Pandorabots Policies Overview


Thank you for your interest in Pandorabots. We provide an industry-leading web service for building, deploying, and hosting chatbots, i.e., conversational AI software applications. By accessing or using the Pandorabots Platform, you are agreeing to the Terms of Service and other Policies outlined below.


The Enterprise Tier is governed by a separately negotiated Enterprise Cloud Services Agreement, which supersedes these Terms (including heightened Privacy, Security, Service Levels, and other customizations).

Terms of Service

Last Modified: January 9, 2018                                                

Previous Versions

Pandorabots, Inc. ("Pandorabots", "we", "our", or "us") provides an online software platform (the "Pandorabots Platform") that enables developers and other users to build, host, and deploy natural language conversational agents (“Chatbot(s)”) for devices and software applications.

These Terms of Service (these "Terms") include the legal terms that we require all developers and other users to accept and implement as a condition of accessing our web services located at https://www.pandorabots.com/  and other websites owned and/or operated by Pandorabots, Inc. (the "Website(s)"), and/or accessing or using the application programming interfaces provided on or in connection with the Pandorabots Platform ("API(s)"), including any documentation, materials, code, data (such as Talklogs as defined below), files (such as AIML and Other Files as defined below) and other information or materials made available to you by Pandorabots on or in connection with the APIs (collectively, "Pandorabots Content") to develop Chatbots for use in your products or devices (“Devices”) and/or your software applications ("Application(s)").

The Pandorabots Platform includes a sandbox environment and developer portal designed to allow you to access, upload, download, edit, create, store, and interpret files and data in connection with building, hosting, and deploying your Chatbot(s). Files contained in each Chatbot may include files written in Artificial Intelligence Markup Language (“AIML Files”), and SETS, MAPS, SUBSTITUTIONS, and SYSTEM files (collectively, “Other Files”). For more information on AIML and Other Files, please see the online documentation .  Data may include analytics and Talklogs, which may include “Inputs” to, and “Outputs” from, your Chatbot(s) (“Talklogs”). "Inputs" are typically text inputs, whether typed or converted from speech utterance or spoken phrase to text, by an individual sent from your Application to Pandorabots servers for processing; "Outputs" are the responses returned to your Application by the Pandorabots Platform.

PLEASE READ THESE TERMS CAREFULLY TO ENSURE THAT YOU UNDERSTAND EACH PROVISION. THESE TERMS CONTAIN A MANDATORY INDIVIDUAL ARBITRATION AND CLASS ACTION/JURY TRIAL WAIVER PROVISION THAT REQUIRES THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTIONS. Pandorabots reserves the right to make unilateral modifications to these terms and will provide notice of these changes as described below.

BY USING OR CONTINUING TO USE THE PANDORABOTS APIS OR BY CLICKING "Sign Up" YOU AGREE TO USE THE PANDORABOTS APIS AND OTHER PANDORABOTS CONTENT SOLELY IN ACCORDANCE WITH THESE TERMS OF SERVICE, AND YOU AGREE THAT YOU ARE BOUND BY AND ARE A PARTY TO THESE TERMS. YOU WARRANT THAT YOU ARE AT LEAST EIGHTEEN (18) YEARS OLD AND THAT YOU HAVE THE LEGAL CAPACITY TO AGREE TO AND BE BOUND BY THESE TERMS. IF YOU ACCESS OR USE THE PANDORABOTS APIS, OTHER PANDORABOTS CONTENT, OR THE PANDORABOTS PLATFORM ON BEHALF OF A COMPANY, PRINCIPAL OR OTHER ENTITY, YOU REPRESENT THAT YOU HAVE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND THAT THESE TERMS ARE FULLY BINDING UPON THEM. IN SUCH CASE, THE TERM "YOU" WILL REFER TO YOU AND SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE AUTHORITY, OR IF YOU DO NOT AGREE WITH  THESE TERMS OF SERVICE, YOU MAY NOT ACCESS OR USE THE APIS OR OTHER PANDORABOTS CONTENT.

