Legal

Privacy Policy

Last updated: May 16, 2026

Contents

  1. Introduction
  2. 1. Information We Collect
  3. 2. How We Use It
  4. 3. Legal Bases (GDPR)
  5. 4. How We Share It
  6. 5. International Transfers
  7. 6. Data Retention
  8. 7. Security
  9. 8. Your Rights and Choices
  10. 9. Children's Privacy
  11. 10. Cookies
  12. 11. Changes to This Policy
  13. 12. Contact Us

Introduction

Your privacy matters to us. This Privacy Policy explains the personal data BoothIQ (we, us) processes when you use our cloud dashboard, mobile apps, and booth software (together, the Service), why we process it, and the choices you have. If you have questions, email privacy@boothiq.com.

We aim to collect only what we need to run the Service. We don't run third-party analytics, advertising networks, or behavior trackers. We don't sell your data.

1. Information We Collect

You provide some of this data directly. We collect some automatically when you use the Service. Your booths send some of it to your account.

Account information

When you sign up we collect your first name, last name, email address, and a password. We store passwords as one-way hashes, not in plaintext.

Subscription and billing

Payments are processed by Stripe. We receive your subscription status, plan tier, and the last four digits of the payment method so we can show your billing state in the dashboard. We never see or store your full card number, expiry, or bank details. For example, when you subscribe a booth, Stripe tells us "active, Pro plan, card ending 4242" and nothing more. Stripe's handling of your payment information is governed by Stripe's Privacy Policy.

Content you upload

You can upload your account logo and per-booth branding logos. These files are stored on AWS S3 so they can be served back to your booths and dashboard.

Booth telemetry

Your booths send operational data to your account: revenue totals, transaction counts, payment-method breakdowns, supply levels, and booth configuration. For example, when a customer pays for a print at the booth, the booth records the transaction locally and then syncs it to your account so you can see it on your dashboard. We use this data to power your account. We don't share it outside your account.

Communications

When you contact us by email or through the contact form, we keep your message, your name and email, and any reply we send, so we can follow up if there's a next step.

Automatically collected

When you use the Service we collect basic technical information: IP address, browser and device type, request timestamps, and error logs. We keep this for a short period to operate the Service securely. We do not run third-party analytics, advertising trackers, or behavior beacons.

2. How We Use It

We use the data we collect to:

  • Provide the Service. Run your dashboard, sync your booths, and keep your account working.
  • Process subscriptions. Bill your plan, manage renewals and cancellations, and handle payment recovery.
  • Secure your account. Detect and prevent fraud, abuse, and unauthorized access.
  • Communicate with you. Send transactional messages about your account, billing, security, and material product changes.
  • Respond to support. Answer your questions and follow up.
  • Improve the Service. Diagnose bugs, monitor reliability, and decide what to build next.
  • Comply with the law. Meet our legal, regulatory, and tax obligations.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction that requires a legal basis for processing, we rely on:

  • Contract performance. Processing required to deliver the Service you signed up for.
  • Legitimate interest. Security, fraud prevention, and product reliability.
  • Consent. Any optional communications, where consent is required.
  • Legal obligation. Tax, accounting, and compliance requests.

4. How We Share It

We do not sell your personal information, and we do not share it with advertisers. We share information only with the service providers that operate parts of our stack:

  • Stripe. Payment processing and subscription management.
  • Upstash. Redis-based rate limiting on sign-in. We store counters keyed by IP and account identifier. No profile data is stored in Redis.
  • DigitalOcean. Hosting the web application and APIs.
  • AWS S3. Storing uploaded logos.

We also read public release metadata from GitHub's API to populate our changelog page. No user data is sent to GitHub.

We may share information when required by law, in response to a valid legal process, or to protect the rights, safety, or property of BoothIQ, our users, or the public.

5. International Transfers

BoothIQ may be operated from, and the providers above may process data in, countries different from your own. Where required by law we rely on appropriate safeguards such as standard contractual clauses.

6. Data Retention

We retain your information for as long as your account is active. If you close your account we delete your account data within [30 days], with these exceptions:

  • Billing and tax records are retained for [7 years] to meet accounting and tax obligations.
  • Server and security logs are rotated after [30/90 days].
  • Anything we are required to retain by law.

7. Security

We use industry-standard practices to protect your data. Passwords are hashed. Connections to the Service use HTTPS. Authentication tokens are stored in HttpOnly secure cookies. We review our code and dependencies regularly. No system is perfectly secure, so we encourage you to use a strong, unique password and keep your account credentials safe. If you suspect your account has been compromised, contact support@boothiq.com right away.

8. Your Rights and Choices

You have choices about your data. Depending on where you live, you may have the following rights:

  • Access. You can request a copy of the data we hold about you.
  • Correct. You can correct data that is inaccurate or incomplete. Most account fields you can edit yourself from the dashboard.
  • Delete. You can request deletion, subject to legal retention requirements.
  • Restrict or object. You can restrict or object to certain processing.
  • Portability. You can receive your data in a portable format.
  • Withdraw consent. Where processing relies on consent, you can withdraw it.

If you are a California resident, the CCPA gives you the right to know what information we collect, the right to delete it, the right to opt out of sale (we don't sell), and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, email privacy@boothiq.com. You also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed at children under 16 (or under 13 in the United States) and we don't knowingly collect personal data from them. If you believe a child has provided us with personal information, contact us so we can delete it.

10. Cookies

Cookies are small text files placed on your device when you use the Service. We use them to keep you signed in and to remember your session preferences. We don't use advertising or analytics cookies, and we don't use cookies for tracking you across other websites.

All the cookies we set today are essential for the Service to function. Because they are essential, no cookie banner is required for them in most jurisdictions. If we ever add a non-essential cookie, we will ask for consent first and update this policy.

CookiePurposeDurationHttpOnly
auth_access_tokenAuthenticates your API requests.7 or 30 daysYes
auth_refresh_tokenRenews your session when the access token expires.7 or 30 daysYes
auth_userRenders your name and role in the UI.7 or 30 daysNo
auth_rememberTracks the remember-me preference for session length.7 or 30 daysYes

You can clear these cookies at any time from your browser settings. If you clear auth_access_token or auth_refresh_token while signed in, you will be signed out and asked to sign in again.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes we will notify you by email or by an in-app notice before the changes take effect. The "Last updated" date at the top of the page shows when the policy was most recently revised. If you don't agree to the updated policy, you can close your account before it takes effect.

12. Contact Us

Questions about this policy or about your data? Reach us at privacy@boothiq.com or write to:

BoothIQ
[Registered Address]

See also our Terms of Service.