CavBot watches signals that matter: broken routes, errors, SEO structure, uptime, and the way people move through a live website. That access must be handled with restraint. We build for clarity, safety, honesty, and respect for the people behind every site.

Purpose & scope

This Code of Ethics applies to everyone who builds, operates, represents, or works with CavBot. It covers product decisions, customer support, data handling, security, marketing, partnerships, and internal conduct.

CavBot should make websites easier to understand, not harder to trust. Every feature, message, integration, and business decision should support that standard.

Responsibility to customers & users

CavBot customers run real websites. Their customers, revenue, reputation, and support experiences can be affected by what our product shows them. We owe them calm, useful, accurate information.

We explain what CavBot can and cannot do. We do not hide limits behind vague language or make early features sound finished.
We avoid tricks. CavBot should never use confusing flows, dark patterns, or pressure tactics to force action.
We respect the work of site owners. Our product should save time, reduce noise, and help people understand what matters first.
We design for trust after launch. The goal is not only to detect problems. The goal is to help people recover cleanly.

Data, privacy & security

Website signals can reveal more than numbers. They can show patterns, friction, mistakes, and customer behavior. CavBot treats that information as sensitive by default.

We collect only what we need. Data collection must serve a real product purpose.
We do not sell personal data. Customer trust is not a revenue line to be traded away.
We protect customer ownership. Customer data belongs to the customer. CavBot is a steward, not the owner.
We use security as a baseline. Access controls, careful retention, encryption, and review are part of the platform.
We support privacy obligations. When customers operate under consent rules or regional privacy laws, CavBot should help them respect those rules.

Reliability, accuracy & product truth

CavBot should not make a weak signal look certain. If a page is broken, a route is noisy, or a number is incomplete, the product should say so clearly.

We prefer clear metrics over mystery scores. A useful number should be understandable.
We avoid silent changes. If a metric changes meaning, customers should not be left guessing.
We show uncertainty honestly. “Unknown” is better than false confidence.
We monitor CavBot with the same seriousness. A platform built for reliability must hold itself to that same standard.

AI, automation & analytics integrity

CavBot may use AI and automation to summarize signals, surface issues, or suggest next steps. Those systems should make people more informed, not less responsible.

We keep people in control. Sensitive or production-level actions should be reviewable before they happen.
We do not use automation to mislead. CavBot will not inflate performance, hide failures, or dress guesses as facts.
We make recommendations traceable where possible. Users should be able to understand why CavBot is pointing them toward a problem.
We respect source material. CavBot should not depend on stolen data, unsafe scraping, or misuse of other people’s work.

Communication, marketing & storytelling

CavBot’s public voice should match the product: direct, useful, and honest. We do not need inflated claims to explain real value.

We use plain language. We explain the product clearly and avoid hiding behind buzzwords.
We do not sell through fear. Broken pages, traffic loss, and errors are serious, but we do not exaggerate them to pressure customers.
We represent competitors fairly. If we compare CavBot to another product, the comparison must be honest.
We credit what shaped the work. When we learn from communities, research, or open-source projects, we acknowledge that influence where appropriate.

Workplace, teammates & conduct

CavBot is being built for a future team. The standard starts now: respectful work, clear ownership, and no tolerance for behavior that makes people unsafe or unheard.

We treat people with respect. Harassment, discrimination, threats, and hostile behavior do not belong at CavBot.
We protect people who speak up. Retaliation for raising a concern in good faith is a violation of this code.
We learn from mistakes. Mistakes should become better systems, not weapons against individuals.
We disclose conflicts. Personal interests should not quietly influence product, vendor, hiring, or customer decisions.

Vendors, partners & ecosystem

CavBot depends on infrastructure, services, and partners. We choose those relationships carefully because their behavior can affect customer trust.

We choose vendors with care. Security, privacy, reliability, and business stability matter.
We document services that touch customer data. No hidden processors. No quiet shortcuts.
We expect partners to respect CavBot’s standards. A partner relationship should not become a back door around our values.
We avoid careless integrations. CavBot should not encourage customers to connect tools in ways that create privacy, security, or policy risk.

Incidents, concerns & reporting

Outages, vulnerabilities, and mistakes can happen. What matters is whether CavBot responds clearly, quickly, and honestly.

We communicate serious issues responsibly. Customers should not discover major problems through silence.
We own mistakes without hiding behind language. A good incident response says what happened, what changed, and what comes next.
We document lessons. Major incidents should lead to written review and real follow-up.
We keep a clear path for concerns. Ethical concerns can be sent to ethics@cavbot.io.

Keeping this code alive

This code is not meant to sit untouched. It should grow with CavBot, the product, the team, and the responsibilities that come with serving more customers.

We review it regularly. The code should be revisited at least once a year and after major product or policy changes.
We make meaningful changes visible. If the code changes in a material way, the change should be dated and explained.
We use it in real decisions. This code matters only if it affects how CavBot is built, sold, supported, and operated.

CavBot’s reputation will be built by what it does when trust is on the line. This code exists to keep that standard visible.

CavBot approaches data as an operational responsibility. We collect only the information reasonably necessary to operate, secure, improve, and support the Services, and we handle that information with structured controls designed to preserve user trust, system integrity, and legal compliance.

This Privacy Policy explains how CavBot (“CavBot,” “we,” “our,” or “us”) collects, uses, discloses, stores, and protects personal information obtained through our official products, websites, communications, and digital environments, including cavbot.io, app.cavbot.io, connected CavBot product surfaces, our support channels, and any other services that link to or reference this Privacy Policy (collectively, the “Services”).

By accessing or using the Services, you acknowledge that your information may be collected and processed as described in this Privacy Policy. If you do not agree with these practices, you should not use the Services.

For privacy-related questions, requests, or complaints, contact us at legal@cavbot.io or support@cavbot.io. If you need this policy in an alternative format, you may request one through the same contact channel.

I. Categories of Personal Information We Collect
II. Sources of Personal Information
III. Purposes for Collection and Use
IV. Cookies, Analytics, and Other Tracking Technologies
V. AI Systems, Model Providers, and User Inputs
VI. Workspace Files, Storage, and Collaboration Data
VII. Disclosure of Personal Information and Third-Party Service Providers
VIII. Security, Retention, and Administrative Controls
IX. Your Rights and Choices
X. California Privacy Rights
XI. Privacy Rights in the EEA, Switzerland, and the United Kingdom
XII. Use of Services by Minors
XIII. Policy Governance & Revisions

I. Categories of Personal Information We Collect

At CavBot, the categories of information we collect depend on how you interact with the Services. Some information is provided directly by you, some is collected automatically when you use the platform, and some may be received from service providers, integrations, or workspace administrators.

