Privacy Policy

Quick Summary (TL;DR)

• We collect account details, profile info, saved events and preferences, basic usage analytics, and location data (for distance-based search).
• Payments are processed by Stripe; we don't store full card numbers.
• Authentication and database services are provided by Supabase; hosting is on Vercel.
• We use your data to operate the Service, power AI recommendations, send you event alerts, and improve features.
• You can access, delete, or correct your data, and opt out of marketing emails at any time.
• We keep your data until you delete your account (subject to limited legal retention).

Scope & Who We Are

This Policy applies to personal information we collect from users of BoothScout's website and Service, including our Free, Pro ($29/month), and Premiere ($49/month) tiers (collectively, the "Services").

Controller: BoothScout (contact: contact@boothscout.com). If required by law, we will appoint an EU/UK representative and update this notice.

Information We Collect

1) Information you provide

• Account credentials: Email and password (handled via Supabase; we never store plain-text passwords).
• User profile: Business name, bio, location (city/region), product categories.
• Saved content: Saved events, saved searches, and your search preferences.
• Subscription & billing: Plan selection (Free, Pro, Premiere). Stripe processes your payment information; we receive limited billing metadata (e.g., last 4 digits, card brand, status) and invoices/receipts.

2) Information we collect automatically

• Usage & device data: Basic usage tracking (pages or screens viewed, features used, timestamps, app performance, device/browser type).
• User activity & audit logs: Actions in the app (e.g., logins, settings changes, save/unsave events) to provide support, security, and troubleshooting.
• Cookies and similar technologies: Necessary cookies for login/session; optional analytics cookies as described below.

3) Location data

Approximate location derived from your inputs or device/browser (when you allow it) to support distance-based search and nearby event discovery. You can disable or adjust location permissions in your device or browser settings; the Service may remain functional with reduced relevance.

4) Information from third parties

• Payment status from Stripe (e.g., subscription active/canceled).
• Authentication tokens & session info from Supabase.

We do not intentionally collect information from children; see "Children's Privacy" below.

How We Use Your Information

We use personal information to:

Provide and secure the Service

Authenticate you, maintain sessions, operate databases (Supabase), host the app (Vercel), process payments (Stripe), and keep audit logs.

AI-powered recommendations

Match you with relevant events based on your profile, categories, location, saved events/searches, and on-platform activity. Our AI features do not make decisions with legal or similarly significant effects.

Personalize your experience

Remember preferences, show relevant or nearby events, and surface saved items.

Communicate with you

Send service emails (e.g., account notices, receipts) and email notifications for new events you opted into. You can manage notification settings in the app or opt out via the email footer.

Improve and analyze

Perform basic usage analytics, debug, prevent fraud/abuse, and develop new features.

Legal, compliance, and safety

Comply with law, enforce terms, and protect the rights, safety, and security of users and the platform.

Legal bases (GDPR/UK GDPR): Contract (to provide the Service), Legitimate Interests (security, analytics, improvements), Consent (e.g., location permissions, marketing emails where required), and Legal obligations (tax, accounting, fraud prevention).

How We Share Information

We share personal information only as described below:

Service Providers / Processors

• Supabase (authentication/database) – user accounts, profile data, saved content, and logs.
• Stripe (payments) – payment processing; Stripe acts as an independent controller for card data. We do not store full card details.
• Vercel (hosting) – hosting and performance delivery of our web app.
• Analytics – basic usage tracking (aggregated or pseudonymized where practicable).

These providers are bound by contractual obligations to process data on our instructions and protect it appropriately.

Business transfers

In a merger, acquisition, financing, or sale of assets, data may be transferred subject to this Policy and applicable law.

Legal and safety

To comply with law or valid legal process, or to protect users, the public, or BoothScout.

We do not sell or share your personal information for cross-context behavioral advertising under the California Consumer Privacy Act (CCPA/CPRA).

Cookies & Similar Technologies

We use:

• Strictly necessary cookies (e.g., session/auth).
• Functional storage (e.g., your preferences).
• Analytics tools for aggregate usage metrics.

