SetupBots

Disclosure

Effective June 1, 2026

SetupBots teaches you how to install and use AI coding tools made by other companies — Anthropic (Claude, Claude Code), OpenAI (ChatGPT, Codex), Cursor, and others. These are third-party products. We do not own them, we do not run them, and we do not have access to your account inside them. This page explains what those tools can see on your computer, what the install path you pick actually changes, and where the line is between us and them.

What an AI coding tool sees on your computer

Once a desktop AI tool is installed and granted permission, it can read files, run commands, and send context up to the company that makes it (Anthropic, OpenAI, etc.) so the model can answer you. The exact behavior depends on the tool and the permissions you grant it. None of these tools should read your computer silently — they need permission. But once they have it, they can see everything the operating-system user account they're running under can see.

That is why this course makes you pick one of three install levels before you install anything:

• Casual desktop — the AI tool runs under your normal user account. It can see your normal Documents folder, your Downloads, your Desktop, and any project folders open in your editor.
• Deployer profile — the AI tool runs under a separate operating-system user account dedicated to coding work. It only sees that user's home directory.
• Isolated terminal / VPS / Mac mini — the AI tool runs on a remote box or dedicated machine. It only sees the project files you explicitly put there.

None of these levels are wrong. They are tools for matching the AI's reach to the sensitivity of the work. Personal learning is fine on the casual level. Real client data or production credentials belong on the isolated level.

Private documents, secrets, and saved credentials

If your computer has personal documents, tax records, saved passwords, saved API keys, client files, signed contracts, or anything you would not paste into a chatbot — be aware that on the casual install level, an AI agent you grant access to can read those things if it follows your prompt into the wrong folder. The whole point of the deployer-profile and isolated install paths is to keep that data out of the agent's reach in the first place.

We recommend reviewing each AI tool's own privacy policy and data-handling documentation before installing it, especially if you handle regulated data (medical, financial, legal). Links:

• Anthropic privacy policy (Claude, Claude Code)
• OpenAI privacy policy (ChatGPT, Codex)
• Cursor privacy policy

What SetupBots is and isn't

SetupBots is a methodology, a knowledge base, a course library, and an API. We do not host the AI models you'll be using. We do not see your prompts, your files, or your chats with Claude / ChatGPT / Codex. We do not store copies of anything you build with them. Our role is to teach you how to set them up safely and use them well.

If an AI tool installed on your computer behaves unexpectedly, deletes files, leaks data, sends content to a model you didn't expect, or runs up an API bill you weren't ready for — that is between you and the company that makes the tool. We do our best to teach the guardrails (this course is largely about those guardrails), but we cannot guarantee third-party tool behavior, and we are not liable for it. See our Terms of Service for the full liability framing.

You have no obligation to install anything

SetupBots courses are informational. Reading any course does not obligate you to install any AI tool, buy any subscription, or follow any specific recommendation. Skip a step, ignore a recommendation, take a different path, or do nothing at all — that's your call. If you choose to install or buy any of the AI tools we point at, you're making that decision for yourself with your own assessment of the risk involved.

What the AI agent does — and what you own

Once installed and granted permissions, an AI coding agent on your computer can read and write files (where you give it access), run shell commands, install software, send emails or text messages if you wire it to those services, post to social platforms via APIs, and spend money on API tokens or paid endpoints if you connect billing.

You are solely responsible for:

• Content the agent sends in your name — emails, SMS, social posts, generated copy, customer communications, and anything else the agent produces and dispatches. You own that content as if you'd written and sent it yourself.
• Compliance with laws that apply to that content — including but not limited to CAN-SPAM for commercial email, TCPA for SMS in the United States, GDPR and CCPA for handling personal data of EU and California residents, FTC endorsement and disclosure rules, copyright law for generated content, and any local laws or regulated-industry rules (healthcare, legal, financial, education) that apply where you operate.
• API bills, subscription charges, ad spend, and other financial consequences of the agent's actions on your account. Setting spend caps is your responsibility; the course teaches the patterns but setting them on each provider account is on you.
• Damage from agent mistakes — lost files, dropped database tables, force-pushed branches, broken builds, leaked credentials. The guardrails this course teaches (deployer profiles, sandbox folders, spend caps, "discussion only" / "read only" / "research only" prompt suffixes) are designed to limit blast radius. Whether you use them, when, and how is your call.

If the agent does something you didn't intend, that is between you, the AI provider with which you have the account, and any third party affected. Our role is to provide the playbook that makes those scenarios less likely — not to be the party liable when they happen anyway.