Over the preceding twelve (12) months, CavBot may have collected and processed the categories below.

I.I Account and Contact Information

Full name
Username or display name
Email address
Telephone number, where provided
Company or organization name
Billing or mailing address, where applicable
Support and contact preferences

This information is typically collected when you create an account, request support, subscribe to communications, join a workspace, register interest in the Services, or contact us directly.

I.II Authentication and Security Information

Account credentials or credential-derived data
Password hashes and authentication tokens
Session identifiers
Multi-factor authentication data, when enabled
Security preferences and access settings
Login and session history used for account protection

I.III Billing, Subscription, and Transaction Information

Billing name and billing address
Subscription tier and plan history
Transaction records and invoice metadata
Payment confirmations and status events
Processor metadata required to administer the subscription lifecycle

When payments are handled by third-party processors, CavBot may not store full card numbers or full payment credentials directly.

I.IV Workspace, File, and Artifact Information

File names, folder names, and storage paths
Artifact metadata and workspace structures
Upload timestamps and operation history
Sharing, publication, and collaboration state
File previews generated in platform workflows

This information supports CavCloud, CavSafe, CavCode Viewer, and related collaboration and publication workflows.

I.V AI Inputs, AI Outputs, and Interaction Data

Prompts, instructions, and requests submitted to AI features
Generated outputs and responses
Selected model preferences and tool modes
Attached files, images, transcripts, snippets, or content submitted to AI workflows
Session history and context where retained in the Services

I.VI Diagnostic, Operational, and Telemetry Data

Route and page activity
Error and fault events
Diagnostics records and runtime health signals
Event activity and operational metadata
API activity and request-level logs

I.VII Internet, Device, and Electronic Activity

IP address, browser type, and operating system
Device/browser-derived identifiers
Pages viewed, feature usage, and session duration
Referral URLs and clickstream/navigation behavior
Approximate region inferred from IP address

I.VIII Communications and Support Data

Support messages and tickets
Feedback, comments, and survey responses
Troubleshooting notes and account assistance records
Support and communication preferences

I.IX Inferences and Product Preferences

Workspace and feature preferences
Engagement patterns and workflow tendencies
Approximate usage intensity and account maturity indicators

CavBot uses these inferences to improve experience design, support quality, and feature relevance. They are not used to make hidden or unfair decisions about you.

II. Sources of Personal Information

CavBot collects personal information from clearly defined sources. The source depends on how you use the Services and whether you engage with CavBot through public pages, authenticated workspaces, AI surfaces, direct communications, or connected integrations.

II.I Information You Provide Directly

We collect information you choose to provide when you:

Create or manage an account
Join or administer a workspace
Subscribe to a plan or service
Upload files or artifacts
Use CavAi and related product workflows
Contact support or request assistance
Submit forms on marketing or product pages
Participate in demos, pilots, or onboarding

II.II Information Collected Automatically

When you use the Services, certain information is collected automatically through logs, cookies, analytics tooling, telemetry mechanisms, local storage, and related technologies.

II.III Information From Workspace Administrators or Collaborators

Invitation and onboarding details
Role assignments and permission scopes
Workspace affiliation and team access settings
Shared files and collaboration state

II.IV Information From Service Providers and Integrations

CavBot may receive limited information from providers and integrations that support Service delivery, such as payment, cloud infrastructure, analytics, authentication, email delivery, and AI model processing providers. Each source must have a lawful and operationally justified relationship to the Services.

III. Purposes for the Collection and Use of Personal Information

CavBot collects and processes personal information only for identified, lawful, and reasonably necessary purposes tied directly to operating, securing, supporting, and improving the Services.

III.I Account Creation, Access, and Service Delivery

Create and maintain accounts
Authenticate users and sessions
Manage subscriptions and service entitlements
Operate workspace membership, permissions, and access control
Deliver features across connected CavBot product surfaces and related workflows

III.II AI Functionality and Contextual Processing

Respond to prompts and requests
Generate structured outputs for reasoning, coding, summaries, and research workflows
Maintain context continuity where history or workspace state is enabled
Enforce guardrails, plan entitlements, role restrictions, and abuse prevention

III.III File Storage, Collaboration, and Publication Workflows

Store and organize files and folders
Manage artifact workflows and file movement
Support secure sharing and collaboration controls
Enable previews, validation, and publication workflows

III.IV Diagnostics, Reliability, and Platform Operations

Detect and surface platform issues
Track operational events and runtime signals
Support diagnostics and monitoring workflows
Improve service stability and performance

III.V Security, Fraud Prevention, and Abuse Detection

Monitor suspicious or unauthorized activity
Investigate misuse, fraud, abuse, and attempted compromise
Enforce platform restrictions and account controls
Preserve audit records relevant to security and compliance

III.VI Support, Communications, and Service Notices

Respond to support requests and troubleshooting needs
Send service notices and product-related updates
Provide onboarding and account communications

III.VII Product Improvement and Internal Analysis

Improve product clarity and usability
Identify friction and adoption patterns
Evaluate aggregate service usage and reliability outcomes

Where possible, CavBot relies on aggregated, de-identified, or non-attributable information for internal analytics and product development.

III.VIII Legal, Regulatory, and Rights Protection

Comply with applicable law and lawful requests
Enforce terms, policies, and contractual rights
Respond to disputes, claims, or investigations
Protect the rights, safety, and integrity of CavBot, users, and third parties

IV. Cookies, Analytics, and Other Tracking Technologies

CavBot uses cookies, local storage, and related technologies to run authentication, preserve workspace selections, improve reliability, and measure performance.

IV.I Authentication and Session Technologies

Session cookies such as cavbot_session are used to authenticate signed-in users.
Security and verification cookies may be used during account recovery and challenge flows.
Workspace pointer cookies, for example cb_active_project_id, help restore active context.

IV.II Functional Storage and Preference Signals

Browser storage may retain interface, profile, or workspace preferences.
CavAi client state and diagnostics preferences may be stored locally for continuity and debugging.

IV.III Analytics and Performance Instrumentation

Marketing pages use CavBot analytics scripts, including cavai-analytics-v5.js and cavai.min.js.
Services collect route, runtime, interaction, and error signals to support reliability monitoring.

IV.IV Managing Cookie and Storage Preferences

You can manage cookies through browser controls and delete local storage at any time. Disabling certain technologies may impact authentication, workspace continuity, and feature availability.

