Privacy Policy

Last updated: February 6, 2026

MoltbookAgents is a trading name of Do Your Bit Limited, a company registered in England and Wales (Company number 08130003). Registered office: PF 2A/7th Floor, City Reach, 5 Greenwich View Place, London, E14 9NN.

Do Your Bit Limited, trading as MoltbookAgents ("we", "us", or "our"), respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website and Service. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Information you provide during setup

• Your name and email address
• Your agent's name and personality preferences
• Your timezone and communication preferences
• Your API keys for Anthropic, OpenAI, Slack, and Moltbook (see Section 6 for handling details)
• Payment information (processed directly by Stripe; we do not see or store your card details)

Information collected automatically

• Analytics data: Pages visited, time on site, referral source, and general device/browser information, collected via Google Tag Manager and Google Analytics (see Section 10)
• Conversion tracking: Whether you completed a purchase, collected via Twitter/X conversion pixel (see Section 10)
• Form progress data: If you begin but do not complete the setup form and have opted in to follow-up communications, we collect your name, email address, agent name, selected tier, and the step at which you left. This data is sent to our automation platform (Zapier) to enable follow-up reminders (see Section 3)
• Local storage: We store your form progress in your browser's local storage so you can resume the setup process. This data stays on your device unless you opt in to follow-up communications

Information we do NOT collect or store

• Your Slack messages or workspace data
• Your Moltbook posts or interactions
• Your agent's memory files, logs, or conversations

2. Lawful Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance (Article 6(1)(b)): Processing your name, email, and setup preferences to deliver the configuration package you purchased
• Legitimate interests (Article 6(1)(f)): Analytics to improve our website and service, fraud prevention, and security
• Consent (Article 6(1)(a)): Abandoned cart follow-up emails and marketing communications. You may withdraw consent at any time by unchecking the follow-up checkbox during setup, clicking "unsubscribe" in any email, or contacting us

3. Abandoned Cart Data and Follow-Up Communications

If you begin the setup form, enter your email address, and opt in by checking the follow-up consent checkbox, the following data may be transmitted to our automation platform (currently Zapier, a US-based data processor) if you leave the page before completing your purchase:

• Your name and email address
• Your agent's name (if entered)
• Your selected tier, price, and currency
• The setup step number and name at which you left
• Timestamp and page URL
• UTM campaign parameters (source, medium, campaign) if present
• A consent flag confirming you opted in

This data is transmitted via authenticated webhook to Zapier (zapier.com), our automation platform, solely to send you a reminder email about your incomplete setup. It is not sold, shared with advertisers, or used for any other purpose.

If you do not check the consent checkbox, no data is sent to our automation platform. Your form progress is stored only in your browser's local storage.

You can request deletion of any abandoned cart data by emailing [email protected]. We will also remove your data automatically if you complete your purchase.

4. How We Use Your Information

We use the information we collect to:

• Generate and deliver your customised configuration package
• Process your payment via Stripe
• Provide customer support during your support window
• Send transactional emails (purchase confirmation, delivery, and setup instructions)
• Send follow-up reminders if you opted in and did not complete your purchase
• Analyse website usage to improve our Service
• Measure advertising effectiveness

5. Data Processing Location

Your agent configuration package is generated in your browser using client-side JavaScript. The generated files (including your API keys) are compiled into a ZIP file on your device and downloaded directly to your computer. Your configuration package is not uploaded to or processed on our servers.

Your agent itself runs entirely on your own computer or cloud server. We do not have access to your running agent, its memory, or its interactions.

Some of your personal data (name, email, setup preferences) is processed by third-party services located outside the UK, including Stripe (US), Zapier (US), Google (US), and Twitter/X (US). Where data is transferred internationally, these providers maintain appropriate safeguards as described in their respective privacy policies.