  1. Accounts and Registration
    1. Accounts
      1. You need to use a current Pandorabots account or create a new Pandorabots account in order to use the APIs and other Pandorabots Content.
      2. You may use the Pandorabots Content and/or Pandorabots Platform only if you can form a binding contract with Pandorabots, and only in compliance with these Terms and all applicable local, state, national, and international laws, rules and regulations.
      3. Any use or access to the Website(s), APIs, or Pandorabots Platform by anyone under 13 is strictly prohibited and in violation of these Terms.
      4. You must be a human. Accounts registered by “bots”(!) or other automated methods are not permitted.
      5. You are solely responsible for the activity that occurs on your account, including, without limitation, any Customer Data and Account Information (each as defined below) provided under or through your account.
      6. You may create a Pandorabots account using some existing account credentials or via other registration methods we may provide from time to time, in our sole discretion. By connecting to the Pandorabots Platform with a third-party service, you give us permission to access and use your information from that service as permitted by that service, and to store your log-in credentials for that service. It is your responsibility to keep your password, account credentials, and accounts secure. You must notify Pandorabots immediately if any unauthorized use, or suspected unauthorized use, of your Pandorabots account occurs or if any other breach of security occurs.
      7. You may never use another user’s account without permission. Your login may only be used by one person. A single login shared by multiple individuals is not permitted.
      8. You acknowledge that Pandorabots is not liable for any loss or damage arising from your failure to comply with the above requirements.
    2. Registration
      1. You may be required to provide certain information (e.g., your contact details, description of your product or service, your company name, your credit card details, etc., collectively, “Account Information”) as part of the registration process to access the Pandorabots Content, or as part of your continued use of the Pandorabots Content.
      2. You agree that any registration information you give to Pandorabots will always be accurate and up to date, and you agree to promptly notify Pandorabots of any changes in your Account Information.
  2. Use of Pandorabots Content
    1. Right to Access and Use of Pandorabots Content.
      Subject to these Terms, Pandorabots grants you a limited, revocable, non-transferable, non-exclusive, right (without the right to sublicense) to access and use the Pandorabots Content and Pandorabots Platform, solely to the extent necessary for you to host and create chatbot(s) that operate solely in connection with your Devices and/or Applications.
    2. Permitted Access.
      You will access (or attempt to access) an API or other Pandorabots Content only as expressly permitted by these Terms and the means described by Pandorabots in the documentation, instructions, or features available based on Your Usage (as defined below).
    3. API Calls.
      Pandorabots may set limits on the number of API calls that you can make at its sole discretion, for example in the interest of service stability, or, without limiting the foregoing, in accordance with limits based on your free or paid subscription usage (“Your Usage”) of the Pandorabots Platform. Pandorabots may throttle your activity or cease offering you access to the APIs altogether in Pandorabots’ sole discretion. You agree to such limitations and will not attempt to circumvent such limitations.
    4. Fees.
      Fees, API limits, and access to other features may vary depending on Your Usage. The limits, features, and fees owed for each available paid plan (“Subscription Plan(s)”) are set forth at Pandorabots’ website(s) and are subject to change without notice. Overage rates (where applicable) are also set forth online, may be capped, and are subject to change without notice. You acknowledge and agree to pay all fees, as due, for the full-term of the subscription, regardless of whether the subscription is cancelled prior to expiration or termination of these Terms. No refunds will be given for any reason, including, but not limited to, unused Services, regardless of whether the subscription is cancelled prior to expiration or termination of these Terms. You must provide Pandorabots notice of any billing issues or disputes within sixty (60) days after they first appear on the statement you receive from your bank, credit card company, or other billing company. Failure to notify Pandorabots of any billing issues within the sixty (60) day period will result in your acceptance of the charges and you waive the right to dispute such charges. Failure to pay fully and promptly may result in the deactivation of your account until payment is successfully received.
    5. Open Source Software.
      Some of the software offered by or included in the Pandorabots Content may be offered under an open source license. There may be provisions in the open source license that expressly override some of these Terms, and in those cases, the overriding provisions apply.
    6. Accuracy.
      We do not guarantee the accuracy of any Pandorabots Content, including any output generated in connection with your use of the Pandorabots Content or Pandorabots Platform. You acknowledge and agree that you use and rely on the Pandorabots Content and the Pandorabots Platform at your own risk, and that Pandorabots will not be liable for any errors or inaccuracies of any Pandorabots Content or the Pandorabots Platform.
    7. Monitoring.
      Pandorabots may, but is under no obligation to, monitor the use of the Pandorabots Content to ensure quality, improve Pandorabots products and services, or verify your compliance with these Terms. You will not interfere with such monitoring.
    8. Compliance with Law.
      You will use our APIs and other Pandorabots Content and the Pandorabots Platform only as permitted by law (including without limitation laws regarding the import or export of data or software, privacy, or local laws). You will not use the APIs or other Pandorabots Content to encourage or promote illegal or dangerous activity. You also will require any end users of your Devices or Applications ("End Users") to comply with any applicable law and these Terms. You will not knowingly enable your End Users to violate applicable law or these Terms.
  3. Prohibitions
     When using any Pandorabots Content and/or the Pandorabots Platform, unless otherwise approved in writing by Pandorabots, the following prohibitions apply:
    1. You will not use the APIs or other Pandorabots Content on behalf of any third party, unless such third party has expressly authorized you to access and use the Pandorabots Content under its account.
    2. You will not copy, rent, lease, sell, transfer, assign, sublicense, disassemble, reverse engineer or decompile (except to the limited extent expressly authorized by applicable statutory law), modify or alter any part of the Website(s), APIs, other Pandorabots Content, or the Pandorabots Platform.
    3. You will not create an Application that functions substantially the same as the APIs or other Pandorabots Content and offer it for use by third parties.
    4. You will not use the Pandorabots Content or Pandorabots Platform in connection with any Device or Application that is targeted to children under the age of thirteen (13).
    5. You will not use the Pandorabots Content or Pandorabots Platform in connection with providing any adult entertainment oriented or otherwise pornographic services.
    6. You will not perform an action with the intent of introducing to the Website(s), Pandorabots Content, or Pandorabots Platform or the applications or products of any third party, any viruses, worms, defects, Trojan horses, malware or any items of a destructive nature.
    7. You will not use the Pandorabots Content or Pandorabots Platform, or access or control any customer accounts, products, devices, or applications in a manner that could cause harm, damage, or loss to any individual, or otherwise harm, defame, abuse, harass, stalk or threaten others or allow or encourage any third party to do so.
    8. You will not use the APIs, other Pandorabots Content, or the Pandorabots Platform in any manner or for any purpose that may violate any law or regulation, or any right of any person including, but not limited to, intellectual property rights, rights of privacy and/or rights of personality, or which otherwise may be harmful (in Pandorabots' sole discretion) to Pandorabots, its service providers, its suppliers, end users of the Pandorabots Platform, End Users, or any individual or entity.
    9. You will not use the APIs, other Pandorabots Content, or the Pandorabots Platform in connection with any inherently dangerous objects, devices, materials, or situations, or in furtherance of any activities likely to cause harm to any individual or property.
