Privacy Policy

2.1 Personal Information You Provide

• Account Information: When you sign up for an account, we collect your name, username, email address, and password. We may also collect optional profile details such as profile images.
• User-Generated Content (UGC): This includes the prompts, HTML, CSS, JavaScript, and schema data you create or upload when building and deploying apps. Versions of your projects and logs generated by your app development and publication activities are stored indefinitely.
• App Usage Data: When you or others use apps hosted on our Platform, we collect and store any data generated through app interactions (e.g., todo list items, form submissions, user inputs, saved preferences within apps). This data is stored to maintain app functionality and user experience.
• Marketplace and Transaction Data: If you purchase or sell Apps through the Platform, we collect purchase history, transaction amounts, seller payout details, refund and dispute records, and related financial information necessary to facilitate and record transactions. Sellers who onboard to our marketplace may have additional identity and financial information collected by Stripe as part of their KYC (Know Your Customer) verification process (see Section 4.2).
• Communication: If you contact us (e.g., for support or with questions), we may collect the information you provide in your message.

2.2 Automatically Collected Information

• Usage Data: We collect information about your interactions with the Platform, such as IP addresses, device information (e.g., browser type, operating system), and analytics data.
• App Interactions: We track likes, dislikes, and saved apps (favorites). This data is tied to your user identity to offer personalized features and analytics.
• Cookies and Similar Technologies: We use cookies, local storage, and similar tracking technologies to maintain sessions, remember user preferences, and analyze usage of our Platform.
• Advertising and Click Identifiers: When you arrive from an online ad, the destination URL may include marketing parameters and a click identifier (for example, Meta's fbclid). We store these, along with limited identifiers such as your email (hashed), IP address, and country, to measure and improve our advertising as described in Section 4.7.

2.3 Sensitive or Special Categories of Data

We do not intentionally collect sensitive or special categories of data (e.g., biometric data). We do not offer multi-factor authentication or WebAuthn/FIDO2 at this time; therefore, we do not collect biometric or device-based authentication data.

4.1 Service Providers and Third Parties

• Hosting and Infrastructure Providers
• Analytics Providers
• Email or Communication Service Providers
• AI Service Providers

4.2 Payment Processing & Stripe

All payments on the Platform are processed by Stripe, Inc. ("Stripe"). We do not store your full credit card number or bank account details. We store limited payment references (e.g., Stripe customer IDs, payment intent IDs, and transaction metadata) necessary to manage subscriptions, purchases, and refunds.

Buyers: When you purchase an App, Stripe processes your payment on our behalf. Stripe collects your payment card information directly and is subject to Stripe's Privacy Policy.

Sellers: To sell Apps on the marketplace, you must complete Stripe Connect onboarding. During this process, you are redirected to Stripe where they may collect identity verification documents, tax identification numbers (e.g., SSN or EIN), bank account information, date of birth, and other information required for KYC (Know Your Customer) compliance. Stripe acts as an independent data controller for this information and processes it under their own privacy policy. On our side, we store your Stripe Connect account ID, payout eligibility status, and onboarding completion status to manage your seller experience on the Platform.

4.3 Marketplace Transaction Data Sharing

When a transaction occurs on the marketplace, limited information may be shared between parties:

• Buyers can see the seller's public profile name and username associated with Apps they purchase.
• Sellers can see that a purchase was made but do not receive the buyer's personal information (name, email, or payment details).
• Transaction records (amounts, dates, and status) are maintained for both parties for account management and dispute resolution purposes.

4.4 Legal Requirements and Business Transfers

We may disclose information if required by law or in the event of a merger, acquisition, or sale of assets.

4.5 Third-Party Apps and User Data Exposure

Important: When you interact with apps created by other users, any information you provide to those apps may be accessible to the app creators and could potentially be shared, stored, or transmitted by them in ways outside our control. This includes personal information, form inputs, messages, and any other data you enter into third-party apps.

4.6 No Sale of Personal Information

We do not sell or rent your personal information to third parties for money. We do share limited identifiers with advertising and measurement partners as described in Section 4.7, which certain laws may classify as "sharing" for advertising purposes. You can opt out at any time (see Section 15.5).

4.7 Advertising and Measurement Partners

We advertise our Platform on third-party services such as Meta (Facebook and Instagram). To measure whether our ads work and to improve them, we share a limited set of information with these partners using server-to-server connections (such as Meta's Conversions API). We do not install their advertising pixel or browser trackers on our Platform.

