Privacy Policy

Last updated: 2026-07-18

This policy explains how [Company legal name] ("we") collects and uses personal information when you use boostme. We act as the data controller for the personal data described here.

1. Information we collect

  • Account information: name, email address and a hashed password.
  • Business information: store URLs, uploaded photos and assets, business descriptions and the creatives generated for you.
  • Billing information: payment cards are processed and stored by Stripe; we never store card numbers. We keep records of charges and budgets.
  • Usage information: log data, device and browser information, IP address, language preference, and product analytics events.
  • Communications: support messages and, if you link LINE, your LINE user ID.
  • Ad performance data: aggregated delivery metrics returned by the advertising platforms.

2. How we use information

  • To provide the service: analyzing your business, generating creatives, publishing and optimizing ads, and reporting.
  • To bill you and prevent fraud and abuse.
  • To send service notifications (email or LINE) such as approval requests, billing alerts and delivery reports.
  • To improve the product, including aggregate analytics.
  • To comply with legal obligations.

3. AI processing

Content you register (such as website text and images) is sent to OpenAI's API to produce analyses and ad creatives. Under OpenAI's API policy, this data is not used to train their models. Do not register content that must not be processed by third parties.

4. Sharing and processors

We do not sell personal information. We share data with service providers acting on our behalf and with advertising platforms as needed to deliver ads:

  • Stripe (payments), OpenAI (AI generation), Resend (email delivery), LINE (notifications, if you link it)
  • Advertising platforms (Meta, Google, TikTok, LinkedIn, X) - campaign settings and creatives needed for delivery
  • Hosting and infrastructure (AWS, Vercel), error monitoring (Sentry) and product analytics (PostHog)
  • Authorities where disclosure is required by law

5. International transfers

Data may be processed in Japan, the United States and other countries where our processors operate. Where required (for example for transfers from the EEA/UK), we rely on appropriate safeguards such as standard contractual clauses.

6. Retention

We keep personal data for as long as your account exists and as needed for the purposes above, then delete or anonymize it, except where a longer period is required by law (for example tax and accounting records).

7. Your rights

  • Depending on your location, you may have rights to access, correct, delete, restrict or port your personal data and to object to processing (GDPR and similar laws), and rights to know, delete, correct and opt out of sale/sharing (CCPA/CPRA - note that we do not sell or share personal information as defined there).
  • Japanese users may request disclosure, correction and suspension of use under the Act on the Protection of Personal Information (APPI).
  • To exercise any right, contact support@boostme.co. You may also lodge a complaint with your supervisory authority.

8. Cookies

We use strictly necessary cookies (session, security, language preference) and, if enabled, analytics cookies (PostHog) to understand product usage. You can control cookies in your browser settings; essential cookies are required for login to work.

9. Security

We encrypt data in transit, hash passwords, restrict internal access and monitor for errors and abuse. No method of transmission or storage is completely secure; we will notify you and the authorities of breaches where required by law.

10. Children

The service is intended for business use by adults and is not directed to children under 18.

11. Changes

We may update this policy. Material changes will be announced by email or in the dashboard before they take effect.

12. Contact

[Company legal name], [Registered address] - support@boostme.co