Effective July 1, 2026.
At Botdoc, trust is our most important value. This statement describes how ShortSave, Inc., a Colorado corporation doing business as Botdoc (“Botdoc,” “we,” “us,” or “our”) approaches compliance with the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.), as amended by the California Privacy Rights Act (CPRA), and the regulations adopted by the California Privacy Protection Agency (CPPA), including the 2025/2026 CPPA regulations effective January 1, 2026.
This statement supplements our Privacy Policy at https://botdoc.io/privacy-policy/. Defined terms used here have the meanings given in our Privacy Policy and Terms of Service.
Botdoc is a secure digital transport platform that enables organizations to send, receive, and transmit sensitive files and data through encrypted workflows. We operate as a SaaS and API-based solution. We process Personal Information strictly on behalf of our customers and do not act as a data broker or resell Personal Information.
With respect to customers doing business in California, Botdoc acts as a “service provider” as defined under the CCPA/CPRA (Cal. Civ. Code §1798.140(ag)). As a service provider, Botdoc:
The customer’s Terms of Service and Data Processing Addendum (DPA) at https://botdoc.io/data-processing-addendum/ set out the contractual basis for Botdoc’s role as a service provider and meet the written contract requirements under CCPA/CPRA. Because Botdoc operates as a secure digital transportation platform and cannot access transmitted content, Botdoc’s processing of Personal Information is limited to what is strictly necessary to complete the transmission, consistent with the CCPA/CPRA minimum necessary standard.
Botdoc does not sell Personal Information for monetary or other valuable consideration as those terms are defined under CCPA/CPRA. However, Botdoc does use third-party advertising and analytics services (including Google Ads) that may constitute “sharing” of Personal Information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. The categories of Personal Information that may be shared for this purpose are online identifiers (cookie IDs and similar), internet or other electronic network activity information (browsing history on botdoc.io), and inferences drawn from that activity.
Botdoc does not share Personal Information that constitutes Customer Data transmitted through the Botdoc Services for any advertising purpose; advertising-related sharing is limited to website-visitor data collected on botdoc.io.
Botdoc honors the Global Privacy Control (GPC) signal as a valid opt-out request under CCPA/CPRA regulations (11 CCR §7025). When Botdoc detects a GPC signal from a consumer browser, Botdoc will treat that signal as an opt-out of the sharing described in Section 3 with respect to that browser session. Where Botdoc can reasonably associate a GPC signal with an authenticated Botdoc account, the opt-out will apply on a forward-going basis to that account.
To the extent Botdoc processes Sensitive Personal Information (as defined under CCPA/CPRA §1798.140(ae)), Botdoc handles such information only for the purposes set forth in §1798.121(a) and Reg §7027. Sensitive Personal Information may include, depending on the transmission Customer initiates through the Services:
Because Botdoc operates through end-to-end encryption and cannot access or view the contents of transmitted data, Botdoc cannot independently determine whether any particular transmitted content constitutes Sensitive Personal Information. The customer as controller is responsible for determining what Sensitive Personal Information, if any, is transmitted through the Services.
As a service provider, Botdoc:
Botdoc does not use or disclose Sensitive Personal Information for cross-context behavioral advertising. The advertising-related sharing described in Section 3 is limited to online identifiers, internet or other electronic network activity information, and inferences drawn from that activity, and does not include Sensitive Personal Information.
Because Botdoc acts as a service provider for customer-transmitted content, consumers wishing to exercise Sensitive Personal Information rights with respect to documents or data transmitted through the Services should contact the Botdoc customer (controller) who initiated the transmission.
California residents have the following rights under the CCPA/CPRA. Where Botdoc acts as a service provider, the majority of these rights should be exercised directly with the Botdoc customer (controller). For Personal Information Botdoc controls directly (Customer Account Data), requests may be submitted to support@botdoc.io.
