Last updated: January 29, 2026

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use Boko.

Table of Contents

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile information from authentication providers (Clerk)
  • Payment information (processed securely by our payment provider)

1.2 Usage Data

We automatically collect information about how you use our Service:

  • Search queries and filters applied
  • Regions and areas searched
  • Leads viewed and saved
  • Features used and actions taken
  • Credit transactions and history
  • Login timestamps and session data

1.3 Technical Data

We collect technical information including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URLs and pages visited
  • Time zone and location (approximate)

1.4 Lead Data

The business lead data we collect and provide to you is sourced from publicly available information. This includes business names, addresses, phone numbers, websites, and other publicly listed information. This data is about businesses, not individual consumers.

2. How We Use Information

We use the information we collect to:

  • Provide the Service: Process your searches, deliver lead data, and manage your account
  • Process Payments: Handle credit purchases and maintain transaction records
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Communicate: Send service updates, security alerts, and support messages
  • Ensure Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Fulfill legal obligations and respond to lawful requests

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. Data Retention

We retain your data for the following periods:

  • Account Data: Retained for the duration of your account, plus 30 days after account deletion to allow for recovery
  • Usage Data: Retained for 24 months for analytics and service improvement
  • Transaction Records: Retained for 7 years to comply with financial regulations
  • Audit Logs: Retained for 12 months for security and compliance purposes
  • Saved Leads: Retained until you delete them or close your account

You can request deletion of your data at any time (see Your Rights section below).

4. Third-Party Services

We use the following third-party services to operate Boko. Each has their own privacy policy:

Authentication

  • Clerk: Handles user authentication and session management. Privacy Policy

Data Sources

  • Google Places API: Provides business location and information data. Privacy Policy
  • Google Lighthouse: Analyzes website performance and quality

AI Services

  • Perplexity AI: Generates sales intelligence summaries (business data only, not personal data). Privacy Policy

Infrastructure

  • Vercel: Website hosting and deployment
  • Railway: Backend infrastructure and database hosting

5. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have certain data protection rights under GDPR. We extend these rights to all users regardless of location:

5.1 Right to Access

You have the right to request a copy of your personal data. You can export your data at any time through your account settings or by contacting us.

5.2 Right to Rectification

You have the right to request correction of inaccurate personal data. You can update most information directly in your account settings.

5.3 Right to Erasure

You have the right to request deletion of your personal data. You can delete your account through settings or by contacting us. We will delete your data within 30 days, except where retention is required by law.

5.4 Right to Data Portability

You have the right to receive your data in a structured, commonly-used, machine-readable format. We provide data exports in JSON and CSV formats.

5.5 Right to Object

You have the right to object to processing of your personal data for certain purposes. Contact us to exercise this right.

5.6 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances. Contact us to exercise this right.

How to Exercise Your Rights: You can exercise most of these rights directly through your account settings. For assistance, email hello@boko.app. We will respond within 30 days.

6. Cookies

We use cookies and similar technologies for:

Essential Cookies

Required for the Service to function. These include authentication tokens and session identifiers. Cannot be disabled.

Functional Cookies

Remember your preferences and settings to improve your experience.

Analytics Cookies

Help us understand how users interact with the Service. We use privacy-focused analytics that do not track individuals across sites.

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Service.

7. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Authentication: Secure authentication with optional two-factor authentication (2FA)
  • Access Controls: Role-based access controls and principle of least privilege
  • Monitoring: Continuous security monitoring and audit logging
  • Regular Updates: Systems are regularly updated and patched

While we strive to protect your information, no method of transmission over the Internet is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Children's Privacy

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to request deletion.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Processing in jurisdictions with adequate data protection laws
  • Contractual obligations with service providers

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top
  • Sending an email notification for material changes that affect your rights

We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

For EU residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Back to top
Terms of ServiceContact Us