Privacy Policy

SonderSpot OÜ ("we", "us", "our") operates the Nanoswarm mobile application and the service at https://nanoswarm.net. This policy describes how we collect, use, and protect your information.

1. Information We Collect

• Account information: When you sign in with Apple or Google, we receive your name and email address as provided by the identity provider. Guest accounts do not collect personal information.
• Bot configuration: Telegram bot tokens, personality settings, and instance configuration you provide when creating nanobots.
• Usage data: Server logs that record API requests, error events, and aggregate usage metrics. These logs do not include message content handled by your bots.
• Conversation data: When you message your nanobot on Telegram, those messages are routed from Telegram through our server infrastructure to the AI model provider for response generation. This processing occurs entirely server-side — the Nanoswarm iOS app does not send, receive, or display conversation content. Your nanobots may retain conversation context to improve their responses; this data is removed when you delete the nanobot instance. The specific provider is determined by the model you select (see Section 4).

2. How We Use Your Information

• To authenticate you and manage your account
• To provision and operate your nanobot instances
• To route your bot's Telegram conversations server-side through third-party LLM providers in order to generate AI responses
• To monitor service health and debug issues

3. Data Security

Telegram bot tokens are encrypted at rest using AES-256-GCM on our servers. All communication between the app and our servers uses TLS encryption. On iOS, authentication tokens are stored in the Keychain via the platform secure store; on web, they are stored in the browser's local storage.

4. Third-Party Services

Nanoswarm integrates with the following third-party services:

• Apple Sign In — for authentication (subject to Apple's Privacy Policy)
• Google Sign In — for authentication (subject to Google's Privacy Policy)
• Telegram Bot API — to operate your bots (subject to Telegram's Privacy Policy)
• Composio — integration connection and tool execution layer for enabled third-party integrations (subject to Composio's Privacy Policy)
• RevenueCat — for subscription management; receives only your anonymous user ID (subject to RevenueCat's Privacy Policy)

We do not use any analytics, advertising, or crash-reporting SDKs.

4a. AI Model Providers

Your bot's Telegram conversations are processed server-side by third-party large language model (LLM) providers. All LLM traffic is routed through OpenRouter, an API routing service, which forwards requests to the upstream provider for the model you select. The bot's personality configuration (role, communication style, and instructions you define in the app) is included as context in these requests. No personal account information (name, email) is sent to AI providers.

If you enable integrations (for example Gmail or Calendar), integration content may be transmitted through Composio as part of tool execution on your bot's behalf.

When you choose a model — during onboarding or in your bot's settings — the provider name is displayed alongside the model name. Current providers include, but are not limited to:

• Anthropic — Claude models (subject to Anthropic's Privacy Policy)
• OpenAI — GPT models (subject to OpenAI's Privacy Policy)
• Moonshot AI — Kimi models (subject to Moonshot's Privacy Policy)

We may add or remove available models and providers over time. The app always shows the current provider for each model on the model selection screen. The model you select determines which provider processes your bot's Telegram conversations on our servers.

5. Account Deletion

You can delete your account at any time from the Settings screen in the app. Deleting your account permanently removes your user record, all authentication tokens, and all nanobot instances you own — including their configuration and runtime data. Deletion is immediate.

5a. Your Control Over AI Data Processing

You can control how your bot's conversations are processed by AI providers in the following ways:

• Model selection: You choose which AI model (and therefore which provider) processes your bot's conversations. You can change models at any time from the Model screen in the app.
• Stop your bot: Stopping or deleting a nanobot immediately halts all conversation processing by the associated AI provider.
• Delete your account: Deleting your account removes all bots and stops all AI processing on your behalf.

Note that data already processed by a third-party provider is subject to that provider's data retention policies.

6. Data Retention

We retain your data only for as long as your account is active. Server logs are retained for up to 30 days for debugging purposes. After account deletion, all associated data is removed immediately.

7. Children's Privacy

Nanoswarm is not directed at persons under 18. We do not knowingly collect personal information from anyone under 18.

8. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

9. Governing Law

This policy is governed by the laws of the Republic of Estonia.

10. Contact Us

If you have questions about this policy, please contact us.