IV.V CavBot Cookie Consent Controls

CavBot provides a cookie preference control on its public websites so visitors can manage the use of optional cookies. Visitors may accept optional cookies, reject optional cookies, or choose which optional categories they want to allow. Required cookies remain active because they are necessary for the website to function, protect the service, remember privacy choices, deliver pages correctly, support accessibility, prevent misuse, and maintain basic service operation.

CavBot organizes cookies into the following categories:

Required cookies are necessary for CavBot websites and Services to work properly. They support core functions such as page delivery, privacy choice storage, session protection, security controls, form protection, load balancing, fraud and abuse prevention, accessibility support, and service reliability. These cookies cannot be turned off through CavBot’s cookie preference control because the website and Services cannot operate correctly without them.
Analytics cookies help CavBot understand how visitors use its websites. These cookies may help measure page visits, website interactions, product interest, incomplete or broken flows, performance issues, and general usage patterns. CavBot uses this information to improve the website experience, identify problems, and better understand which areas of the website are useful to visitors. Analytics cookies are optional and are used only according to the visitor’s choices where consent is required.
Social media cookies may be used by CavBot and selected third parties to support embedded social features, sharing tools, campaign measurement, or content shown through third-party social platforms. These cookies may allow social media services to recognize a visitor’s browser or device when the visitor interacts with social features or views related content. Social media cookies are optional and are used only according to the visitor’s choices where consent is required.
Advertising cookies may be used by CavBot and selected partners to measure campaigns, limit how often the same message is shown, understand whether an ad leads to a sign-up or purchase, and show advertising that may be more relevant to a visitor’s interests. Advertising cookies are optional and are used only where permitted by law and according to the visitor’s choices where consent is required.

CavBot stores cookie choices in browser storage and in a consent cookie so the website can remember a visitor’s preferences. The CavBot consent record is limited to information needed to apply those choices, such as the consent version, the time the preference was updated, and the selected cookie categories. It does not need to store the visitor’s name, email address, account password, payment information, workspace content, website data, or customer account materials.

Visitors can reopen the cookie preference control at any time by selecting “Manage cookies” in the website footer. Changes to cookie preferences apply to optional cookies going forward. Some cookies that were previously placed by a browser or third-party service may need to be removed through the visitor’s browser settings or through the privacy controls offered by the relevant third party.

Where consent is required, CavBot uses optional analytics, social media, and advertising cookies only according to the visitor’s selected preferences. CavBot may continue to use required cookies and limited technical information where needed for security, fraud and abuse prevention, service delivery, debugging, legal compliance, and the operation of the websites and Services.

V. AI Systems, Model Providers, and User Inputs

CavBot provides AI-assisted features through CavAi and related modules. When you use these features, prompts, attachments, outputs, and contextual state may be processed to complete requested tasks.

V.I AI Provider Processing

CavBot currently uses third-party model infrastructure that may include Alibaba Qwen and DeepSeek model families. Provider rosters may evolve as CavBot changes infrastructure or model policy.

V.II Scope of AI Data

User prompts and instruction text
Files, snippets, media, and structured context submitted to AI workflows
Model selections, workflow mode, and inference metadata
Generated outputs, summaries, and follow-up actions

V.III AI Safety, Policy, and Abuse Controls

AI requests are subject to product policy, entitlement, and abuse-prevention controls, including guardrails that may restrict model access, action classes, or output pathways based on account state, plan limits, and security conditions.

V.IV Provider Terms and Retention

Third-party providers may process data under their own legal obligations and technical controls. Where applicable, provider-level retention may be used for abuse prevention, reliability, legal compliance, or safety monitoring. CavBot configures provider usage through contractual and operational controls.

VI. Workspace Files, Storage, and Collaboration Data

CavBot supports file and workspace operations across modules including CavCloud, CavSafe, CavCode, CavCode Viewer, and connected workflows. Personal information may be embedded in uploaded content, file metadata, comments, and collaboration artifacts.

VI.I Storage and Access Scope

Files and artifacts are processed to provide storage, previews, organization, and retrieval.
Access to workspace content is controlled by account role, project scope, and permission settings.
Operational logs may record upload/download actions and sharing or publication events.

VI.II Collaboration and Sharing

Workspace administrators can provision users, adjust roles, and manage collaboration permissions.
Shared artifacts may become accessible to intended recipients under selected sharing state.
Public profile and artifact features are controlled by configuration and user/workspace settings.

VI.III Customer Responsibility for Content

Users and workspace administrators are responsible for ensuring that content uploaded to the Services is authorized for processing and does not violate law, contract, or third-party rights.

VII. Disclosure of Personal Information and Third-Party Service Providers

CavBot discloses personal information only as needed to operate the Services, support customers, comply with law, or protect rights and security.

VII.I Service Provider Categories

Payment processing providers, including Stripe
Email and transactional messaging providers, including Resend
Authentication and identity providers, including Google and GitHub when selected by users
Cloud, edge, and content-delivery providers used to host and operate Services
AI model and inference providers used to deliver CavAi workflows

VII.II Legal and Safety Disclosures

CavBot may disclose information when required by applicable law, legal process, or enforceable government request, and when reasonably necessary to detect, investigate, or prevent security events, fraud, abuse, or violations of terms.

VII.III Corporate Transactions

If CavBot is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law.

VII.IV Sales of Personal Information

CavBot does not sell personal information to data brokers for monetary consideration.

VIII. Security, Retention, and Administrative Controls

VIII.I Security Program

Encryption in transit for network communication
Authentication hardening, signed sessions, and access control boundaries
Role-based permissions and workspace scoping controls
Monitoring, diagnostics, and incident response processes

VIII.II Retention

CavBot retains personal information only for as long as reasonably necessary to provide Services, satisfy legal and contractual obligations, resolve disputes, maintain security records, and enforce agreements. Retention periods vary by data type and system function.

VIII.III Deletion and Residual Copies

When data is deleted, residual copies may remain in backups or archival systems for limited periods consistent with disaster recovery, legal, and operational requirements.

VIII.IV Security Limitations

No system is absolutely secure. While CavBot applies layered controls, we cannot guarantee absolute security of all transmissions or stored information.

IX. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information. These may include rights to:

Know what information we collect and how we use it
Access a copy of personal information
Request correction of inaccurate personal information
Request deletion of personal information, subject to exceptions
Object to, restrict, or request portability where applicable
Withdraw consent where processing relies on consent
Opt out of marketing communications

To exercise rights, email legal@cavbot.io. CavBot may verify your identity before completing a request and may decline requests where permitted by law.

