Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

We collect only what is necessary to operate the e2a.bot platform:

  • Email address — for account creation, OTP authentication, and transactional notifications.
  • API usage metadata — sandbox creation timestamps, duration, resource consumption, and billing events.
  • Payment information — processed by Stripe. We do not store card numbers or bank details.

2. Sandbox Data & Isolation

Each sandbox runs in an isolated Firecracker microVM on dedicated KVM baremetal. Sandboxes cannot access the host filesystem, network, or other sandboxes. Sandbox data is ephemeral — all contents are destroyed when the sandbox terminates. No sandbox data is logged, inspected, or retained by e2a.bot.

3. Workspace Storage (S3)

If you opt in to workspace persistence, files are stored in Amazon S3 buckets scoped to your account. Workspace data is encrypted at rest (AES-256) and in transit (TLS 1.2+). You control what is stored and can delete workspace data at any time via the API or dashboard. Workspace storage is billed at the published credit rate.

4. LLM API Keys

When you use the BYO LLM key feature, your API keys (OpenAI, Anthropic, etc.) are injected as environment variables at sandbox boot and passed through to your workload at runtime. Keys are never written to disk, logged, or stored by e2a.bot infrastructure.

5. Cookie Policy

e2a.bot does not use cookies. Authentication tokens (JWT) are stored in browser localStorage and are scoped to the e2a.bot origin. We do not use tracking cookies, analytics beacons, or third-party advertising pixels.

6. Data Retention

  • Account data is retained while your account is active.
  • Billing records are retained for 7 years (tax compliance).
  • Sandbox data is destroyed immediately on termination.
  • Workspace (S3) data is deleted within 30 days of account closure or on-demand via the API.

7. Third-Party Services

  • AWS — infrastructure (EC2, S3, Firecracker). Data processed in ap-southeast-1 (Singapore).
  • Stripe — payment processing. Subject to Stripe's Privacy Policy.

8. Your Rights

You may request export or deletion of your account data at any time by contacting privacy@e2a.bot. We respond to requests within 30 days.

9. Contact

For privacy-related questions, contact privacy@e2a.bot.