Privacy Policy

Last updated: February 2026

1. Identity and Contact Details

WOPR Network (“WOPR,” “we,” “us,” or “our”) is the data controller responsible for your personal data. We operate the WOPR Bot platform available at wopr.bot.

If you have questions about how we handle your data, or if you wish to exercise any of your rights described below, contact us at privacy@wopr.network.

2. What We Collect and Why

We only collect information that is necessary to provide and improve WOPR Bot services. We do not collect data for advertising or sell your information to third parties.

Account information

Your name and email address, collected when you create an account. We use this to identify you, communicate with you about your account, and send transactional emails such as password resets and billing notifications. Legal basis: performance of our contract with you.

Billing information

Payment card details are processed directly by Stripe and are never stored on WOPR servers. We receive only a tokenized reference, your billing email, and transaction history from Stripe. Legal basis: performance of our contract with you.

API keys

You provide your own API keys for third-party AI providers (the “bring your own key” model). These keys are encrypted at rest and used only to make requests to your chosen providers on your behalf. We do not log or store the content of AI interactions. Legal basis: performance of our contract with you.

Bot configuration

Plugin selections, channel configurations, provider settings, and other choices you make while setting up and operating your bots. This data is necessary to deliver the service as you have configured it. Legal basis: performance of our contract with you.

Usage data

API call counts, feature usage metrics, and hosted capability credit consumption. We use this data for billing, capacity planning, and service improvement. Legal basis: legitimate interest in maintaining and improving our service.

Technical data

IP address, browser type, and operating system collected via web server logs. We use this for security monitoring, abuse prevention, and debugging. Server logs are retained for 90 days. Legal basis: legitimate interest in securing our service.

3. When We Access or Share Your Information

We do not sell your personal data. We do not use third-party tracking or advertising cookies. We share data with the following categories of sub-processors only as needed to provide the service:

  • Stripe — payment processing. Stripe receives your billing information to process subscription payments. Stripe's privacy policy governs their handling of your payment data.
  • AI providers (user-selected, bring-your-own-key model) — request fulfillment. Your prompts and inputs are sent to the AI provider you have configured. We do not choose or control which provider you use.
  • Hosting provider — infrastructure. Our servers and Docker fleet are hosted by third-party infrastructure providers who may process data on our behalf under strict data processing agreements.
  • Email service — transactional emails. We use a third-party email service to send password resets, billing notifications, and other operational messages.

We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of WOPR Network, our users, or the public.

4. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of access (Art. 15) — request a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data
  • Right to erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”)
  • Right to restrict processing (Art. 18) — limit how we use your data in certain circumstances
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to lodge a complaint with a supervisory authority in your member state

To exercise any of these rights, email privacy@wopr.network. We will respond within 30 days.

5. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act provides you with the following rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, email privacy@wopr.network.

6. Data Retention

We retain your account data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days. Some information may be retained longer where required by law:

  • Billing and transaction records are retained for up to 7 years as required by tax and financial regulations
  • Server logs are retained for 90 days
  • Backups containing your data are purged within 60 days of account deletion

7. Cookies and Tracking

We use essential cookies only. These cookies are required for authentication and session management (powered by better-auth) and cannot be disabled without breaking the service. We do not use marketing cookies, analytics cookies, or third-party tracking pixels. There is no cookie banner because there is nothing optional to consent to.

8. Security

We take reasonable measures to protect your personal data. API keys are encrypted at rest. All data in transit is protected via HTTPS. Access to production systems is restricted to authorized personnel. We conduct regular security reviews of our infrastructure and codebase. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International Data Transfers

Your data may be processed in the United States or other countries where our infrastructure providers operate. If you are located in the EU/EEA, transfers of your personal data outside the EU/EEA are governed by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay. Where required by GDPR, we will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

11. Children's Privacy

WOPR Bot is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at privacy@wopr.network and we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the service before the changes take effect. Your continued use of WOPR Bot after the changes take effect constitutes acceptance of the updated policy.

13. Contact

Questions about this privacy policy? Email us at privacy@wopr.network.

Terms of ServiceHome