    10. You will not: (i) interfere with or disrupt the Website(s), Pandorabots Platform, the APIs, or the servers or networks providing the APIs; (ii) tamper with the security of the any of the hardware, software or networks used by Pandorabots to make the Website(s), Pandorabots Content, or Pandorabots Platform available or tamper with any customer accounts; (iii) disable, circumvent or avoid any security device, mechanism, protocol or procedure established by Pandorabots; or (iv) permit others to do any of the foregoing.
  4. Compliance
     Pandorabots reserves the right to investigate any Device or Application for compliance with these Terms. Such investigations may include Pandorabots accessing and using your Device or Application, for example to identify stability or security issues that could affect Pandorabots or its customers. You consent to any such investigation. Pandorabots may immediately suspend or terminate access to the Website(s), APIs, other Pandorabots Content, and the Pandorabots Platform by you or your Device or Application without notice if we believe, in our sole discretion, that you are in violation of these Terms or otherwise.
  5. Privacy and Security
    1. Customer Data.
      "Customer Data" means any and all information you provide to or through, or is generated in connection with your use of, the Website(s), Pandorabots Content, or the Pandorabots Platform, including, but not limited to, AIML and Other Files, Talklogs, Account Information, and data that relates to any End Users or such End Users’ use of your Application ("End User Data"), including, but not limited to, Inputs from an End User sent by your Application to the Pandorabots servers for processing. You acknowledge and agree that you are solely responsible for obtaining all required consents from End Users in connection with any use of your Devices or Applications and the Pandorabots Content (including the APIs), which consent shall be compliant with all applicable data protection legislation and other privacy laws, rules, and regulations. Before collecting any End User Data or other information from End Users, you will provide adequate notice of what End User Data and other information you collect and how it will be used and/or shared and obtain any necessary consents. You and your Applications will comply with all privacy laws and regulations in connection with your access and use of the Pandorabots Content and Pandorabots Platform. You will provide and adhere to a privacy policy for your Device or Application that: (i) complies with all applicable laws, rules, and regulations, (ii) is conspicuously displayed to all End Users, and (iii) clearly and accurately describes to End Users what data and user information you collect (such as personally identifiable information, login information, etc.) and how you use and share such information with Pandorabots and third parties. You understand that by using the Pandorabots Content or Pandorabots Platform, you consent to the collection, use, and disclosure of any Customer Data (including personal information and aggregate data) as set forth in our       Privacy Policy , and to have Customer Data collected, used, transferred to and processed in the United States. You shall be solely responsible for your Customer Data and the consequences of making it available on or through the Pandorabots Content and/or Pandorabots Platform.
    2. Privacy.
      You understand that by using the Pandorabots Content and/or Pandorabots Platform you consent to the collection, use and disclosure of your personally identifiable information and Customer Data as set forth in our       Privacy Policy , and to have your personally identifiable information and Customer Data collected, used, transferred to and processed in the United States.
    3. Security.
      We care about the integrity and security of your Customer Data and personal information. However, we cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. You acknowledge that you are solely responsible for any personal injury or property damage arising from or relating to your use of any Pandorabots Content, the Pandorabots Platform, or any authorized or unauthorized use of your Device or Application.
  6. DMCA
     We respect content owner rights; it is Pandorabots’ policy to respond to alleged infringement notices that comply with the Digital Millennium Copyright Act of 1998 ("DMCA"), as provided in our DMCA Policy.
  7. Ownership and License
    1. Your Chatbots, Devices, Applications, and Customer Data.
      Pandorabots does not acquire ownership of your Chatbots, Devices, Applications, or Customer Data by your use of the APIs or other Pandorabots Content. You represent and warrant that you have the necessary rights to provide all Customer Data, including without limitation, End User Data and Account Information, and other information you make available in connection with your use of the Pandorabots Content and/or the Pandorabots Platform and to grant all rights and licenses under these Terms. Without limiting the foregoing, if you are using the Pandorabots Content or Pandorabots Platform on behalf of your employer or any third party, you represent and warrant that your employer or such third party has expressly authorized you to make available and use any content, data, or information that you use or make available in connection with your use of the Pandorabots Content and/or Pandorabots Platform. You further represent and warrant that your Customer Data (including, without limitation, End User Data and Account Information), Applications, and/or Devices, and any use thereof in connection with the Pandorabots Content or Pandorabots Platform will not violate the rights of any third party, including but not limited to, intellectual property rights, trade secret rights or other proprietary rights, or rights of privacy, or violate any applicable laws, rules, or regulations.
    2. Customer Data Rights and License.
      In connection with the operation of the Pandorabots Content and Pandorabots Platform, Pandorabots receives, utilizes, and analyzes Customer Data. You retain ownership of your Customer Data. However, notwithstanding anything to the contrary, you hereby grant Pandorabots a license to: (i) use and disclose your Customer Data to provide the Pandorabots Content and the Pandorabots Platform; (ii) use your Customer Data for Pandorabots’ internal business purposes; (iii) disclose your Customer Data as may be required by law or legal process; and (iv) otherwise use and disclose your Customer Data in accordance with the Pandorabots       Privacy Policy . Without limiting the foregoing, you agree that Pandorabots is expressly and irrevocably authorized to utilize, analyze, modify, reproduce, publish, share, create derivative works of, or otherwise exercise all rights in your Customer Data and any analytics, statistics or other data related to or derived from your Customer Data and/or your use of the Pandorabots Content or Pandorabots Platform for any purpose, provided that such data is in aggregate and anonymized form ("Aggregate Data"). Subject to the Customer Data licenses, you acknowledge and agree that Pandorabots will exclusively own all right, title, and interest in and to all Aggregate Data and other output data generated by the Pandorabots Platform. Notwithstanding anything to the contrary, if you ever have any ownership interest in any Aggregate Data or output data, you hereby assign to Pandorabots all such right, title, and interest in and to such Aggregate Data and output data, including all intellectual property rights therein.
    3. Pandorabots Content and Pandorabots Platform.
      By using our Website(s), APIs, other Pandorabots Content, or Pandorabots Platform, you do not acquire ownership of any rights in our Website(s), APIs, other Pandorabots Content, the Pandorabots Platform, or any data, content or information that is transmitted or accessed through our APIs, including without limitation, any Libraries, Chatbots, AIML code, Talklogs, or other data provided by Pandorabots or other Pandorabots users. Except for your Customer Data, as between you and Pandorabots, the Pandorabots Content, the Pandorabots Platform, and all data, content, and information that is contained in or transmitted or accessed through our APIs and/or the Pandorabots Platform, including, without limitation, software, Libraries, Chatbots, AIML code, machine learning models, images, text, graphics, illustrations, logos, patents, trademarks, service marks, copyrights, photographs, audio, videos, music, and data belonging to other users, and all intellectual property rights related thereto, are the exclusive property of Pandorabots and its licensors.
    4. Feedback.
      If we receive any feedback, suggestions, ideas, reports, or other information relating to any Pandorabots Content or any Pandorabots products or services, we may use such information without obligation to you.
    5. Restrictions; Retained Rights.