X. California Privacy Rights

If you are a California resident, you may have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, together referred to in this Policy as the “CCPA.”

Subject to the requirements and exceptions provided by law, California residents may have the right to request that CavBot:

Confirm whether CavBot collects, uses, discloses, sells, or shares personal information about them.
Provide access to the categories of personal information CavBot has collected, the categories of sources from which that information was collected, the purposes for collecting or using it, the categories of third parties to whom it may be disclosed, and the categories of personal information disclosed to those parties.
Provide access to specific pieces of personal information CavBot maintains about them, where required by law.
Delete personal information CavBot has collected, subject to legal, security, operational, and service-related exceptions.
Correct inaccurate personal information maintained by CavBot.
Opt out of certain sales or sharing of personal information, where applicable.
Limit the use or disclosure of sensitive personal information, where the CCPA provides that right and where CavBot uses sensitive personal information in a way covered by that right.
Exercise privacy rights without being denied goods or services, charged a different price, or provided a different level or quality of service because of the request, except where permitted by law.

CavBot does not sell personal information for money. However, some advertising, social media, or similar browser-based technologies may be considered a “sale” or “sharing” under California privacy law if they are used for cross-context behavioral advertising or similar purposes. Where applicable, California residents can use the “Manage cookies” control in the website footer to reject optional analytics, social media, and advertising cookies on the browser and device where the choice is made.

CavBot treats cookie choices made through the “Manage cookies” control as a privacy preference for optional browser-based tracking on that browser and device. Required cookies remain active because they are needed to operate the website, store privacy choices, protect the Services, prevent fraud and abuse, deliver pages, support accessibility, and maintain basic service reliability.

To submit a California privacy request, contact CavBot at legal@cavbot.io. CavBot may need to verify your request before responding. The verification process may require information that allows CavBot to confirm that the request relates to you or to an account, workspace, website, or browser interaction associated with you. CavBot will use verification information only for purposes permitted by law.

Authorized agents may submit requests on behalf of California residents where permitted by law. CavBot may require the authorized agent to provide proof of authority and may also require the California resident to verify their identity directly, unless an exception applies.

CavBot will respond to California privacy requests within the time required by law. If CavBot cannot fulfill a request in whole or in part, CavBot will explain the reason where required and permitted by law.

XI. Privacy Rights in the EEA, Switzerland, and the United Kingdom

If you are located in the European Economic Area, Switzerland, or the United Kingdom, applicable data protection laws may provide you with additional rights and protections regarding your personal information.

XI.I Legal Bases for Processing

CavBot processes personal information only where it has a lawful basis to do so. Depending on the context, CavBot may process personal information under one or more of the following legal bases:

Contract performance, where processing is needed to provide the Services, create or manage an account, operate a workspace, process a transaction, respond to support requests, or perform obligations under an agreement with you or your organization.
Legitimate interests, where processing is necessary for CavBot’s business, security, product, and operational interests, provided those interests are not overridden by your privacy rights and interests. This may include protecting the Services, preventing fraud and abuse, improving reliability, debugging, maintaining service logs, understanding service performance, and communicating about the Services.
Consent, where CavBot asks for permission before carrying out certain processing. This may include optional analytics, social media, advertising cookies, certain marketing communications, or other activities where consent is required by law.
Legal obligations, where processing is necessary to comply with applicable law, respond to lawful requests, maintain required records, enforce legal rights, or meet tax, accounting, regulatory, security, or compliance obligations.

For optional analytics, social media, and advertising cookies that require consent, visitors may give, withhold, or change consent through the “Manage cookies” control in the website footer. Required cookies are used where needed to provide the website, remember privacy choices, protect the Services, maintain security, support accessibility, or comply with legal obligations.

XI.II Data Subject Rights

Subject to the requirements and exceptions provided by applicable law, individuals in the EEA, Switzerland, and the United Kingdom may have the right to:

Request access to personal information CavBot processes about them.
Request correction of inaccurate or incomplete personal information.
Request deletion of personal information in certain circumstances.
Request restriction of processing in certain circumstances.
Receive certain personal information in a portable format, where technically feasible and legally required.
Object to certain processing activities, including processing based on legitimate interests.
Withdraw consent at any time where CavBot relies on consent. Withdrawal does not affect processing that occurred before consent was withdrawn.
Lodge a complaint with a data protection authority or supervisory authority in the country where they live, work, or believe their rights have been affected.

To exercise these rights, contact CavBot at legal@cavbot.io. CavBot may need to verify the request and may ask for information needed to confirm identity, locate the relevant account or records, and respond properly. CavBot will respond within the time required by applicable law.

XI.III International Transfers

CavBot may process personal information in countries other than the country where you live. These countries may have privacy and data protection laws that differ from the laws in your jurisdiction.

Where required, CavBot uses appropriate safeguards to support lawful international transfers of personal information. These safeguards may include contractual protections, data processing agreements, transfer assessments, standard contractual clauses, or other transfer mechanisms recognized by applicable law.

CavBot takes steps designed to protect personal information when it is transferred, stored, or processed outside the EEA, Switzerland, or the United Kingdom. These steps may include limiting access to personal information, using service providers that agree to privacy and security obligations, and applying technical, organizational, and contractual safeguards appropriate to the nature of the information and the Services.

XII. Use of Services by Minors

CavBot Services are not directed to children under 13 and are not intended for use by minors where such use is prohibited by applicable law. We do not knowingly collect personal information directly from children under 13.

If you believe a child has provided personal information to CavBot, contact legal@cavbot.io so we can review and take appropriate action.

XIII. Policy Governance & Revisions

CavBot may revise this Privacy Policy to reflect changes in Services, legal obligations, provider relationships, or data practices. When material changes occur, we update the “Last Updated” date and may provide additional notice through website or in-product channels.

Your continued use of Services after an updated policy becomes effective indicates acceptance of the revised terms, to the extent permitted by law.

CavBot is provided as a software platform and intelligence system for modern digital operations. These Terms govern how the platform may be accessed, used, protected, paid for, and managed.

Welcome to cavbot.io and the CavBot platform. These Terms and Conditions of Use (the “Terms”) govern your access to and use of CavBot, including every official website, application environment, product surface, AI feature, workspace tool, storage workflow, support channel, interface, content, and feature that links to or references these Terms (collectively, the “Services”).

