Privacy Policy

How BoostProfits collects, uses, and protects your personal data.

Last updated May 2026

BoostProfits ("BoostProfits", "we", "us") is the data controller for personal data processed in connection with our website and service. This notice explains what we collect, why, the legal basis we rely on, who we share it with, and your rights.

1. Categories of personal data

  • Account data: name, email address, password hash, company name.
  • Customer content: invoices, client records, and other data you upload.
  • Billing data: plan, transaction history, billing address, and tax identifiers (collected by our payment provider).
  • Usage and device data: pages viewed, feature interactions, device type, browser, IP address.
  • Support data: messages and attachments you send to our support team.

2. Purposes and legal bases

  • Provide the service (account creation, delivering features) — legal basis: performance of a contract.
  • Billing, invoicing, and tax compliance — legal basis: performance of a contract and legal obligation.
  • Security, fraud prevention, and abuse detection — legal basis: legitimate interests in protecting our service and users.
  • Product analytics and improvement — legal basis: legitimate interests in improving the product.
  • Customer support — legal basis: performance of a contract.
  • Marketing emails — legal basis: consent (you can withdraw at any time).

3. How we share data (recipients)

  • Paddle.com Market Limited — our Merchant of Record. Paddle processes payments, manages subscriptions, calculates and remits sales tax/VAT, and issues invoices and refunds on our behalf.
  • Hosting and infrastructure providers (Cloudflare, AWS) — to host and serve the application.
  • Email delivery (Resend) — to send transactional emails.
  • Professional advisers (legal, accounting) — when reasonably necessary.
  • Authorities — where required by law or to protect rights.

4. International transfers

Where personal data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) as a safeguard.

5. Data retention

  • Account data: retained while your account is active and for up to 12 months after closure, then deleted or anonymised.
  • Customer content: retained while your account is active; deleted within 30 days of account deletion (or sooner on request).
  • Billing and invoicing records: retained for up to 7 years to comply with tax and accounting laws.
  • Support messages: retained for up to 24 months.
  • Server logs and security data: retained for up to 90 days.

6. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. EU/UK residents may lodge a complaint with their local supervisory authority. To exercise any right, email privacy@boostprofits.com; we respond within 30 days.

7. Security

We apply appropriate technical and organisational measures including TLS 1.2+ in transit, AES-256 at rest, role-based access controls, and audit logging.

8. Cookies

We use essential cookies required for sign-in and session management, and a privacy-friendly first-party analytics cookie. We do not use third-party advertising trackers. You can manage cookies in your browser settings.

9. Contact

BoostProfits — privacy@boostprofits.com.