliate and Referral Links

Some links on our Site are affiliate or referral links. We may earn a commission if you make a purchase through these links, at no additional cost to you.

Data sharing: We do not share your personal data with affiliate partners. When you click an affiliate link, you leave our Site and the destination site may place cookies or pixels on your device for conversion attribution and analytics. This tracking occurs on the third party’s domain and is governed by their privacy policy, not ours.

We recommend reviewing the privacy policy of any site you visit through our links.

G) Summary: What Personal Data Do We Actually Collect?

The personal data we purposefully collect from you:

Email addresses (when you submit a form or email us)

Data automatically collected by infrastructure:

IP addresses and connection data (via Cloudflare, for security and site delivery)
Page view analytics (via Rybbit, anonymized with daily-rotating identifiers)
Technical data (browser type, device type, timestamps—standard web server data)

We do not:

Use device fingerprinting
Track you across other websites
Collect sensitive personal data (health, financial, etc.)
Sell your data to third parties

3) How We Use Information (Purposes)

We use information to:

operate, secure, and maintain the Services,
provide the tools and content you request,
prevent abuse, spam, and fraud,
understand usage to improve the Site (analytics),
respond to messages and support requests,
enforce our Terms and comply with legal obligations,
manage business operations (records, auditing, dispute handling).

For complete details on permitted and prohibited uses of our Services, account termination, and service availability, please review our Terms of Service.

4) Legal Bases (EEA/UK and similar jurisdictions)

If GDPR/UK GDPR or similar frameworks apply, we rely on one or more of the following legal bases for processing your personal data:

Processing Activity	Legal Basis	Purpose	Justification
Rybbit Analytics	Legitimate Interests	Measure site performance, identify technical issues, improve user experience	Our interest in website optimization outweighs minimal privacy intrusion (no personally identifiable data; daily rotation of salted IDs; no session replay or fingerprinting)
Youform (after consent gate)	Consent	Collect inquiry/contact data you voluntarily provide	Explicit consent via form’s first screen before any data collection
Cloudflare Security	Legitimate Interests	DDoS mitigation, abuse prevention, site reliability, security monitoring	Strong interest in site availability and security; users reasonably expect protection from attacks and abuse
Support emails	Consent & Legitimate Interests	Responding to user inquiries and support requests	You initiate contact; we have legitimate interest in responding
Security/abuse prevention	Legitimate Interests & Legal Obligation	Preventing fraud, spam, bot attacks; maintaining service integrity	Necessary to protect our services and other users; may be required by law

Where consent is required, you may withdraw it at any time (prospectively). To withdraw consent or object to processing based on legitimate interests, contact privacy@bots.so.

5) Cookies, Local Storage, and Similar Technologies

We aim to avoid cookies and minimize device identifiers. However:

Security and infrastructure services (including Cloudflare) may set cookies or use similar techniques that are strictly necessary for security, load balancing, or abuse prevention depending on configuration.
Youform (if embedded and after you consent) may use local storage and collect anonymous analytics related to the form.
Third parties (affiliate partners, Beehiiv, external destinations) may set cookies after you leave our Site.

Cookie/consent requirements vary by jurisdiction and by what technology is used. We attempt to design the Site to minimize the need for a cookie banner by:

using privacy-oriented analytics,
linking out to Beehiiv instead of embedding,
gating embedded forms behind explicit consent when used.

We do not promise that a cookie banner is never required in every jurisdiction or for every future feature.

We may share information:

with service providers that help operate the Site (hosting/security, analytics, forms),
if required by law, subpoena, or legal process,
to protect rights, safety, and security (fraud prevention, abuse investigation),
in connection with a business transaction (merger, acquisition, asset sale).

We may disclose information to enforce our Terms of Service, including investigation of potential violations or protection of legal rights.

We do not sell personal information for money in the traditional sense.

7) Third-Party Providers

We use third-party service providers to run parts of the Services. Their policies apply to their services.

Current Service Providers:

Cloudflare (infrastructure provider)

Cloudflare provides comprehensive infrastructure services for our Site, including:

Hosting and content delivery (Cloudflare Pages)
DDoS protection and security (Web Application Firewall)
Bot detection and abuse prevention
Performance optimization
Serverless compute (Cloudflare Workers)
Database storage (Cloudflare D1)

Because Cloudflare serves as our infrastructure layer, all visitor traffic passes through Cloudflare. This means Cloudflare processes:

All HTTP/HTTPS requests to our Site
IP addresses and connection data
Request patterns for security analysis
Performance and uptime metrics

Data aggregation infrastructure: We use Cloudflare Workers and D1 (a serverless SQL database) to periodically collect and store publicly available information from third-party AI/LLM provider APIs, including model names, pricing, and availability status. This is non-personal, publicly available data used to power the Site’s comparison and monitoring features. No personal data is stored in D1.

