Privacy Policy

Last updated: March 21, 2026

This Privacy Policy describes how Botmakers LLC(“Company,” “we,” “us,” or “our”), operating the Hipa.ai platform (“Service”), collects, uses, discloses, and protects your information. Botmakers LLC is a Delaware limited liability company located at 2093 Philadelphia Pike #1986, Claymont, DE 19703.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, password, professional credentials (BCBA/RBT certification numbers), and organization details when you register.
• Professional data: Job search preferences, saved listings, and career-related information you provide.
• Communications: Information you provide when contacting support or providing feedback.

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, session duration, and interaction patterns.
• Device and browser information: IP address, browser type, operating system, and device identifiers.
• Cookies and similar technologies: We use essential cookies for authentication and session management. See Section 7 for details.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Display job listings, salary data, company profiles, and workforce intelligence.
• Maintain your account: Authenticate your identity, manage permissions, and process payments.
• Improve the Service: Analyze aggregate, de-identified usage patterns to improve features and performance.
• Communicate with you: Send account notifications, security alerts, and respond to support requests.
• Comply with legal obligations: Respond to lawful requests from regulatory authorities and enforce our Terms of Use.

3. Data Security

We implement administrative, physical, and technical safeguards to protect your data, including:

• Encryption: TLS 1.2+ encryption in transit for all data. Account data is encrypted at rest.
• Infrastructure: All data is hosted on Microsoft Azure with managed identity authentication.
• Access controls: Role-based access control, multi-factor authentication support, and session management with automatic expiration.
• Audit logging: Access to account data is logged and auditable.

While we take extensive measures to protect your data, no system is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach as required by law.

4. Data Retention

• Account data: Retained for as long as your account is active, plus 30 days after account closure to allow data export.
• Usage data: Retained in aggregate, de-identified form for up to 24 months for analytics purposes.
• Backups: Encrypted backups are retained for up to 30 days and then permanently destroyed.

5. Data Sharing and Disclosure

We do not sell your personal information or clinical data. We may share information only in the following circumstances:

• Service providers: With trusted third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, email delivery). These vendors are contractually bound to protect your data.
• Legal requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets. You will be notified of any such transfer.
• With your consent: When you explicitly authorize sharing with a specific third party.

6. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies: Used to understand how the Service is used in aggregate. These can be disabled through your browser settings.

We do not use advertising cookies or trackers. We do not sell data to advertisers or ad networks.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Export: Request a machine-readable export of your data.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

9. State-Specific Disclosures

California (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a request, contact [email protected].

European Economic Area (GDPR)

If you are in the EEA, our legal bases for processing include contract performance (providing the Service), legitimate interests (improving the Service), and consent (where applicable). You may lodge a complaint with your local data protection authority.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Botmakers LLC
2093 Philadelphia Pike #1986
Claymont, DE 19703
[email protected]