The information shared is limited to: a hashed (irreversibly obscured) version of your email address, a hashed identifier and country, your IP address and browser user agent, the ad click identifier from your originating link (e.g., fbclid), and the event that occurred (for example, creating an account, starting a checkout, or completing a purchase) with its amount. We share this to measure ad performance, attribute conversions, and optimize campaigns.

Your choices: You can opt out of this sharing at any time from your account privacy settings, and we honor the Global Privacy Control (GPC) browser signal as an opt-out. We also enable Meta's Limited Data Use setting where applicable.

European users: We do not share personal data of users located in the European Economic Area, the United Kingdom, or Switzerland with these advertising partners.

8.1 Platform Security

We implement the following security measures for our Platform:

• Encryption in transit and at rest
• Secure password hashing
• Access controls
• Rate limiting
• App isolation and sandboxing

8.2 Third-Party App Security Limitations

Important Limitation: While we implement security measures to protect our Platform, we cannot guarantee the security of data you share with third-party apps created by other users. These apps may:

• Potentially bypass our security measures
• Collect and transmit your data without encryption
• Store your information in insecure ways
• Share your data with external parties

Your responsibility: Exercise caution when sharing sensitive information with third-party apps and only use apps from trusted sources.

12.1 Risks of Third-Party Apps

• Data Collection: Apps created by other users may collect any information you input, including personal or sensitive data.
• Security Bypass: While we implement security measures, third-party apps may potentially bypass these protections or be designed to collect your information.
• External Transmission: Third-party apps may send your data to external services or store it in ways we cannot control.
• No Oversight: We cannot review, monitor, or control all user-generated apps for data collection practices.

12.2 Your Responsibility

By using third-party apps, you acknowledge and accept these risks. We strongly recommend:

• Only using apps from trusted creators
• Being cautious about sharing sensitive information
• Reviewing app descriptions and creator profiles
• Understanding that we are not responsible for third-party privacy practices

14.1 Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal bases:

14.2 Your Rights Under GDPR

In addition to the rights listed in Section 9, European users have the right to:

• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
• Right to object: Object to processing based on legitimate interest at any time. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at contact@boosterbot.ai. We will respond to your request within 30 days.

14.3 International Data Transfers

As described in Section 6, your data is stored in the United States. For transfers of personal data from the EEA/UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

15.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, username, IP address, Stripe customer ID.
• Commercial information: Purchase history, transaction records, products or services purchased.
• Internet or electronic network activity: Browsing history on the Platform, interactions with Apps, device information, analytics data.
• Professional or employment-related information: For sellers, information provided during Stripe Connect onboarding (collected and controlled by Stripe).
• Inferences drawn from the above: User preferences, usage patterns, and content recommendations.

15.2 Sources of Personal Information

• Directly from you: Account registration, app creation, communications, and purchases.
• Automatically: Cookies, analytics tools, and usage tracking as described in Sections 2.2 and 5.
• Third-party service providers: Stripe (payment and seller verification data).

15.3 Business Purposes for Collecting

We collect and use personal information for the business purposes described in Section 3, including: providing and improving the Platform, processing transactions, analytics, security, fraud prevention, legal compliance, and marketing (with consent).

15.4 Your Rights Under CCPA

As a California resident, you have the right to:

• Right to know: Request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, transaction records).
• Right to correct: Request correction of inaccurate personal information.
• Right to opt-out of sale or sharing: We do not sell your personal information for money. We do share limited identifiers with advertising partners for ad measurement and optimization (see Section 4.7), which the CCPA may treat as "sharing" for cross-context behavioral advertising. You can opt out at any time (see Section 15.5).
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

15.5 "Do Not Sell or Share My Personal Information"

We do not sell your personal information for money as defined by the CCPA. We do share a limited set of identifiers with advertising partners such as Meta for ad measurement and optimization (see Section 4.7), which the CCPA/CPRA may classify as "sharing" for cross-context behavioral advertising.

You can opt out of this sharing using either of the following methods:

• Toggle "Do Not Sell or Share My Personal Information" in your account privacy settings.
• Enable Global Privacy Control (GPC) in a supported browser or extension. We automatically honor the GPC signal as a valid opt-out request.

15.6 Opt-Out Preference Signals

We recognize and honor opt-out preference signals, including Global Privacy Control (GPC). When we detect a GPC signal from your browser, we treat it as a request to opt out of sharing your personal information for advertising for that browser, and we do not require you to create an account or take additional steps.

15.7 Exercising Your Rights

To exercise any of your CCPA rights, you may contact us at contact@boosterbot.ai. We will verify your identity before processing your request. We will respond to verifiable consumer requests within 45 days, as required by the CCPA. You may also designate an authorized agent to submit a request on your behalf.