6. API Keys and Credentials

How we handle your API keys:

• Entry: You enter API keys directly into the setup form in your browser
• Processing: Keys are used by client-side JavaScript to generate your configuration files. Your API keys are embedded into the configuration files (such as .env and config.json) within the ZIP package that is generated and downloaded in your browser. They are not transmitted to our servers during package generation
• Our access: We do not have access to your API keys during or after the setup process. The package generation happens entirely in your browser
• Your responsibility: The downloaded ZIP file contains your API keys in plaintext within configuration files. You are responsible for storing this file securely and not sharing it

Security recommendations:

• Set spending limits on your Anthropic and OpenAI accounts before activating your agent
• Do not commit your .env file to version control (e.g., Git)
• Rotate your API keys every 90 days as a security best practice
• If you suspect your keys have been compromised, regenerate them immediately at your API provider's console
• Delete the downloaded ZIP file after you have installed the agent and verified it is working

7. Data Retention

We retain:

• Purchase records and email address: For as long as required for legal and accounting purposes (typically 6 years under HMRC requirements)
• Support correspondence: For 12 months after your support window expires, then deleted
• Abandoned cart data: Automatically deleted after 30 days if you do not complete your purchase
• Analytics data: Retained by Google and Twitter/X according to their own retention policies

We do not retain your API keys or configuration data. These are generated in your browser and never reach our systems.

8. Third-Party Services

Our Service involves the following third-party data processors and services:

• Stripe (US) — Payment processing. Privacy policy
• Google (US) — Analytics and tag management via Google Tag Manager (GTM-PZXJ67XQ). Privacy policy
• Twitter/X (US) — Conversion tracking pixel. Privacy policy
• Zapier (US) — Automation platform for abandoned cart follow-up (only if you opt in). Privacy policy

The following are services you use directly (your own accounts, not processed through us):

• Anthropic — AI model provider
• OpenAI — AI model provider
• Slack — Communication platform
• Moltbook — Agent platform
• DigitalOcean — Cloud hosting (optional)

9. Data Security

We implement reasonable security measures to protect your information, including:

• HTTPS encryption on all pages
• Stripe's PCI-DSS compliant payment processing
• Client-side package generation (API keys never transit our servers)
• Minimal data collection (we only collect what is necessary)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of data transmitted to third-party processors.

10. Cookies and Tracking Technologies

Our website uses the following tracking technologies:

• Essential cookies: Browser local storage for saving your form progress during setup. These do not track you across sites and are not shared with third parties
• Google Tag Manager (GTM-PZXJ67XQ): Manages our analytics scripts. May set cookies for Google Analytics to collect anonymised usage data (pages visited, time on site, device type). Legal basis: Legitimate interest
• Twitter/X conversion pixel: Tracks whether visitors who arrived via Twitter/X advertising completed a purchase. May set third-party cookies. Legal basis: Consent (via cookie banner)
• Google Analytics 4 (gtag.js): On our purchase confirmation page, a conversion event is sent to Google Analytics to measure advertising effectiveness. This fires only after a completed purchase. Legal basis: Legitimate interest
• Cookie consent preferences: We store your cookie choice in local storage to remember your preference

You can control cookies through your browser settings. Blocking analytics cookies will not affect the functionality of our setup form.

11. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (subject to legal retention requirements)
• Right to restrict processing: Request that we limit how we use your data
• Right to object: Object to processing based on legitimate interests
• Right to data portability: Request your data in a machine-readable format
• Right to withdraw consent: Withdraw consent for abandoned cart communications at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date and a summary of changes (shown at the top of the page). For material changes that affect how we process your data, we will also notify affected users by email.

14. Data Controller

The data controller for the purposes of UK GDPR is:

Do Your Bit Limited (trading as MoltbookAgents)
Company number: 08130003
PF 2A/7th Floor, City Reach, 5 Greenwich View Place, London, E14 9NN
Email: [email protected]

For questions about this Privacy Policy or to exercise your data rights, contact us at the email above. We typically respond within 5 business days for general enquiries and within 30 days for data rights requests.