      The Website(s), Pandorabots Content, and Pandorabots Platform are protected by United States intellectual property laws, including without limitation copyright laws, and international treaty provisions. You will not remove or alter any proprietary notices or marks on any Pandorabots Content or the Pandorabots Platform. You will not reverse engineer or attempt to extract the source code from any API, other Pandorabots Content, the Pandorabots Platform, or any related software, except to the extent that this restriction is expressly prohibited by applicable law. You also will not sublicense, lease, rent, loan, distribute, sell, transfer or make available the APIs or other Pandorabots Content or the Pandorabots Platform to any third party except as specifically permitted by these Terms. Pandorabots Content is licensed and not sold. Pandorabots reserves all rights not expressly granted in these Terms.
  8. Updates
     We reserve the right to modify or update the Website(s), Pandorabots Content and/or Pandorabots Platform at any time, for any reason, and without notice to you. If Pandorabots makes updates, revisions, breaking changes or in any way modifies an API or other Pandorabots Content, you agree that you are solely responsible for making changes to your Device or Application to ensure continued service for your End Users. We are constantly changing and improving our APIs and other Pandorabots Content. We may add or remove functionalities or features at our discretion, for any reason, and we do not guarantee that your Device or Application will function with any future or modified versions of any Pandorabots Content or the Pandorabots Platform.
  9. Branding and Attribution
    1. Pandorabots Brand.
      Except where expressly stated, these Terms do not grant either party any right, title or interest in or to the other party’s trade names, trademarks, service marks, logos, domain names, and other distinctive brand features (collectively, "Marks").
    2. Attribution.
      You agree to display any attribution(s) required by Pandorabots as described in any documentation for the APIs or other Pandorabots Content. Pandorabots grants to you a limited, freely revocable, nontransferable, nonsublicenseable, nonexclusive license during the term of your subscription to display Pandorabots’ Marks solely for the purpose of promoting or advertising your use of the APIs and other Pandorabots Content. You must only use the Pandorabots Marks in accordance with these Terms. You understand and agree that Pandorabots has the sole discretion to determine whether your attribution(s) and use of Pandorabots’ Marks is in accordance with the above requirements and any applicable guidelines.
    3. Publicity.
      You will not make any statement regarding your use of an API that suggests partnership with, sponsorship by or endorsement by Pandorabots without Pandorabots’ prior written approval.
    4. Promotional and Marketing Use.
      In the course of promoting, marketing, or demonstrating the APIs you are using, Pandorabots may produce and distribute incidental depictions, including screenshots or other content from your Application or Device, and may use your company or product name and logos. You hereby grant Pandorabots all necessary rights for these purposes.
  10. Termination
    1. Termination.
      You may change Your Plan or stop using our APIs and other Pandorabots Content at any time. If you want to terminate your account and these Terms, you must email us at legal@pandorabots.com and inform us of your intention to cancel your account ("Termination Notice"). You may download a copy of your Chatbot(s), i.e., AIML and Other Files, through the available online interfaces at any time prior to cancelling or deleting your account. Subject to the post-termination obligations and the surviving provisions set forth in these Terms, upon our written acknowledgement of our receipt of your Termination Notice, these Terms will terminate.
      Pandorabots has the right to immediately terminate these Terms or discontinue your use of the Website(s), Pandorabots Platform, the APIs and other Pandorabots Content or any portion or feature thereof for any reason and at any time without liability or other obligation to you. Upon any termination or expiration of these Terms or discontinuation of your access to any Pandorabots Content, you must immediately cease all use of the Pandorabots Platform, any Pandorabots Content (including the APIs), and Pandorabots Marks and delete all copies thereof.
    2. Surviving Provisions.
      When these Terms come to an end, those terms that by their nature are intended to continue indefinitely will continue to apply, including but not limited to: Sections 3 – 8, 9A, 9C, 9D, 10B, and 11 - 14.
  11. No Warranties
     THE PANDORABOTS CONTENT AND PANDORABOTS PLATFORM ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. USE OF THE PANDORABOTS CONTENT AND PANDORABOTS PLATFORM IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PANDORABOTS CONTENT AND PANDORABOTS PLATFORM ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM WITH OR THROUGH THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED HEREIN. WITHOUT LIMITING THE FOREGOING, PANDORABOTS, ITS SUBSIDIARIES, ITS AFFILIATES, AND ITS LICENSORS DO NOT WARRANT THAT THE PANDORABOTS CONTENT IS ACCURATE, RELIABLE OR CORRECT; THAT THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM WILL MEET YOUR REQUIREMENTS; THAT THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM WILL BE AVAILABLE AT ANY PARTICULAR TIME OR LOCATION, UNINTERRUPTED OR SECURE; THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR THAT THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM IS DOWNLOADED AND USED AT YOUR OWN RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR MOBILE DEVICE OR LOSS OF DATA THAT RESULTS FROM SUCH DOWNLOAD OR YOUR USE OF THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM.
    YOU ARE SOLELY RESPONSIBLE FOR BACKING UP YOUR DATA AND YOUR FILES, AND MUST NOT RELY ON US TO STORE, BACKUP, OR MAKE AVAILABLE TO YOU YOUR DATA OR YOUR FILES, INCLUDING BUT NOT LIMITED TO TALKLOGS, AIML AND OTHER FILES.
    FEDERAL LAW, SOME STATES, PROVINCES AND OTHER JURISDICTIONS DO NOT ALLOW EXCLUSIONS AND LIMITATIONS OF CERTAIN IMPLIED WARRANTIES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
  12. LIMITATION OF LIABILITY
     TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PANDORABOTS, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS OR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, THAT RESULT FROM THE USE OF, OR INABILITY TO USE, THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM. UNDER NO CIRCUMSTANCES WILL PANDORABOTS BE RESPONSIBLE FOR ANY DAMAGE, LOSS OR INJURY RESULTING FROM HACKING, TAMPERING OR OTHER UNAUTHORIZED ACCESS OR USE OF THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM OR YOUR ACCOUNT OR THE INFORMATION CONTAINED THEREIN.
    TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PANDORABOTS ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY (I) ERRORS, MISTAKES, OR INACCURACIES OF THE PANDORABOTS CONTENT; (II) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO OR USE OF THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM; (III) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION STORED THEREIN; (IV) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM; (V) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM BY ANY THIRD PARTY; (VI) ANY ERRORS OR OMISSIONS IN ANY PANDORABOTS CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY PANDORABOTS CONTENT OR OTHER CONTENT OR DATA TRANSMITTED OR OTHERWISE MADE AVAILABLE THROUGH THE PANDORABOTS PLATFORM; AND/OR (VII) CUSTOMER DATA OR THE DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF ANY THIRD PARTY. IN NO EVENT SHALL PANDORABOTS, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS, OR LICENSORS BE LIABLE TO YOU FOR ANY CLAIMS, PROCEEDINGS, LIABILITIES, OBLIGATIONS, DAMAGES, LOSSES OR COSTS IN AN AMOUNT EXCEEDING THE AMOUNT YOU PAID TO PANDORABOTS HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE DATE THE LAST CAUSE OF ACTION AROSE OR $9.00, WHICHEVER IS GREATER.
    THIS LIMITATION OF LIABILITY SECTION APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS, EVEN IF PANDORABOTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION.
    SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. THIS AGREEMENT GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE. THE DISCLAIMERS, EXCLUSIONS, AND LIMITATIONS OF LIABILITY UNDER THIS AGREEMENT WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
    In using the Pandorabots Content and Pandorabots Platform, you must design and test your Devices and Applications to ensure that your Devices and Applications do not present risks of personal injury or death, property damage, or other losses. You must implement all reasonable security measures to ensure that no third party may gain unauthorized access to the Pandorabots Platform or Pandorabots Content. If you choose to use the Pandorabots Content or Pandorabots Platform in any way, you assume all risk that your use of the Pandorabots Content or Pandorabots Platform causes any damage, harm, injury, or loss, including without limitation to any End Users or other individuals or property. You agree that you are solely responsible for any damage, harm, injury, or loss arising from or relating to your Device or Application or your use of any Pandorabots Content or the Pandorabots Platform, and you agree to hold us harmless from all such damage, harm, injury, or loss.
  13. Indemnification