The Services are operated by CavBot (“CavBot,” “we,” “our,” or “us”). By accessing, browsing, registering for, or using any part of the Services, you acknowledge that you have read, understood, and agree to be legally bound by these Terms and by our Privacy Policy. If you do not agree to these Terms, you must not access or use the Services.

CavBot reserves the right to revise these Terms from time to time in its sole discretion. Where required by law, updates will be communicated appropriately and published on this page. Your continued use of the Services after such updates become effective constitutes acceptance of the revised Terms.

CavBot operates as a structured software platform, not as an unconditional guarantee of access. We may modify, suspend, restrict, or discontinue any part of the Services in accordance with these Terms and applicable law.

I. Access to the Services and Account Integrity
II. Eligibility, Registration, and Account Security
III. Subscriptions, Plans, Billing, and Payments
IV. Platform Availability, Product Accuracy, and Service Changes
V. Acceptable Use and Prohibited Conduct
VI. CavAi, AI Outputs, and Model-Assisted Workflows
VII. Workspace Content, File Storage, and Collaboration
VIII. Intellectual Property Rights and Platform Ownership
IX. Third-Party Services, Integrations, and External Providers
X. Disclaimers and Limitations of Liability
XI. Indemnification
XII. Suspension, Restrictions, and Termination
XIII. Governing Law, Dispute Resolution, and Jurisdiction
XIV. Changes to These Terms
XV. Contact and Official Notice Information

I. Access to the Services and Account Integrity

Access to the CavBot platform is provided as a service, not as a permanent entitlement. We may modify, suspend, limit, or discontinue any portion of the Services, temporarily or permanently, with or without notice, including platform features, AI capabilities, workspace modules, file access surfaces, diagnostics tools, publication features, or public-facing website content.

CavBot shall not be liable for any interruption, suspension, or unavailability of the Services arising from maintenance, upgrades, security events, infrastructure dependencies, force majeure, service-provider disruption, or reasonable operational changes.

From time to time, access to certain features or product surfaces may be restricted based on plan tier, workspace policy, account role, service readiness, geography, operational considerations, or security requirements.

Certain portions of the Services require an account. When you create or use an account, you agree to provide accurate, current, and complete information and to keep that information updated.

You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under your account unless and until you report unauthorized use to us. If you believe your account, password, session, workspace, or credential has been compromised, you must notify us promptly through CavBot’s official support or legal contact channels.

We reserve the right to suspend, restrict, or terminate access to any account, workspace, credential, feature, or product surface that, in our judgment, violates these Terms, creates risk to the platform, misuses AI or infrastructure resources, interferes with the experience of others, or compromises platform integrity, security, or lawful operation.

II. Eligibility, Registration, and Account Security

The Services are intended for individuals and organizations capable of entering into legally binding agreements under applicable law.

By using the Services, you represent and warrant that:

You are legally permitted to use the Services.
All information you submit is accurate, current, and complete.
Your use of the Services complies with these Terms and all applicable laws and regulations.

If you are using the Services on behalf of a company, organization, or other entity, you represent and warrant that you have the authority to bind that entity to these Terms. In such cases, “you” includes both the individual user and the entity on whose behalf the Services are used.

To access certain platform features, you may be required to register an account, join a workspace, accept an invitation, or authenticate through approved login flows.

You are solely responsible for:

Maintaining the security of your login credentials.
Controlling access to your devices and authenticated sessions.
Ensuring that any access granted through your account or workspace is authorized.

CavBot may implement technical safeguards such as session controls, device or session history, authentication verification, workspace access restrictions, and other security measures designed to protect the Services.

You agree not to:

Share credentials improperly.
Bypass account restrictions.
Impersonate another person or entity.
Create accounts using false or misleading information.
Attempt to gain unauthorized access to any workspace, file system, AI lane, protected route, or restricted surface.

The Services are not intended for children under the age required by applicable law to use such services independently. If your jurisdiction requires parental or guardian consent for minors, use of the Services must comply with those requirements. CavBot does not knowingly provide account-based Services to minors in violation of applicable law.

III. Subscriptions, Plans, Billing, and Payments

Certain CavBot features are available only through paid subscription plans or plan-governed usage entitlements. The availability of specific services, AI features, workflows, file limits, collaboration modes, or operational controls may vary by subscription level.

Current plan names, feature descriptions, and pricing are displayed through the official CavBot website or application interfaces and may be updated from time to time.

By subscribing to a paid plan, you agree to pay all applicable fees associated with your selected subscription, including recurring subscription charges, usage-based charges where explicitly disclosed, taxes, and any other applicable fees.

You authorize CavBot and its payment processors to charge your selected payment method in accordance with your chosen plan and billing interval.

Unless otherwise stated:

Subscriptions renew automatically.
Recurring fees are billed in advance.
You are responsible for maintaining a valid payment method.

CavBot may suspend, downgrade, limit, or terminate paid features if payment is unsuccessful, a subscription expires or is canceled, a plan change takes effect, or account usage exceeds governed limits without an authorized upgrade or extension.

We reserve the right to change pricing, plan packaging, or entitlement structure at any time. Any such changes will apply prospectively and, where required by law, will be communicated appropriately before taking effect.

If you purchase through a third-party payment processor, your payment may also be subject to that provider’s terms and policies. CavBot does not necessarily store full card details or full payment credentials directly.

Where refunds, credits, or billing disputes are permitted, they will be handled according to the applicable CavBot billing, refund, or subscription policy then in effect. Unless otherwise required by law, fees already paid may be non-refundable once access, capacity, or usage has been provisioned.

IV. Platform Availability, Product Accuracy, and Service Changes

CavBot makes reasonable efforts to describe the Services accurately and keep product information current. However, we do not guarantee that every feature description, interface label, pricing reference, availability notice, or technical statement will always be complete, current, or error-free.

We reserve the right to:

Update feature descriptions.
Adjust product packaging.
Modify or retire services.
Reconfigure workflows.
Update integrations.
Change system behavior to improve the platform and preserve security.

The inclusion of a feature, module, AI lane, file surface, or interface in the website or product does not constitute an irrevocable promise that such feature will remain available indefinitely or unchanged.

From time to time, some features may be marked as limited, experimental, beta, invite-only, pilot, or otherwise restricted. CavBot may also impose usage limits, throttles, role restrictions, or owner-governed policies to preserve platform health and prevent abuse.

If a material product, pricing, or service error occurs, CavBot reserves the right to correct it and take appropriate action, including correcting the listing, reversing an incorrect charge, canceling a mistaken transaction, or adjusting access granted under clear error.