You can control cookies via your browser settings. If you block strictly necessary cookies, some features may not work. Do Not Track (DNT) signals are not standardized; we do not respond to DNT, but if you use a Global Privacy Control (GPC) signal and we engage in activities covered by "sale" or "sharing," we will honor it as required. Currently, we state that we do not sell or share data for cross-context behavioral ads.

AI Features & Automated Decision-Making

Our AI recommendations use your profile, product categories, location (when enabled), saved events/searches, and on-platform interactions to suggest events you may like.

• You can update inputs (e.g., categories, distance radius) to influence recommendations.
• Our AI features do not involve solely automated decisions that produce legal or similarly significant effects.

Data Retention

We retain your personal information until you delete your account, or as otherwise needed to provide the Service. If you delete your account, we will delete or de-identify your personal information, subject to limited retention required for:

• Legal, tax, accounting, and audit obligations,
• Fraud prevention and security, and
• Resolving disputes or enforcing agreements.

System backups may persist for a limited period per our standard cycles.

Security

We implement technical and organizational measures appropriate to the risk, including:

• Encryption in transit (TLS) and at rest (through our providers where applicable),
• Access controls and least-privilege practices,
• Audit logs and monitoring,
• Segregation of payment data (handled by Stripe).

No security practice is perfect; we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and regulators as required.

Your Rights & Choices

Access, correction, deletion, portability

• You can view and update profile details and preferences in the app.
• You can delete your account in the app (or request deletion via contact@boothscout.com).
• Upon request, we will export your data in a portable format, where technically feasible.

Marketing & notifications

Manage email notifications (new events, tips) in your settings or by using the unsubscribe link. We will continue to send essential service emails.

Location permissions

You can enable/disable location access in your browser or device settings. Distance-based features may be limited if disabled.

We will verify your identity before processing certain requests.

GDPR / UK GDPR Notices (EEA, UK, Switzerland)

• Controller: BoothScout (contact@boothscout.com).
• Purposes & legal bases: as listed above.
• Your rights: access, rectification, erasure, restriction, objection (including to processing based on legitimate interests), and data portability. Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• International transfers: We may transfer data to countries outside your jurisdiction (e.g., to the United States) where Supabase, Stripe, and Vercel operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).
• Complaints: You may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.

California Privacy Notice (CCPA/CPRA)

Categories we collect

• Identifiers (e.g., email, account ID),
• Customer records (profile, subscription status),
• Commercial information (saved events, purchases/subscriptions),
• Internet/network activity (usage logs, device/browser info),
• Geolocation (approximate, for distance-based search),
• Inferences (AI recommendations),
• Financial info (processed by Stripe; BoothScout only receives limited billing metadata).

Sources: You, your devices, and our service providers (Supabase, Stripe, Vercel).
Purposes: Provide the Service, security, analytics, AI recommendations, support, and compliance.
Disclosures: To service providers/processors and as otherwise described above.
Sale/Sharing: We do not sell personal information and do not share it for cross-context behavioral advertising.
Retention: Until account deletion, subject to limited legal retention.

Your California rights

• Know/Access the categories and specific pieces of personal information we collect.
• Delete personal information, subject to legal exceptions.
• Correct inaccurate information.
• Opt-out of sale/sharing (not applicable as described).
• Limit use/disclosure of sensitive personal information (we do not use SPI for additional purposes).
• Non-discrimination for exercising your rights.

How to exercise: Email contact@boothscout.com or use in-app controls. We will verify requests (e.g., email verification). Authorized agents may submit requests with proof of authorization.

Children's Privacy

BoothScout is intended for business users 18+ and is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

International Users

By using the Service, you understand that your information may be processed in countries with laws that may differ from those where you live. We implement safeguards for international transfers as described above.

Third-Party Links

The Service may link to third-party websites or services. Their privacy practices are governed by their own policies. We encourage you to review Stripe's and Supabase's privacy notices for details about their processing.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. If changes are material, we will notify you (e.g., via email or in-app notice). The "Effective date" at the top shows when it was last updated.

Contact Us

BoothScout – Privacy
Email: contact@boothscout.com

(If you prefer postal mail, please include: "Attn: Privacy" and your contact details in your message so we can provide our current mailing address.)