Cloudflare acts as both:

A data processor (for services we direct them to perform), and
An independent data controller (for their own security intelligence and threat detection systems)

Review Cloudflare’s Privacy Policy at cloudflare.com/privacypolicy/ for their own data practices.

Rybbit (analytics)

Rybbit processes anonymized analytics data including page views, device type, geographic location (country-level), and referrer information. User IDs are salted with daily rotation. IP addresses are not stored.

Youform (forms, when used)

Youform acts as a data processor when you submit forms on our Site (after explicit consent). They store form submissions on our behalf.

Beehiiv (newsletter subscription and delivery; link-out only)

Beehiiv operates independently. When you click “Subscribe,” you are directed to their site and their privacy policy governs.

Data Processing Agreements

We have executed or agreed to Data Processing Agreements (DPAs) with our service providers that process personal data on our behalf, as required by GDPR Article 28. These agreements ensure our processors implement appropriate technical and organizational security measures and process data only on our documented instructions.

Our current processors and their DPA status:

Cloudflare: Standard Customer DPA applies to all accounts. Available at cloudflare.com/cloudflare-customer-dpa/
Rybbit: DPA incorporated into service agreement. Available at rybbit.com/dpa
Youform: DPA incorporated into Terms of Service. Reference at https://help.youform.com/p/z1GQmhd0076eOZ/Youform-Data-Processing-Agreement-DPA

8) Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. Specific retention periods:

Data Type	Retention Period	Reason
Email addresses (form submissions)	12 months after last interaction	Customer support and communication
Rybbit analytics data	2 Years	Site improvement and performance monitoring
Cloudflare security logs	Per Cloudflare policy (typically 72 hours)	DDoS protection and abuse prevention
Support email correspondence	2 years after resolution	Legal compliance and dispute resolution
Data after deletion request	30 days in backup systems, then purged	Recovery period; technical propagation delay

After these periods, data is permanently deleted or anonymized. To request early deletion of your data, contact privacy@bots.so with subject “DATA DELETION REQUEST.”

9) Security

Technical safeguards:

We implement industry-standard security measures including:

TLS/HTTPS encryption for all data in transit
Cloudflare’s DDoS protection and Web Application Firewall (WAF)
Access controls limiting who can view collected data
Regular security monitoring through Cloudflare’s threat intelligence

Organizational safeguards:

Data minimization (we only collect what’s needed)
Regular review of data retention and deletion practices
Documented Data Processing Agreements with all processors

Breach notification:

In the event of a data breach affecting personal data:

We will investigate and document the breach immediately
We will notify affected individuals without undue delay (target: within 30 days where possible)
For EEA/UK residents: We will notify the relevant supervisory authority within 72 hours of discovery if the breach poses risk to rights and freedoms
We will document all remediation measures taken

No system is perfectly secure. You use the Services at your own risk.

10) Your Rights and Choices

A) General rights requests

Depending on where you live, you may have rights to:

access, correction, deletion,
restriction or objection to processing,
data portability,
withdraw consent (where processing is based on consent).

To submit a request, email privacy@bots.so with subject: PRIVACY REQUEST and include:

your country/state of residence,
the request type (access/delete/correct/etc.),
relevant details and identifiers (e.g., email used in a form).

We may request verification and may deny or limit requests where permitted by law (e.g., security, fraud prevention, legal obligations). We will respond within 30 days.

Note: Your rights under this Privacy Policy are separate from and in addition to any rights you may have under our Terms of Service. Exercising privacy rights does not affect your service access unless required by law.

Dispute Resolution: Any disputes arising from this Privacy Policy or our data practices are subject to the dispute resolution procedures in our Terms of Service, including the mandatory pre-litigation notice requirement and arbitration provision (unless you have validly opted out). See Section 15 of our Terms of Service for details.

If applicable, you may also lodge a complaint with your local supervisory authority.

C) California (CCPA/CPRA)

If applicable, California residents may have rights to know, delete, correct, and opt out of certain “sale” or “sharing” (as defined by law), and to limit use of sensitive personal information (where applicable).