     You agree to defend, indemnify and hold harmless Pandorabots and its subsidiaries, agents, licensors, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from or related to:  (i) your use of and access to the Pandorabots Content (including the APIs) or Pandorabots Platform, including any data or content transmitted or received by you; (ii) your violation or alleged violation of any term of these Terms, including without limitation your breach of any of the representations and warranties above; (iii) any violation of any third-party right, including without limitation any right of privacy or intellectual property rights, by you, your Customer Data, Device, or Application, or any use thereof; (iv) your violation of any applicable law, rule or regulation; (v) any of your Customer Data or any that is transmitted via your account; (vi) any personal injury or property damage arising from or relating to your use of the Pandorabots Content or Pandorabots Platform or any authorized or unauthorized use of your Device or Application; or (vii) any other party’s access and use of the Pandorabots Content or Pandorabots Platform with your unique username, password or other appropriate security code.  
  14. Other Legal Terms and Conditions
    1. Independent Development.
      These Terms do not impair Pandorabots’ right to develop, manufacture, purchase, use or market, directly or indirectly, alone or with others, products or services competitive with those offered by you.
    2. Confidential Information.
      Our communications to you may contain Pandorabots confidential information. If you receive any materials or communications that are clearly confidential or marked confidential, then you will not disclose the Pandorabots confidential information to any third party without Pandorabots’ prior written consent.
    3. Notifications and Modification.
      Pandorabots may provide notifications, whether such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through posting of such notice on our website, as determined by Pandorabots in our sole discretion. Pandorabots reserves the right to determine the form and means of providing notifications to our users. Pandorabots is not responsible for any automatic filtering you or your network provider may apply to email notifications we send to the email address you provide us. Pandorabots may, in its sole discretion, modify or update these Terms from time to time, and so you should review this page periodically. When we change these Terms in a material manner, we will update the ‘last modified’ date at the top of this page. Your continued use of the Pandorabots Content or Pandorabots Platform after any such change constitutes your acceptance of the new Terms of Service. If you do not agree to any of these Terms or any future Terms of Service, do not use or access (or continue to access) the Pandorabots Content or Pandorabots Platform.
    4. HIPPA Compliance.
      You understand and agree that the Pandorabots Platform is not HIPPA compliant and such compliance is not expected to be included within the Services unless otherwise agreed in writing.
    5. Governing Law.
      These Terms shall be governed by the internal substantive laws of the State of California, without respect to its conflict of laws principles. The parties acknowledge that these Terms evidence a transaction involving interstate commerce. Notwithstanding the preceding sentences with respect to the substantive law, any arbitration conducted pursuant to these Terms shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16). The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. You agree to submit to the personal jurisdiction of the federal and state courts located in Alameda County, California for any actions for which we retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of our copyrights, trademarks, trade secrets, patents, or other intellectual property or proprietary rights, as set forth in the Arbitration provision below, including any provisional relief required to prevent irreparable harm. You agree that Alameda County, California is the proper forum for any appeals of an arbitration award or for trial court proceedings in the event that the arbitration provision below is found to be unenforceable.
    6. Arbitration.
      READ THIS SECTION CAREFULLY BECAUSE IT REQUIRES THE PARTIES TO ARBITRATE THEIR DISPUTES AND LIMITS THE MANNER IN WHICH YOU CAN SEEK RELIEF FROM PANDORABOTS. For any dispute with Pandorabots, you agree to first contact us at legal@pandorabots.com and attempt to resolve the dispute with us informally. In the unlikely event that Pandorabots has not been able to resolve a dispute after sixty (60) days, we each agree to resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief as provided below) arising out of or in connection with or relating to these Terms, or the breach or alleged breach thereof (collectively, "Claims"), by binding arbitration by JAMS, Inc. ("JAMS"), under the Optional Expedited Arbitration Procedures then in effect for JAMS, except as provided herein. JAMS may be contacted at www.jamsadr.com. The arbitration will be conducted in Alameda County, California, unless you and Pandorabots agree otherwise. If you are using the Pandorabots Content or Pandorabots Platform for commercial purposes, each party will be responsible for paying any JAMS filing, administrative and arbitrator fees in accordance with JAMS rules, and the award rendered by the arbitrator shall include costs of arbitration, reasonable attorneys’ fees and reasonable costs for expert and other witnesses. If you are an individual using the Pandorabots Content or Pandorabots Platform for non-commercial purposes: (i) JAMS may require you to pay a fee for the initiation of your case, unless you apply for and successfully obtain a fee waiver from JAMS; (ii) the award rendered by the arbitrator may include your costs of arbitration, your reasonable attorney’s fees, and your reasonable costs for expert and other witnesses; and (iii) you may sue in a small claims court of competent jurisdiction without first engaging in arbitration, but this does not absolve you of your commitment to engage in the informal dispute resolution process. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed as preventing Pandorabots from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of our data security, intellectual property rights or other proprietary rights.
    7. Class Action/Jury Trial Waiver.
      WITH RESPECT TO ALL PERSONS AND ENTITIES, REGARDLESS OF WHETHER THEY HAVE OBTAINED OR USED THE PANDORABOTS CONTENT OR PANDORABOTS PLATFORM FOR PERSONAL, COMMERCIAL OR OTHER PURPOSES, ALL CLAIMS MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION OR OTHER REPRESENTATIVE PROCEEDING. THIS WAIVER APPLIES TO CLASS ARBITRATION, AND, UNLESS WE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS. YOU AGREE THAT, BY ENTERING INTO THIS AGREEMENT, YOU AND PANDORABOTS ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND.
    8. General Legal Terms.
      These Terms control the relationship between Pandorabots and you. They do not create any third party beneficiary rights. If the Pandorabots Content or Pandorabots Platform is licensed to the United States government or any agency thereof, then the Pandorabots Content and Pandorabots Platform will be deemed to be "commercial computer software" and "commercial computer software documentation," respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212, as applicable. Any use, reproduction, release, performance, display or disclosure of the Pandorabots Content or Pandorabots Platform and any accompanying documentation by the U.S. Government will be governed solely by the terms and conditions of these Terms and is prohibited except to the extent expressly permitted by the terms and conditions of these Terms. The Pandorabots Content and Pandorabots Platform originate in the United States, and are subject to United States export laws and regulations. The Pandorabots Content and Pandorabots Platform may not be exported or re-exported to certain countries or those persons or entities prohibited from receiving exports from the United States. In addition, the Pandorabots Content and Pandorabots Platform may be subject to the import and export laws of other countries. You agree to comply with all United States and foreign laws related to use of the Pandorabots Content and the Pandorabots Platform. No waiver of any term of these Terms shall constitute a further or continuing waiver of such term or any other term, and Pandorabots’ failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision. These Terms and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by Pandorabots without restriction. Any attempted transfer or assignment in violation hereof shall be null and void. These Terms, together with any amendments and any additional agreements you may enter into with Pandorabots in connection with the Pandorabots Content or Pandorabots Platform, shall constitute the entire agreement between you and Pandorabots concerning the Pandorabots Content and Pandorabots Platform. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect, except that in the event of unenforceability of the universal Class Action/Jury Trial Waiver, the entire arbitration agreement shall be unenforceable.
    9. Contact.
      Please contact us at legal@pandorabots.com with any questions regarding these Terms.