V. Acceptable Use and Prohibited Conduct

You agree to use the Services only for lawful purposes and in accordance with these Terms.

You must not use the Services to:

Violate any applicable law or regulation.
Infringe the rights of others.
Interfere with platform stability or security.
Misuse AI features.
Abuse storage, publication, or collaboration systems.
Attempt unauthorized access.
Scrape or extract data unlawfully.
Upload malicious code.
Compromise the integrity, reliability, or lawful operation of the Services.

Without limitation, you agree not to:

Deploy bots, scripts, or automation to bypass normal usage controls.
Reverse engineer, probe, or exploit system vulnerabilities.
Interfere with diagnostics, AI lanes, workspace controls, or service quotas.
Use the Services to generate, transmit, or store unlawful, abusive, fraudulent, or infringing content.
Attempt to evade account, plan, or role restrictions.
Overload the Services through abusive request patterns.
Use CavBot in a manner that could materially harm other users, systems, or infrastructure.

CavBot may implement technical, behavioral, or policy-based controls to detect and prevent misuse, including request limiting, access restrictions, moderation controls, AI guardrails, workspace controls, and automated or manual review.

Violations may result in warnings, restricted access, plan limitations, workspace actions, suspension, termination, legal enforcement, or referral to relevant authorities where appropriate.

VI. CavAi, AI Outputs, and Model-Assisted Workflows

CavBot includes AI-assisted features made available through CavAi and related product surfaces. These features may support explanation, summarization, coding assistance, research, structured reasoning, drafting, or other model-assisted workflows.

AI functionality may rely on first-party orchestration and third-party model providers. Availability of AI features may depend on plan tier, workspace policy, account role, reasoning mode, model availability, and system limits.

You acknowledge and agree that:

AI outputs may be incomplete, inaccurate, or unsuitable for a given purpose.
AI outputs are generated based on your inputs, system context, and model behavior.
AI-assisted responses must be reviewed before reliance in sensitive contexts.

You are responsible for evaluating the appropriateness of AI outputs before using, publishing, applying, or distributing them.

CavBot may process prompts, instructions, files, images, transcripts, or other submitted content in order to provide AI functionality. Certain AI workflows may also generate logs, histories, summaries, or contextual artifacts necessary to deliver the service, preserve session continuity, or enforce guardrails.

CavBot may impose restrictions on which models are available, who may access them, which actions may invoke them, how reasoning settings operate, and when advanced AI capabilities may be blocked, throttled, or escalated for review.

Where CavBot provides AI-generated patches, code suggestions, or output intended to affect files, configurations, or execution, such output may still require explicit review, confirmation, or approval before application. CavBot does not warrant that AI-generated outputs are unique, error-free, legally compliant, or fit for a particular purpose.

VII. Workspace Content, File Storage, and Collaboration

CavBot may permit users and workspaces to upload, create, organize, preview, move, publish, share, secure, and collaborate around files, artifacts, and related content across platform workflows.

As between CavBot and the user, you retain whatever rights you already have in content you lawfully upload or submit to the Services, subject to the rights necessary for CavBot to host, process, transmit, preview, secure, and make that content available within platform operations.

By uploading, storing, or submitting content to the Services, you grant CavBot a limited, non-exclusive, worldwide license to host, process, reproduce, transmit, display, and otherwise use that content solely as reasonably necessary to:

Operate the Services.
Provide requested features.
Maintain security.
Enable previews and collaboration.
Support AI workflows where authorized.
Comply with law and platform governance.

You represent and warrant that you have the necessary rights, authority, and permissions to upload, store, share, publish, or otherwise make available any content you place in the Services.

You are solely responsible for the legality of your content, collaboration permissions, sharing choices, and workspace usage under your authority.

CavBot may impose controls and limitations on file types, file sizes, storage quotas, publication states, collaboration roles, secure sharing, and artifact handling. Certain protected workflows may require higher-trust controls, owner governance, or plan-level access.

CavBot reserves the right to suspend, remove, restrict, or investigate content or workspace activity where necessary to protect the platform, enforce these Terms, prevent unlawful activity, respond to abuse or security concerns, or comply with applicable law.

VIII. Intellectual Property Rights and Platform Ownership

Except for content you lawfully provide, the Services and all related software, interfaces, designs, text, graphics, marks, branding, product names, platform logic, workflows, and systems are owned by CavBot or its licensors and are protected by applicable intellectual property laws.

Subject to your compliance with these Terms, CavBot grants you a limited, non-exclusive, non-transferable, revocable right to access and use the Services for authorized purposes.

You may not copy, distribute, modify, reverse engineer, create derivative works from, or otherwise exploit platform materials except as expressly permitted by law or written authorization from CavBot.

“CavBot” and related product names, logos, marks, and trade dress are proprietary to CavBot. Use of those marks without permission is prohibited.

IX. Third-Party Services, Integrations, and External Providers

The Services may rely on or interoperate with third-party providers, including hosting, storage, payments, model providers, analytics, communications, authentication, security, and infrastructure services.

CavBot is not responsible for third-party products or services that are not controlled by CavBot. Your use of third-party tools or integrations may be subject to separate terms and policies.

CavBot may add, remove, replace, or reconfigure third-party providers as reasonably necessary for operations, reliability, security, compliance, or product evolution.

X. Disclaimers and Limitations of Liability

To the maximum extent permitted by law, the Services are provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

CavBot does not guarantee uninterrupted availability, error-free operation, or that outputs, analytics, insights, recommendations, or AI-generated content will be accurate, complete, or suitable for every use case.

To the maximum extent permitted by law, CavBot and its affiliates, officers, employees, agents, and licensors shall not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for loss of profits, revenues, data, goodwill, or business opportunities, arising out of or related to use of or inability to use the Services.

Where liability cannot be excluded, CavBot’s aggregate liability for claims related to the Services will be limited to the amount paid by you to CavBot for the Services during the twelve (12) months preceding the event giving rise to the claim.

XI. Indemnification

To the extent permitted by law, you agree to defend, indemnify, and hold harmless CavBot and its affiliates, officers, directors, employees, contractors, licensors, and agents from and against any claims, liabilities, damages, losses, costs, and expenses, including reasonable attorneys’ fees, arising from or related to:

Your use of the Services.
Your content or workspace activity.
Your violation of these Terms.
Your violation of applicable law.
Your infringement of rights of any person or entity.

