BooleanKit Privacy Policy
Effective Date: January 2025
This Privacy Policy explains how BooleanKit ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website and services (the "Service"). BooleanKit is operated by James as a sole proprietor based in the United States.
We are committed to protecting your privacy and handling your data in an open and transparent manner. Please read this policy carefully to understand our practices regarding your personal data.
1. Data Controller
For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR), the data controller is:
James (doing business as BooleanKit)
Location: United States
Email: support@booleankit.app
2. Information We Collect
2.1 Information You Provide Directly
Account Information: When you create an account, we collect your email address. This is the only personal data we directly collect and store.
User Content: You may upload content to our Service, including CVs, resumes, and job descriptions. This content may contain personal data relating to you or third parties (such as job candidates). We process this content solely to provide the Service to you.
2.2 Information Collected Automatically
We use minimal automatic data collection. Our Service may automatically collect: (a) basic usage data (pages visited, features used) for service improvement; and (b) technical data necessary for the Service to function (such as session information managed by our authentication provider).
2.3 Information from Third Parties
We receive limited information from our service providers: (a) Supabase provides authentication and database services; (b) Stripe provides payment processing and may share transaction status and payment confirmation (not full card details); and (c) Anthropic provides AI processing services.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and maintain the Service | Email, User Content | Contract performance |
| Process payments | Email (via Stripe) | Contract performance |
| Send service communications | Contract / Legitimate interest | |
| Respond to inquiries | Email, correspondence | Legitimate interest |
| Prevent fraud and abuse | Usage data | Legitimate interest |
| Comply with legal obligations | As required | Legal obligation |
4. Third-Party Service Providers
We share your information with the following categories of third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database | Email, account data, credit balance |
| Stripe | Payment processing | Email, payment details (we do not store card numbers) |
| Anthropic | AI processing | User Content submitted to AI tools |
Each of these providers maintains their own privacy policies. We encourage you to review them: Supabase, Stripe, and Anthropic.
5. AI Processing and Your Data
We do not train AI models on your data. When you use our AI-powered tools, your User Content is sent to Anthropic's API for processing. We have configured our use of Anthropic's services to not use your data for model training.
However, Anthropic may process and temporarily store your data in accordance with their privacy policy and terms of service. We recommend reviewing Anthropic's privacy policy for full details on how they handle data submitted through their API.
User Content submitted to AI tools is processed transiently and is not permanently stored by us after the AI response is generated, except as necessary for debugging or fraud prevention for a limited period.
6. International Data Transfers
Our service providers (Supabase, Stripe, and Anthropic) are based in the United States. When you use our Service, your data may be transferred to, stored, and processed in the United States or other countries outside the UK and European Economic Area (EEA).
Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as: (a) transfers to countries with an adequacy decision; (b) Standard Contractual Clauses approved by the relevant authority; or (c) other legally approved transfer mechanisms.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
Account data: Retained while your account is active and for up to 2 years after account deletion for legal and compliance purposes.
Transaction records: Retained for 7 years to comply with tax and financial regulations.
User Content: Processed transiently during tool use; not permanently stored except as noted in Section 5.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request restriction of processing in certain circumstances.
Data Portability: Request transfer of your data in a machine-readable format.
Object: Object to processing based on legitimate interests.
Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
To exercise these rights, contact us at support@booleankit.app. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact your local data protection authority.
9. Third-Party Personal Data (Candidate Data)
Important: If you upload CVs, resumes, or other documents containing personal data of third parties (such as job candidates), you are the data controller for that data. You are responsible for:
- (a) Ensuring you have a lawful basis to process that data (e.g., consent or legitimate interest);
- (b) Providing appropriate privacy notices to data subjects;
- (c) Responding to data subject rights requests; and
- (d) Complying with all applicable data protection laws.
We act as a data processor when processing this third-party data on your behalf to provide the Service.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including: (a) encryption of data in transit (TLS/SSL); (b) secure authentication through Supabase; (c) rate limiting and abuse prevention; and (d) regular security reviews of our systems.
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at support@booleankit.app. We will verify your identity before processing your request.
Categories of Information Collected: In the past 12 months, we have collected: identifiers (email address) and commercial information (purchase history).
12. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will notify you via email or prominent notice on the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
Email: support@booleankit.app
For UK/EU data protection inquiries, you may also contact us at the email above with "Data Protection Inquiry" in the subject line.
Last Updated: January 2025