Software safety, malicious code, and evolving threats

The threat landscape for software — especially AI-adjacent software — changes faster than any disclosure document can keep up with. New vulnerabilities, new attack techniques, new categories of malicious tooling, and new zero-day exploits are disclosed weekly. The npm ecosystem, the package registries we recommend installing from, the AI providers we recommend integrating with, and the operating systems we recommend installing AI tools onto are all subject to risks beyond our control.

What we do. We do our best to keep the software we author (the SetupBots installer, the Agent Intelligence API, our scripts, our recommendations) up to date with current best practices and current security posture. When we learn that a recommended package, tool, or pattern has been compromised or deprecated, we update the curriculum and the brain.

What we cannot guarantee. We cannot guarantee that:

• A third-party AI tool, npm package, or operating system you install will not contain bugs, vulnerabilities, malicious code, or supply-chain compromises introduced by their authors or maintainers.
• A zero-day vulnerability won't be discovered in any tool we've recommended — including AI agents that have already been installed on your system — that allows a malicious party to access your files, credentials, or systems before patches are available.
• The pace of AI tool development won't produce a tool, model, or agent sophisticated enough to bypass the guardrails this course teaches. Defenses age. Attack capabilities advance.
• Our own software is free of bugs, defects, or vulnerabilities. We try, we audit, we update — but no software is provably free of defects.

Your responsibility. Keep your operating system, AI tools, and packages patched. Run reputable security software on any machine that holds sensitive client or business data. Don't store more on your computer than needs to be there. Review the privacy and security posture of any tool before installing it — especially the AI tools we recommend, which by design have broad reach over the files and credentials available to them.

Service is provided "as is"

All SetupBots courses, scripts, prompts, recommendations, downloadable files, videos, and audio content are provided as-is, without warranties of any kind, express or implied. We do not warrant that the methodology will work for every project, every business model, every jurisdiction's regulations, every operating system, or every machine configuration. We don't promise uninterrupted access or error-free content. To the maximum extent allowed by law, our total liability for the free courses is capped at what you paid us, which is zero. For paid products, see our Terms of Service for the full liability framing.

Third-party npm packages and open-source dependencies

Many SetupBots lessons (especially the build lessons) recommend installing npm packages — GSAP, React Three Fiber, tsParticles, Fontsource, and others. These are third-party open-source packages, not authored by SetupBots, and they run inside your project once you install them. A few things worth knowing:

• Licenses vary. Most popular npm packages use permissive licenses (MIT, Apache 2.0, ISC) that are safe for personal and commercial use. Some packages use copyleft licenses (GPL, AGPL, SSPL) that can impose source-disclosure obligations on the projects that include them — usually not an issue for personal projects, but a real one for client work.
• Verify the exact package name before installing. Typo-squatted impostor packages exist on npm. Stick to packages with high weekly download counts, active maintainers, and a clean GitHub repo.
• Before shipping a client project, run npx license-checker --summary in the project root to enumerate every license in your dependency tree. Swap out anything copyleft before delivery unless you've explicitly cleared it with the client.
• Pin your versions. Don't run npm install package@latest blindly in a project that's already in client hands. Pin to a specific version so future updates can't break the build or introduce a supply-chain risk you didn't audit.
• You're responsible for what's in your node_modules. SetupBots recommends specific packages but does not vet every transitive dependency those packages pull in. We're not liable for behavior, breakage, or licensing issues caused by third-party packages.

Affiliate disclosure

Some links to third-party tools on SetupBots are affiliate links. If you install a tool through one of those links and later become a paying customer of that tool, we may earn a referral fee. This never changes the price you pay. We only ever recommend tools we actually use and would recommend without the affiliate relationship. See the SetupBots affiliate-program FAQ for the full list of programs we participate in.

Cost guidance

Most AI tools are pay-as-you-go or subscription-based. SetupBots teaches you to estimate cost before large API jobs and to scope and cap every API key. We do not bill you for the third-party AI tools you connect — those charges go directly to the company that makes the tool (Anthropic, OpenAI, etc.) on whatever billing relationship you set up with them.

"No professional advice" reminder

SetupBots is implementation methodology and examples. It is not legal, financial, tax, medical, compliance, or security certification advice. You are responsible for reviewing and validating anything you or your AI agent produces before relying on it, shipping it to customers, or running it against client systems.

Related

Terms of Service · Privacy Policy · SUPER/SETUP Knowledge License

Contact

Questions or concerns: support@setupbots.com. SetupBots is based in Phoenix, Arizona.