Privacy Policy

Pandorabots, Inc. provides a software platform that enables anyone to build, host, and deploy chatbots for use in devices and software applications (the “Pandorabots Platform”). We take certain measures to protect the privacy of all visitors, users and others who access our Service (“you,” or “Users”). This Privacy Policy applies to our website located at https://www.pandorabots.com/  and any other websites owned and/or operated by Pandorabots, Inc., and the Pandorabots Platform (collectively, our “Service”).

  1. INFORMATION WE COLLECT
     Generally
    We collect personal information from our users in order to provide you with a personalized, useful and efficient experience. The categories of information we collect can include:

    1. Information you provide to Pandorabots’ website(s) We may collect and store personal information you provide to our Service when you register for an account or provide to us in some other manner, including your name, email address, phone number, user name and password, when you register for our Service, request a demo or contact us for information about our Service. If we provide forums, blogs or bulletins that allow for user-generated content, we may also collect and retain personal information that you provide in relation to such content. We may also collect any communications between you and Pandorabots, as well as any information you provide if you take part in any interactive features of the Service (e.g., games, contests, promotions, surveys, etc.).

    2. Information we receive from social networking sites  When you interact with our site through various social media, such as when you login through Facebook, Twitter, Google, Github, or Yahoo, or interact with us on Facebook, Twitter, Medium, Youtube, Github, or other social media,  we may receive information from the social network including your profile information, profile picture, gender, user name, user ID associated with your social media account, age range, language, country, friends list, and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.

    3. Information we may receive about others Through the course of providing our Service to you through the Pandorabots Platform, you may provide us with information from or about your end users, including, but not limited to, Talklog data. In all of these cases, our software has been integrated into your product or application and we are handling Customer Data solely on your behalf for the purpose of providing the Service and in accordance with our agreements with you, our customer. For clarity, and without limitation, the collection of Customer Data is not governed by this Privacy Policy.

    We use this information to operate, maintain, and provide to you the features and functionality of the Service, to process your requests, to operate, maintain, analyze and improve our site and Service, and to communicate directly with you and offer products and services to you. We may also send you Service-related emails or messages (e.g., account verification, payment confirmations, change or updates to features of the Service, technical and security notices). For more information about your communication preferences, see “Your Choices Regarding Your Information” below.
     Use of cookies and other technology to collect information
    We automatically collect certain types of usage information when you visit our website or use our Service. When you visit the website, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us to track your usage of the Service over time. We may collect log file information from your browser or mobile device each time you access the Service. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our Users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Service.
    When you access our Service by or through a mobile device, we may receive or collect and store a unique identification numbers associated with your device (“Device ID”), mobile carrier, device type and manufacturer, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device.
    We use or may use the data collected through cookies, log file, device identifiers, location data and clear gifs information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including advertising; (c) provide and monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website and our Service; (e) diagnose or fix technology problems; and (f) otherwise to plan for and enhance our service.
  2. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
     We may share your personal information in the instances described below. For further information on your choices regarding your information, see the “Your Choices Regarding Your Information” section below.
    We may also share your personal information with:

    1. Other companies owned by or under common ownership as Pandorabots, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this Policy;

    2. Third party vendors, consultants and other service providers that perform services on our behalf, in order to carry out their work for us, which may include identifying and serving targeted advertisements, content or service fulfillment, billing, or providing analytics services;

    3. Our business partners who offer a service to you jointly with us, for example, when running a co-sponsored contest or promotion;

    4. Third parties at your request. For example, you may have the option to link your information on our Service with your friends via email or social media;

    5. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings; and

    6. Third parties as required to (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of Pandorabots, its users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal, security or technical issues.