XII. Suspension, Restrictions, and Termination

CavBot may suspend, limit, restrict, or terminate access to all or part of the Services at any time where reasonably necessary to protect users, infrastructure, legal compliance, or platform integrity.

Grounds may include breach of these Terms, suspected abuse, security risk, unlawful activity, non-payment, prolonged inactivity, or operational and legal requirements.

Upon termination, rights granted to you under these Terms cease immediately, but provisions that by their nature should survive, including intellectual property, disclaimers, limitations, indemnification, and dispute provisions, will continue in effect.

XIII. Governing Law, Dispute Resolution, and Jurisdiction

These Terms and any dispute arising out of or relating to the Services will be governed by applicable law in the jurisdiction where CavBot is established, without regard to conflicts-of-law principles, except where mandatory law provides otherwise.

The parties agree to first attempt good-faith resolution of disputes through written notice and informal negotiation before initiating formal proceedings.

Subject to applicable law, disputes not resolved informally will be brought in courts of competent jurisdiction designated by CavBot’s governing legal framework.

XIV. Changes to These Terms

CavBot may update these Terms to reflect product evolution, legal requirements, security practices, provider relationships, pricing changes, or operational changes.

When updates are material, CavBot may provide notice through the Services, website, account channels, or other reasonable communication methods. The “Last Updated” date will be revised when changes become effective.

Your continued use of the Services after effective updates constitutes acceptance of the revised Terms, to the extent permitted by law.

XV. Contact and Official Notice Information

For questions, support, legal notices, compliance matters, or rights-related requests regarding these Terms or the Services, contact CavBot through official channels:

Notices are considered effective when received through designated CavBot channels, subject to any additional legal notice requirements that may apply.

CavBot treats security as part of the platform architecture, not as a layer added after the fact. The protection of accounts, workspace state, uploaded content, AI workflows, and sensitive product surfaces is a core operating responsibility.

This Data Security & Platform Protection Statement explains how CavBot is designed to protect user accounts, workspace operations, AI-enabled functionality, uploaded content, collaboration workflows, and sensitive product surfaces.

This statement applies across the CavBot website, application environments, and connected CavBot product surfaces that link to or reference this statement, including platform features used for diagnostics, AI assistance, coding, storage, collaboration, support, and operational workflows (collectively, the “Services”).

Security at CavBot is built around a clear principle: access should be verified, actions should be governed, and sensitive operations should be controlled in ways that are technically sound, operationally clear, and respectful of user trust.

For security-related questions or reports, contact legal@cavbot.io or the official security contact listed by CavBot.

I. Security Architecture & Governance
II. Access Control, Identity & Account Protection
III. Verification, Anti-Abuse & Caverify
IV. AI Guardrails, Model Governance & CavGuard
V. Workspace Permissions, Collaboration & Secure Operations
VI. Infrastructure, Storage & Transmission Protections
VII. Monitoring, Audit, Incident Response & Oversight
VIII. User Responsibilities & Security Reporting
IX. Policy Governance & Revisions

I. Security Architecture & Governance

CavBot is designed as a layered security system. We do not treat platform protection as a single setting, a one-time configuration, or a cosmetic promise. Our approach combines account controls, identity-aware access, workspace permissions, guarded product actions, backend policy enforcement, operational monitoring, and secure product design.

Because CavBot supports account-based access, AI-assisted workflows, workspace collaboration, file and artifact handling, diagnostics, telemetry, and controlled product modules, our security posture is intended to preserve:

Confidentiality of account, workspace, and file information.
Integrity of platform actions, permissions, and governed workflows.
Availability and continuity of critical product surfaces.
Trust in the actions performed inside CavBot.

The platform’s security posture may be supported through:

Controlled account access and authenticated sessions.
Workspace-level permissions and role separation.
Guarded feature access based on plan, role, and policy.
Backend-authoritative enforcement of sensitive actions.
Structured AI restrictions and model-access governance.
Monitoring, audit visibility, and administrative review where needed.

CavBot reserves the right to modify, strengthen, restrict, or reconfigure security controls at any time where necessary to protect users, workspaces, infrastructure, platform integrity, or lawful operation of the Services.

II. Access Control, Identity & Account Protection

CavBot protects the platform by controlling who may enter, what they may access, and how account activity is verified. Access to certain Services, workspaces, files, AI features, or privileged product surfaces may require authentication and additional account validation.

Access may depend on:

Account status.
Workspace membership.
Subscription tier.
Role assignment.
Owner-governed workspace policy.
Additional verification requirements triggered by platform rules.
Security, abuse, or operational risk signals.

CavBot may maintain account-protection measures designed to reduce unauthorized access, suspicious session behavior, and misuse of protected workflows. These measures may include:

Secure login and authentication flows.
Session management and session validation.
Device and session review signals.
Token-based and session-based access controls.
Role-bound access enforcement.
Workspace-level access restrictions.
Additional verification for sensitive product actions.

Users are responsible for:

Maintaining the confidentiality of login credentials.
Controlling access to authenticated devices and sessions.
Promptly reporting suspected account compromise.
Using the Services in accordance with platform policy.

CavBot may suspend, restrict, invalidate, or require re-verification for any account, workspace, token, credential, or session that appears to present a security risk, violates platform rules, or attempts to bypass established safeguards.

III. Verification, Anti-Abuse & Caverify

Caverify is CavBot’s verification layer. It exists to reduce automated abuse, protect sensitive entry points, and help ensure that access attempts and guarded actions are legitimate before they move deeper into the platform.

Caverify is especially relevant where product integrity could be exposed to repeated automated misuse, fraudulent interaction, replay attempts, credential abuse, or abusive request patterns.

Caverify may be used to support:

Access verification at sensitive points of entry.
Anti-bot and anti-abuse protection.
Guarded human-verification workflows.
Short-lived and replay-resistant verification behavior.
Additional abuse resistance around AI and other high-value platform actions.

Caverify is not designed as a cosmetic checkpoint. It is intended to act as a platform defense mechanism that preserves the usability of the Services for legitimate users while making automated misuse materially more difficult.

Verification requirements may vary depending on:

The user’s plan.
The feature being accessed.
The sensitivity of the requested action.
The presence of suspicious behavior.
Workspace policy.
Real-time abuse signals detected by the system.

CavBot reserves the right to strengthen, increase, reduce, or reconfigure verification controls in response to abuse, attack patterns, security risk, or evolving platform needs.

