Summary: We collect only what's necessary to operate the service. We don't sell your data. We don't run third-party analytics or tracking.
1. Who We Are
exploit.bot is operated by Chat Exploit Bot LLC. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at exploit.bot ("Service").
By using the Service, you agree to the collection and use of information as described in this policy.
2. Information We Collect
Account Information
When you register, we collect:
- Username — your chosen display name
- Email address — for account verification and password recovery
- Password — stored as a salted hash (we never store plaintext passwords)
Usage Data
When you use the Service, we automatically collect:
- IP address (IPv4 and IPv6) — for security, rate limiting, and abuse prevention
- User agent string — your browser type and version
- Login timestamps — when you log in or attempt to log in
- Token usage — number of AI tokens consumed per request, for usage tracking
Chat Data
When you use our chat feature, we store:
- Chat messages — your prompts and AI model responses
- File attachments — any files you upload during a chat session
- Code files — code snippets you save from chat conversations
- Project data — project files and associated chats
Local Storage
We use your browser's localStorage (not cookies) to store:
- Terms of Service acceptance status
- UI preferences (announcement dismissals, tip cooldowns)
3. How We Use Your Information
We use collected data to:
- Provide the Service — process your AI chat requests and deliver responses
- Authenticate you — verify your identity on login and maintain your session
- Prevent abuse — rate limit registrations, detect suspicious activity, block spam accounts
- Enforce usage limits — track token consumption against your plan allowance
- Improve the Service — understand usage patterns to improve reliability and features
- Communicate with you — send email verification, password resets, and critical service notices
We do not use your data for advertising, profiling, or behavioral tracking.
4. Cookies & Sessions
We use a single session cookie to keep you logged in. This cookie:
- Is HTTP-only (not accessible to JavaScript)
- Is set to Secure (transmitted only over HTTPS)
- Uses SameSite=Lax to prevent cross-site request forgery
- Contains only a random session identifier — no personal data
We do not use third-party cookies, tracking pixels, or analytics services (no Google Analytics, no Facebook Pixel, no third-party trackers of any kind).
5. Data Storage & Security
- All data is stored in encrypted SQLite databases on our servers
- Passwords are hashed using bcrypt with salting before storage
- All connections to the Service use HTTPS/TLS encryption
- Session data is stored server-side in a separate database
- We implement security headers (CSP, X-Frame-Options, HSTS) to protect against common web attacks
While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
6. Third-Party Services
The Service uses the following third-party services:
- Cloudflare — CDN and DDoS protection. Cloudflare may process your IP address and request metadata. See Cloudflare's Privacy Policy.
- Google Fonts — font delivery. Google may log font requests. See Google's Privacy Policy.
- AI Model APIs — your chat messages are sent to AI model providers to generate responses. Messages are processed in real-time and are not stored by upstream providers beyond the scope of the request.
- Brave Search — when you enable web search, your search queries are sent to Brave Search API. See Brave's Privacy Policy.
We do not share, sell, or transfer your personal data to any other third parties.
7. AI-Generated Content
This Service uses an uncensored, unfiltered AI model designed for cybersecurity professionals. Regarding AI-generated content:
- No content moderation — AI outputs are not filtered, censored, or reviewed before delivery. The model may generate technical security content including exploit code, vulnerability details, and attack techniques.
- Chat storage — all AI-generated responses are stored in your chat history and associated with your account. You can delete individual chats at any time.
- No training on your data — your conversations are not used to train or fine-tune AI models. Your chats remain private to your account.
- Accuracy disclaimer — AI-generated content may be inaccurate, incomplete, or outdated. We make no guarantees about the correctness of any AI output.
8. Data Retention
- Account data — retained for the lifetime of your account
- Chat history — retained until you delete it or your account is closed
- Login logs — retained for security auditing purposes
- Pending registrations — automatically expired and purged after 24 hours if not verified
- Password reset tokens — expire after use or after 1 hour
- Session data — automatically cleaned up when sessions expire
9. Your Rights
You have the right to:
- Access your data — request a copy of the personal data we hold about you
- Delete your chats — delete individual chats and their messages from within the Service
- Delete your account — request complete account deletion by contacting us
- Correct your data — request corrections to any inaccurate personal data
- Export your data — request a machine-readable copy of your data
To exercise any of these rights, contact us at the email below.
10. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it.
11. International Users
The Service is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
For EU/EEA users: we process your data based on your consent (given at registration) and our legitimate interest in providing and securing the Service.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact
For privacy questions, data requests, or concerns:
← back to chat
terms of service →