    We may also share information, including Customer Data, with others in an aggregated and anonymous form that does not reasonably identify you directly as an individual.
  3. YOUR CHOICES REGARDING YOUR INFORMATION

    1. Marketing Communications If you do not wish to receive promotional emails, you can click the “unsubscribe” button on promotional email communications. Note that you are not permitted to unsubscribe or opt-out of non-promotional messages regarding your account, such as account verification, billing confirmations, change or updates to features of the Service, or technical and security notices.

    2. Online Advertising  We may permit third party online advertising networks to collect information about your use of our website over time so that they may play or display ads that may be relevant to your interests on our Service as well as on other websites or apps. Typically, the information we share is provided through cookies or similar tracking technologies. The only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device. Please refer to your browser’s or mobile device’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. (To learn more about cookies, clear gifs/web beacons and related technologies, you may wish to visit https://www.allaboutcookies.org  and/or the Network Advertising Initiative’s online resources, at https://www.networkadvertising.org ). Depending on your mobile device, you may not be able to control tracking technologies through settings.

    3. Data Retention  We will retain your information for as long as your account is active or as needed to provide you services. Following termination or deactivation of your account, we may retain information for a commercially reasonable time for backup, archival, and/or audit purposes. Please contact us at legal@pandorabots.com if you wish to delete your account. Please be aware that we will not be able to delete any content you have shared with others or with social media sites.

  4. SECURITY AND STORAGE OF INFORMATION
     Pandorabots cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
    Your information collected through the Service may be stored and processed in the United States or any other country in which Pandorabots or its subsidiaries, affiliates or service providers maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. or any other country in which Pandorabots or its parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.
  5. PERSONS UNDER THE AGE OF 13
     Pandorabots does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Service. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information collected from a child under 13, please contact us at legal@pandorabots.com .
  6. LINKS TO THIRD PARTY WEBSITES
     The Service may contain links to and from third party websites of our business partners, advertisers, and social media sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
  7. UPDATES TO THIS POLICY
     We reserve the right to modify this Policy from time to time. If we make any changes to this Policy, we will change the "Last Revision" date below and will post the updated Policy on this page.
  8. CONTACTING US
     If you have questions about this Policy, please contact us at legal@pandorabots.com .
  9. GDPR

    Pandorabots is GDPR compliant.

    On May 25th, 2018, the EU General Data Protection Regulation (GDPR) went into effect. These new regulations harmonized data privacy laws across Europe and brought data protection rights for all members of the European Union.

    Here at Pandorabts we completely support the privacy rights of our customers and our customers' users. Under GDPR guidelines, Pandorabots acts as a Data Processor. Listed below is how we are adhering to the GDPR specification.

    To reflect new GDPR compliance Pandorabots now offers:

    • DPAs available as separately executed agreements
    • Right of access
    • Right to erasure ("right to be forgotten")
    • Sub-processor compliance

    We have appointed a DPO that can be reached at privacy@pandorabots.com should you have any questions, right of access, right to erasure, DPA draft copy, or other requests.

    Pandorabots is headquartered in the USA so any information you provide will be processed and stored in the USA unless otherwise specified (e.g., in a separate Enterprise Agreement provisioning AWS instances in the EU to prevent data transfer outside the EU). If you are in the European Union or European Economic Area, this may mean that your personal information will be stored ina jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction that you are typically a resident in.

    If we transfer information from the European Union to third parties outside the European Union and to countries not subject to schemes which are considered as providing an adequate data protection standard, we will either enter into contracts which are based on the EU Standard Contractual Clauses with these parties or transfer information under the scope of the EU/US Privacy Shield.

    If you wish to inquire further about the safeguards we use, please contact us using privacy@pandorabots.com. We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this Privacy Policy.
  10. LAST REVISION DATE
     This policy was last revised on May 25, 2018.

Pandorabots Security Policy

At Pandorabots the security of our platform, your data, and your customers’ data is critically important to us. We adhere to industry standard policies, outlined below. For any questions, concerns, or to report a vulnerability, please email us at security@pandorabots.com.

Information Security Management Program

Pandorabots maintains a comprehensive Information Security Management Program run by the Information Security Officer (ISO), who reports directly to the CIO. Internal policies include:

  • Incident Response Plan
  • Information Security Roles and Responsibilities
  • Clean Desk Policy
  • Computer and Email Usage Policy
  • Internet Usage Policy
  • Password Protection Policy
  • Social Media Usage Policy

All Pandorabots personnel undergo background checks, and privacy and security training with respect to these policies, including training on the OWASP Top 10 application security risks. The NIST CyberSecurity Framework (NIST CSF), developed by the U.S National Institute of Standards and Technology, is used to guide and manage our cybersecurity-related risks.
Copies of all policies can be made available to select Enterprise Customers on written request.

Infrastructure and Network Security

Servers

Pandorabots hosts all of our production services on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers, that include:

  • Alarms
  • Outer Perimeter Fencing that is crash-rated for vehicles
  • Electronic Access Cards
  • Video Surveillance
  • Internal Trip-Lights

Please refer to Amazon’s AWS Security Whitepaper for more details. Pandorabots staff do not have physical access to AWS services, nor do we run our own production servers, DNS servers, data centers, network equipment, storage, databases, autoscalers, or load balancers.