At this time, we do not intend to use personal information for cross-context behavioral advertising on our Site. If we do, we will update this policy and provide required mechanisms.

D) Global Privacy Control (GPC)

If we engage in conduct covered by “sale/sharing” opt-outs, we will make commercially reasonable efforts to honor GPC where required.

E) Do Not Track (DNT) Signals

Our Site does not currently respond to “Do Not Track” browser signals in a technical sense. However, because we use privacy-oriented analytics (Rybbit) that does not track users across websites, does not use cookies for analytics, and rotates user identifiers daily, the practical effect is similar to honoring DNT.

Cloudflare infrastructure note: We use Cloudflare Pages for hosting. By default, Cloudflare Pages sets zero cookies and does not enable Cloudflare Web Analytics. However, Cloudflare may process IP addresses and request metadata for security and platform operations (DDoS mitigation, CDN routing). During periods of elevated security risk (e.g., bot attacks), we may temporarily enable features such as Bot Fight Mode, Security Level adjustments, or WAF challenge rules. If enabled, these features may set strictly necessary cookies (e.g., __cf_bm, cf_clearance) for security purposes. Cloudflare classifies these as “strictly necessary” under GDPR; however, some EU jurisdictions interpret this narrowly. We will update this policy if we permanently enable such features. See Cloudflare’s cookie documentation for details.

11) International Transfers

We and our providers may process information in the United States and other countries. By using the Site, you understand that your data may be transferred internationally.

Transfer mechanisms (EEA/UK/Switzerland): For transfers of personal data from the EEA, UK, or Switzerland to the United States, our primary infrastructure provider (Cloudflare) relies on:

The EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF;
Standard Contractual Clauses (SCCs) approved by the European Commission; and
Certification to the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) systems.

See Cloudflare’s Data Processing Addendum for details on transfer safeguards.

12) Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided information to us, contact privacy@bots.so with subject: CHILD PRIVACY.

13) Changes to This Policy

We may update this Privacy Policy by posting a new version with a new “Last Updated” date. Your continued use of the Site after changes become effective means you accept the updated policy.

Changes to this Privacy Policy do not affect your agreement to our Terms of Service unless explicitly stated. Review our Terms of Service for information about service changes and your remedies.

14) Contact

Privacy requests: privacy@bots.so

Legal notices / Disputes: legal@bots.so

General inquiries: privacy@bots.so

Quartiere / Real Estate

Privacy Policy

1) Who We Are

2) Information We Collect

A) Information you provide to us

B) Information collected automatically (technical + security)

C) Analytics data (Rybbit)

D) Forms (Youform, when used)

F) Affiliate and Referral Links

G) Summary: What Personal Data Do We Actually Collect?

3) How We Use Information (Purposes)

4) Legal Bases (EEA/UK and similar jurisdictions)

5) Cookies, Local Storage, and Similar Technologies

7) Third-Party Providers

Current Service Providers:

Data Processing Agreements

8) Data Retention

9) Security

10) Your Rights and Choices

A) General rights requests

C) California (CCPA/CPRA)

D) Global Privacy Control (GPC)

E) Do Not Track (DNT) Signals

11) International Transfers

12) Children’s Privacy

13) Changes to This Policy

14) Contact

Models

Providers

Resources

Legal

Quartiere / Real Estate

Privacy Policy

1) Who We Are

2) Information We Collect

A) Information you provide to us

B) Information collected automatically (technical + security)

C) Analytics data (Rybbit)

D) Forms (Youform, when used)

E) Newsletter (Beehiiv — link-out only)

F) Affiliate and Referral Links

G) Summary: What Personal Data Do We Actually Collect?

3) How We Use Information (Purposes)

4) Legal Bases (EEA/UK and similar jurisdictions)

5) Cookies, Local Storage, and Similar Technologies

Cookie banners

6) Sharing and Disclosure of Information

7) Third-Party Providers

Current Service Providers:

Data Processing Agreements

8) Data Retention

9) Security

10) Your Rights and Choices

A) General rights requests

B) EEA/UK (GDPR/UK GDPR)

C) California (CCPA/CPRA)

D) Global Privacy Control (GPC)

E) Do Not Track (DNT) Signals

11) International Transfers

12) Children’s Privacy

13) Changes to This Policy

14) Contact

Models

Providers

Resources

Legal