| Right | Description |
|---|---|
| Know / Access | Right to know what Personal Information is collected, used, disclosed, or sold, and to request a copy. |
| Delete | Right to request deletion of Personal Information collected, subject to exceptions. |
| Correct | Right to request correction of inaccurate Personal Information (added by CPRA, effective Jan 1, 2023). |
| Data Portability | Right to receive Personal Information in a portable, machine-readable format. |
| Right to Opt-Out of Sharing | Botdoc shares certain online identifiers and activity data for cross-context behavioral advertising as described in Section 3. California residents may opt out via the “Do Not Sell or Share My Personal Information” link in the botdoc.io footer, by sending a Global Privacy Control (GPC) signal, or by emailing support@botdoc.io. The opt-out applies to website-visitor sharing only; Botdoc does not share Customer Data transmitted through the Services for any advertising purpose. |
| Limit SPI Use | Right to limit use and disclosure of Sensitive Personal Information to necessary purposes (added by CPRA). |
| Non-Discrimination | Right not to receive discriminatory treatment for exercising CCPA/CPRA rights. |
| Opt-In (Minors) | Consumers under 16 have the right to affirmatively opt in before their Personal Information is sold or shared. Botdoc’s Services are not directed to minors under 16, and Botdoc does not knowingly collect Personal Information from minors under 16 for the website-visitor sharing described in Section 3. If Botdoc learns that it has collected Personal Information from a minor under 16 without the required opt-in (or, for minors under 13, parental consent), Botdoc will cease sharing that Personal Information for cross-context behavioral advertising and delete it consistent with applicable law. |
| Automated Decision-Making Technology (ADMT) | Right to Opt-Out (effective January 1, 2027 per CPPA regulations). Botdoc does not currently use ADMT for significant decisions about consumers and will publish updated procedures before the January 1, 2027 effective date if its practices change. |
To submit a consumer rights request relating to Personal Information Botdoc controls directly (Customer Account Data):
Response timeline: Botdoc will acknowledge receipt within 10 business days and respond within 45 calendar days of receiving a verifiable request. If additional time is needed, Botdoc may extend the response period by an additional 45 days (90 days total) with notice to the requestor.
Verification: Botdoc will verify the identity of the requestor before processing a deletion, access, or correction request. Verification may require confirmation of the email address and account information on file.
Authorized agents: A consumer may designate an authorized agent to submit a request on their behalf. Botdoc may require the consumer to verify their identity directly and confirm the authorized agent’s authority.
Service provider note: For Personal Information transmitted through the Services on behalf of a Botdoc customer (controller), consumers should contact that Botdoc customer directly to exercise their rights. Botdoc, as service provider, will cooperate with the customer’s response to verified requests.
Botdoc retains Personal Information only as long as necessary for the purposes described in our Privacy Policy, or as required by applicable law. Our retention practices for key categories:
Botdoc does not use Personal Information, including Customer Content, to train, develop, fine-tune, or improve any artificial intelligence or machine learning model for the benefit of any party other than the Customer. Botdoc may use aggregated, anonymized, de-identified usage statistics for product improvement purposes, provided such data cannot be used to identify any individual.
This commitment is binding and reflected in Botdoc’s Corporate Terms of Service and Data Processing Addendum.
Botdoc shares Personal Information only with service providers and sub-service providers under written contracts that restrict their use of Personal Information to providing services to Botdoc. We do not allow subprocessors to use Personal Information for their own independent purposes.
Categories of third parties with whom Botdoc shares Personal Information: cloud infrastructure providers, payment processors (PCI DSS certified), analytics providers, customer support tools, and advertising and website-analytics providers.
Botdoc uses Google Ads and Google Analytics as service providers for website-visitor advertising and analytics. These are listed at https://botdoc.io/botdoc-subprocessors/ along with all other Botdoc subprocessors.
A current list of Botdoc’s subprocessors is available at https://botdoc.io/botdoc-subprocessors/.
The CPPA finalized significant new regulations effective January 1, 2026, covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT). Botdoc’s position:
California residents may request information about Personal Information that Botdoc may have shared with third parties for those third parties’ direct marketing purposes during the preceding calendar year. Because Botdoc does not share Personal Information with third parties for the third parties’ direct marketing purposes, there is no information to disclose under Cal. Civ. Code §1798.83. Requests for confirmation may be sent to support@botdoc.io.
This Statement describes Botdoc’s privacy practices during the twelve (12) months preceding the “Last updated” date above. For practices during earlier periods, Botdoc maintains an archive of prior versions of this Statement available on request to support@botdoc.io.
Botdoc will not discriminate against California consumers for exercising their CCPA/CPRA rights, including by denying goods or services, charging different prices, providing a different level of quality, or suggesting that the consumer will receive a different price or quality.
Botdoc may update this statement from time to time to reflect changes in applicable law, CPPA regulations, or Botdoc’s practices. Material changes will be communicated consistent with Botdoc’s Privacy Policy. The current version is always available at https://botdoc.io/ccpa/.
For questions about this statement or to submit a CCPA/CPRA rights request:
Botdoc Compliance Team ShortSave, Inc., a Colorado corporation doing business as Botdoc 1909 Woodmoor Drive, Monument, Colorado 80132 Email: support@botdoc.io (subject: “CCPA Request”)