Between Bots • Data Protection Policy
BetweenBots

Data Protection Policy

Effective Date: November 2025

This Data Protection Policy outlines how Between Bots Ltd (“Between Bots”, “we”, “our”, “us”) manages, secures, and governs personal and knowledge-related data within the AIAF ecosystem. Our goal is to guarantee data sovereignty — ensuring that creators, users, and organizations maintain control over their information, identity, and AI outputs.

1. Our Data Protection Commitment

Between Bots adheres to the principles of lawful, fair, and transparent data processing under the Nigerian Data Protection Regulation (NDPR) and international frameworks such as the General Data Protection Regulation (GDPR). We commit to protecting every form of identifiable data processed across AIAF, Consul, and affiliated systems.

2. Scope of Policy

This policy applies to all data collected or processed by Between Bots, including:

  • User profiles, contact data, and platform interactions.
  • Knowledge and content assets contributed to AIAF.
  • Telemetry and event logs from Consul and emissary activity.
  • Data exchanged via API integrations or developer services.

3. Lawful Basis for Processing

All processing is conducted under one or more lawful bases:

  • Consent: When users explicitly agree to data use for specified purposes.
  • Contractual necessity: To deliver AIAF and Consul services requested by a user.
  • Legal obligation: To comply with data retention, accounting, or regulatory requirements.
  • Legitimate interest: For innovation, analytics, and system improvement balanced with user privacy.

4. Data Classification

Between Bots classifies data under three categories:

  • Personal Data: Names, emails, and identifiable user details.
  • Operational Data: Logs, emissary telemetry, and anonymized usage statistics.
  • Knowledge Assets: Content, datasets, and model inputs contributed by creators.

5. Data Storage and Security

  • All storage systems are encrypted (AES-256) and hosted on secure, monitored servers.
  • Access to sensitive datasets is role-based, requiring multi-factor authentication.
  • Data redundancy and off-site backups ensure resilience and business continuity.
  • Regular penetration testing and vulnerability scans maintain system integrity.

6. Cross-Border Transfers

When data is transferred across borders, Between Bots ensures compliance with NDPR and GDPR requirements. We only partner with processors who meet equivalent standards and use standard contractual clauses or data adequacy frameworks.

7. Data Minimization & Retention

We collect only the data necessary to operate our systems effectively. Personal data is retained no longer than required for the purpose collected. Users may request deletion or anonymization of their data in accordance with NDPR rights.

8. Rights of Data Subjects

  • Right to access and receive copies of your data.
  • Right to rectification of inaccurate or incomplete information.
  • Right to withdraw consent at any time.
  • Right to erasure (“right to be forgotten”).
  • Right to data portability in structured, machine-readable formats.

9. Data Breach Protocol

In the event of a data breach, Between Bots will:

  • Immediately assess and contain the breach.
  • Notify affected users within 72 hours when feasible.
  • Report the incident to relevant authorities under NDPR or GDPR.
  • Implement remediation and document corrective measures.

10. Data Processors & Third Parties

We work with vetted partners (cloud services, analytics, compliance providers) who are contractually bound by strict data protection clauses. Third parties cannot use or disclose your data except to perform agreed-upon functions.

11. Data Protection Officer (DPO)

Between Bots has appointed a Data Protection Officer responsible for compliance oversight, risk management, and user inquiries.
Contact: dpo@betweenbots.com

12. Creator & Knowledge Sovereignty

AIAF’s data layer enforces creator attribution, licensing, and provenance tracking. All knowledge contributions remain owned by their original authors, with machine-enforced usage and revenue policies. Our governance model ensures that no content or AI output is reused without traceable provenance.

13. Updates to This Policy

We may periodically update this Data Protection Policy to reflect changes in law, technology, or product architecture. The most current version will always be available at betweenbots.com/data-protection.

14. Contact Us

For all questions regarding data handling, compliance, or personal rights, contact:
Email: dpo@betweenbots.com
Address: Between Bots Ltd, Jabi, Abuja, Nigeria.