The TLS certificates for our production servers are 2048 bit RSA, signed with SHA256. We use firewalls, security groups, and IP address whitelisting to limit access to servers and databases. We implement Distributed Denial of Service (DDoS) mitigation by conforming to AWS resilient reference architectures through the use of AWS Shield, Route53, auto scaling, and load balancers. We follow industry best practices by using strong cipher suites on our servers.

The physical location (region) of AWS servers depends on where your bot is deployed. Amazon does not disclose the precise address of their data centers for security purposes. We are able to stand up regional instances for Enterprises concerned with data flow outside their country. (For example, we can run on AWS instances in Dublin to prevent data flow outside of the EU. For further information on GDPR compliance please see Section 9 of our Privacy Policy.)

We run currently active LTS Ubuntu on all our servers and use a combination of automated and manual inspection to determine if new vulnerabilities are introduced in the software packages on our systems. We use AWS Inspector on a weekly scanning routine to automatically alert to new security vulnerabilities. Our platform team ingests these alerts and prioritizes remediation according to our internal Security Vulnerability Identification documentation.

Logical Access Control

Pandorabots maintains full control over its AWS infrastructure, and only authorized personnel have access to configure infrastructure for incident response or adding new functionality as needed, according to principles of least privilege.

Penetration Testing

Pandorabots undergoes regular penetration testing by independent third parties provided with an overview of the application architecture and system endpoints. Results are reported to the ISO and Pandorabots senior management, and used to set mitigation and remediation priorities. Select Enterprise Clients may be permitted contractually to access the results of routine penetration tests, or commission their own independent, additional third party tests.

Third-Party Audits

Amazon Web Services undergoes third-party independent audits and can provide verification of compliance controls, including but not limited, to: ISO 270001, SOC 2, and PCI.

Intrusion Detection

Pandorabots employs industry standard intrusion detection and prevention systems which alert us to any suspicious activity. All activity is closely monitored via AWS tools and Zabbix monitoring software. Any alerts are then investigated, escalated, and responded to accordingly.

Backup and Disaster Recovery Procedures

Uptime and Service Levels

Pandorabots uses properly-provisioned, redundant servers (i.e., multiple load balancers, web services, replica databases) to ensure appropriate failover and backup mechanisms are in place. Maintenance is conducted during the published routine window, and advance notice is provided for any planned non-routine maintenance. Enterprise Customers may contractually specify alternate routine maintenance windows optimized for their volumes and time zones, and can be provided uptime guarantees of +99.9% under a separate Service Level Agreement.

Backups

Pandorabots creates routine backups of our databases, and critical logs and files, enabling the easy and seamless restoration of the system in the event of data corruption or loss.

Disaster Recovery

Pandorabots maintains a comprehensive Disaster Recovery Plan policy to ensure that any disruption or damage to critical IT services or equipment are recoverable to the right level and within the right timeframe to return to normal operations with a minimal business impact. Our Disaster Recovery Plan can be made available to Enterprise Customers upon written request.

Data Flow

Data into System

Pandorabots provides a RESTful API that can only be accessed via HTTPS to prevent eavesdropping or man-in-the-middle attacks. API access requires an account specific user key. We also provide a public bot key to prevent exposure of user secrets when passed over the network (or viewed in a browser) and support domain whitelisting via the use of referrer filters.

Data through System

Data from end-user chat platforms is sent to the Pandorabots Platform via TLS 1.2. Data is AES-256 encrypted at rest.

Data out of System

Pandorabots maintains intelligent network firewall rules at the infrastructure level that limit the surface for data extraction. We vet preferred partners and integrations to ensure they comply with necessary security regulations (GDPR, PCI, etc), before transferring data for processing.

Data Security and Privacy

Data Encryption

Data in Pandorabots servers is automatically encrypted at rest using AWS EBS Encryption via our master encryption key stored in AWS Key Management Service. Volumes are encrypted in AWS using the industry-standard AES-256 algorithm. Pandorabots only sends data over TLS 1.2 or greater, and never downgrades connections to insecure TLS methods (SSLv3 or TLS 1.0).

Data Removal

Data may be retained after termination of service unless otherwise specified in an Enterprise Contract or GDPR request. If data is kept after termination of service for purposes of making platform improvements Pandorabots will scrub all personally identifiable information (PII) to the extent possible, including data like usernames, emails, phone numbers, etc.

Personally Identifying Information (PII)

The types of personally identifying information (PII) that Pandorabots receives is often dictated by third-parties beyond our control, including, for example: (a) what an end-user chooses to disclose to a bot during a conversation and (b) what a messaging or voice platform makes available about its end-users for purposes of providing or personalizing its services.
Pandorabots discourages and in some cases prohibits sending certain types of PII to our servers (which should be redacted by your application); however, Pandorabots can support the redaction or deletion of PII for Enterprise Customers upon request. Contact us to learn more.

Application Security

Website and Login

Pandorabots supports Single Sign On via OAuth 2 and email login with industry standard password requirements. Additional SSO methods can be supported as required. Passwords are stored in our databases using a secure one-way salted hash. Account sign in attempts are rate limited to counter brute force password attacks. We log successful and unsuccessful login attempts in order to identify anomalous activity. We enforce HTTPS for our website pages.

Secure Application Development

Pandorabots practices continuous delivery, which means all code changes are committed, tested, shipped, and iterated on in rapid sequence. A continuous delivery methodology, complemented by pull request reviews, continuous integration (CI), security scanning, and error tracking, decreases the likelihood of security issues and improves response times to security vulnerabilities. Internally, Pandorabots enforces at least one authorized reviewer for all code changes, and deployments to our production environment are gated under condition that all code is reviewed.

Compliance and Certification

PCI DSS

All payment and credit card information is processed by Braintree, a validated Level 1 PCI DSS compliant service provider. Pandorabots does not process or store any payment details.

GDPR

Pandorabots is GDPR compliant; please see Section 9 of our Privacy Policy for more details. In the event of a data breach affected customers will be notified within 72 hours where feasible.

Third-Party and Open-Source Software Used

Open-source is a core component of our company culture. We are extremely grateful to those who share our values and their code.