IV. AI Guardrails, Model Governance & CavGuard

CavGuard is CavBot’s policy and enforcement layer for governed platform behavior. Where Caverify focuses on confirming access, CavGuard focuses on controlling what actions are allowed once a user is inside the platform.

CavGuard helps ensure that AI, coding, storage, collaboration, publication, and other sensitive workflows remain bounded by real permissions, real plan logic, real workspace scope, and real platform rules.

CavGuard may govern:

Plan-aware access to AI features.
Role-based and owner-governed restrictions.
Action-class enforcement.
Model availability and model routing.
Research mode and reasoning-level restrictions.
High-cost or high-impact workflow access.
Backend denial of prohibited requests.
Whether an action must remain a suggestion instead of direct execution.

Within CavAi and model-assisted workflows, CavGuard may determine:

Whether a user can access a model or AI lane.
Whether a specific action is permitted.
Whether a reasoning level is allowed.
Whether a file, project, or workspace scope is valid.
Whether a high-cost request should be blocked, throttled, limited, or reviewed.
Whether an output can be generated, applied, published, or only presented for review.

CavBot’s AI security approach is not based on a single model or provider. It is based on governed orchestration: the right model for the right task, the right user for the right capability, the right plan for the right level of access, and the right controls around what can actually be run, changed, generated, stored, or shared.

CavGuard exists to make that logic visible, enforceable, and consistent across the platform.

V. Workspace Permissions, Collaboration & Secure Operations

CavBot supports workspace-based operations. This means access is not governed only at the account level. It is also governed at the workspace, project, role, and feature level.

Workspace protection may include:

Owner-controlled permissions.
Admin and member role differentiation.
Invitation-based collaboration.
Controlled publication and sharing states.
Policy-aware access to files, AI features, and secure surfaces.
Protected handling for high-trust workflows.
Audit-oriented visibility into sensitive workspace actions.

Some workspace operations may be available only:

To workspace owners.
To specific roles approved by the owner.
To users within a plan tier that supports the relevant feature.
Under collaboration settings that explicitly permit such access.
After additional verification or policy checks have passed.

Within protected surfaces such as secure storage, higher-trust collaboration environments, guarded AI workflows, or controlled publication flows, CavBot may impose additional restrictions designed to preserve confidentiality, prevent accidental exposure, and reduce misuse.

CavBot may maintain workflow separation between:

Ordinary storage and protected storage.
Standard collaboration and secure collaboration.
Ordinary AI access and restricted AI access.
Public artifact handling and internal workspace-only operations.
Suggested actions and direct execution.

This separation is intentional. It helps the platform preserve trust while still allowing teams to move quickly.

VI. Infrastructure, Storage & Transmission Protections

CavBot is designed to use technical safeguards intended to preserve the confidentiality, integrity, and availability of platform data, workspace state, and product workflows.

These safeguards may include:

Encryption in transit for network communication.
Protected session handling.
Controlled credential storage practices.
Backend access restrictions.
File and workspace access controls.
Secure provider communication.
Infrastructure monitoring.
Role-limited administrative access.
Operational separation between ordinary and higher-trust workflows.

Where CavBot relies on third-party infrastructure or service providers for cloud hosting, storage, AI processing, billing, communications, authentication, analytics, or related operations, those providers may process limited data as part of delivering the Services.

CavBot seeks to use vendors and configurations appropriate to the nature of the Services and to limit access to what is reasonably necessary for service delivery, platform security, support, and compliance.

No platform can guarantee absolute security. No transmission method over the internet and no digital storage system is entirely immune from compromise. CavBot therefore approaches infrastructure protection as an ongoing operational discipline rather than a permanent state of invulnerability.

Users should also understand that the security of uploaded content, account access, and shared workspace activity depends not only on CavBot’s infrastructure, but also on user credential handling, responsible sharing practices, workspace role management, and adherence to the platform’s permitted use model.

VII. Monitoring, Audit, Incident Response & Oversight

CavBot uses monitoring and oversight to help identify, investigate, and respond to abnormal behavior, misuse, instability, unauthorized access attempts, or security concerns.

This may include monitoring related to:

Account access and session behavior.
AI usage patterns.
API activity.
File and artifact workflows.
Protected collaboration actions.
Policy denials.
Operational state changes across the Services.

CavBot may maintain audit-oriented records relevant to:

Account activity.
Workspace actions.
Feature access.
AI model usage.
Policy enforcement events.
Protected system changes.

These records may be used for:

Internal investigations.
Abuse prevention.
System integrity review.
Dispute handling.
Compliance and security administration.
Incident response and recovery.

Where CavBot becomes aware of a material security issue, unauthorized access event, or significant operational compromise, we may take actions including restricting access, rotating or invalidating sessions, disabling features or providers, contacting affected users where appropriate, and preserving relevant records for investigation and response.

CavBot reserves the right to use incident-driven safeguards, temporary restrictions, emergency policy actions, and additional verification steps where needed to protect the platform and its users.

VIII. User Responsibilities & Security Reporting

Security at CavBot is shared. While the platform enforces layered protections, users also play an essential role in preserving account and workspace safety.

You are responsible for:

Maintaining secure credentials.
Controlling access to your devices and active sessions.
Configuring your workspace responsibly.
Reviewing collaborator permissions where applicable.
Using sharing, publication, and AI features with care.
Reporting suspected misuse or compromise promptly.

You should not:

Share credentials carelessly.
Use unauthorized automation against the platform.
Attempt to bypass access controls.
Probe, exploit, or interfere with protected systems.
Use the Services in ways that create avoidable risk for your workspace or others.

If you believe you have identified an account compromise, a security weakness, unauthorized access, suspicious AI behavior, abusive automation, or another material security concern, report it through CavBot’s official security contact as soon as possible.

CavBot may review, investigate, and respond to such reports in its discretion and in accordance with its operational and legal obligations.

Security reports may be sent to legal@cavbot.io.

IX. Policy Governance & Revisions

CavBot may revise this Data Security & Platform Protection Statement from time to time to reflect:

Changes in platform architecture.
Product expansion.
AI model or provider changes.
Evolving security controls.
Legal or compliance developments.
Operational improvements.

When updates are made, the revised version will be published with an updated effective date. Where required by law or where changes are material, CavBot may provide additional notice through the Services or by other appropriate means.

Continued use of the Services after such updates become effective constitutes acknowledgment of the revised statement, to the extent permitted by law.

Security at CavBot is not static. It is governed, reviewed, and refined as the platform evolves.

CavBot Code of Ethics

CavBot Privacy Statement

CavBot Terms of Service

CavBot Data Security