1. Introduction
This Privacy Policy (“Policy”) describes how SaaS Experts, Inc. (“we,” “us,” “our”), the owner and operator of the BoastImage brand, collects, uses, and safeguards the personal information you (“you” or “your”) provide when using our visual feedback and collaboration application or related services (collectively, the “Platform”).
By using or accessing any BoastImage services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our Platform and refrain from providing any personal information.
This Privacy Policy has been drafted to comply with various privacy regulations including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable laws.
2. Who We Are
Company Name: SaaS Experts, Inc.
Brand: BoastImage (at https://boastimage.com)
Primary Purpose: We operate a Software-as-a-Service (SaaS) application for visual feedback and collaboration on web pages, images, and PDF documents. Our platform enables teams to upload content, add annotations, manage tasks, and collaborate with internal team members and external stakeholders.
Data Controller: For the purposes of the GDPR, SaaS Experts, Inc. is the data controller for personal information collected through our Platform.
Data Protection Representative: For individuals in the EU/EEA, our designated EU representative can be contacted at: privacy+eu-representative@boastimage.com
3. Categories of Data Subjects
This Privacy Policy applies to the following categories of individuals:
- Software-as-a-Service (SaaS) Application Users: Individuals who create accounts and use our visual feedback and collaboration tools.
- Website Visitors: Individuals who visit boastimage.com or its subdomains.
- Support Recipients: Individuals who contact us for technical support or assistance.
- External Collaborators: Individuals who are granted access to view and comment on projects without creating a BoastImage account (loginless collaboration).
4.1 Account & Subscription Details
- Contact Information: When you create an account or subscribe to our services, we collect your name, email address, billing address, company information, and other details needed to manage your account and subscription.
- Payment Information: Payments are processed by third-party providers (e.g., Stripe, PayPal). We do not store complete credit card details on our servers.
- User Roles & Permissions: We collect information about user roles (administrator, employee, external viewer) and project access permissions.
4.2 SaaS Application Data
- Project Information: Project names, settings, descriptions, and organizational structure.
- Content Data: Web page captures, images (PNG, JPG, GIF), PDF documents, and related metadata uploaded to the platform.
- Annotation Data: Comments, annotations, conversation threads, and feedback added to content items.
- Task Data: Task information, assignments, status updates, and workflow data at both project and item levels.
- Version Data: Version history for content items, including previous versions and change tracking.
- Collaboration Data: Team member assignments, external collaborator access, sharing settings, and access codes.
- Usage Analytics: Platform usage patterns, feature utilization, and performance optimization data.
- Technical Information: IP addresses, browser types, device information, operating systems, and pages visited across our platform.
- Cookies & Tracking: We use cookies and similar technologies to improve user experience, analyze usage patterns, and provide personalized content. You can control cookie preferences through your browser settings.
4.4 Support & Communications
- Help Desk Communications: When you contact support, you may provide information such as account details, screenshots, error logs, or technical configurations.
- Marketing Communications: With appropriate consent, we collect email addresses and preferences for newsletters, product updates, and promotional content. You can unsubscribe at any time.
4.5 External Collaborator Data
- Loginless Collaboration: External collaborators can view and comment on projects without creating a BoastImage account. We collect minimal information necessary for collaboration, such as email addresses (if provided) and names (if provided) for comment attribution.
- Access Control: Project owners control who has access to their projects through sharing links and access codes. External collaborators’ access is limited to the specific projects they are invited to.
In accordance with the CCPA/CPRA, we collect the following categories of personal information:
- Identifiers: Names, email addresses, IP addresses, domain names, business identifiers.
- Commercial Information: Services purchased, subscription details, transaction history.
- Internet Activity: Browser information, website interaction data, search queries, platform usage.
- Geolocation Data: General location data based on IP address or business location.
- Professional Information: Company name, job title, business services, industry specialization.
- Inferences: Derived data about preferences, behaviors, or business characteristics based on platform usage.
5. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data on the following legal bases:
- Performance of Contract: Processing necessary to fulfill our contractual obligations, including providing SaaS services and delivering customer support.
- Legitimate Interests: Processing that serves our legitimate business interests, such as improving our Platform, ensuring security, preventing fraud, analyzing usage patterns, and marketing to existing customers, where these interests are not overridden by your rights and freedoms.
- Consent: Processing based on your specific, informed, and unambiguous consent, such as for marketing communications, certain cookies, or optional data sharing features. You have the right to withdraw consent at any time.
- Legal Obligation: Processing necessary to comply with applicable laws, regulations, tax requirements, or legal proceedings.
We only collect and process the minimum amount of data necessary for the stated purposes.
We use your information to provide, maintain, and improve our SaaS application services. This includes account management, subscription processing, feature delivery, and platform performance optimization.
Visual Feedback & Collaboration
We process uploaded content, annotations, comments, and task data to enable visual feedback workflows and team collaboration. This includes displaying annotations on content items, managing conversation threads, tracking task completion, and maintaining version history.
Customer Service & Support
Support communications and technical information help us troubleshoot issues, improve our Platform, and provide assistance.
Communication & Marketing
We send service-related communications including account updates, security notices, and platform changes. Marketing communications are sent only with appropriate consent and include opt-out mechanisms.
We analyze aggregated and anonymized usage data to improve platform functionality, develop new features, and optimize user experience. This helps us enhance our collaboration tools and maintain service quality.
Legal Compliance & Safety
We may process your information to comply with legal obligations, respond to legal claims, prevent fraud, or protect the rights and safety of users and the public.
Service Providers & Partners
We share limited personal information with third parties who perform services on our behalf (payment processors, hosting providers, email services, analytics tools). These providers are contractually required to protect your data and use it only for specified services.
Third-Party Integrations
With your authorization, we may share data with integrated services such as payment processors or analytics tools. You maintain control over these integrations and can revoke access at any time.
Legal Requirements & Safety
We may disclose your information if required by law or if we believe it is necessary to comply with legal obligations, enforce our terms, protect rights and property, or ensure user and public safety.
Business Transfers
If SaaS Experts, Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with continued protection under this Policy or notification of changes.
We do not sell your personal information to third parties for monetary or other valuable consideration as defined under the CCPA/CPRA. We do not share your personal information with third parties for cross-context behavioral advertising purposes.
8. Data Retention & Security
Data Retention Periods
- Account Information: Retained for the duration of your account plus 2 years for business records.
- SaaS Application Data: Projects, content items, annotations, comments, tasks, and collaboration data retained according to user settings and subscription terms, typically for the duration of active accounts plus historical access as needed.
- Transaction Data: Financial records retained for 7 years to comply with tax and accounting requirements.
- Support Communications: Retained for 2 years from resolution for service improvement.
- Marketing Preferences: Retained until you unsubscribe or withdraw consent.
Security Measures
We implement comprehensive safeguards including encryption of data in transit and at rest, access controls, regular security assessments, staff training, and incident response procedures. Our security measures are designed to protect against unauthorized access, alteration, disclosure, or destruction of your personal information. However, no method of transmission over the internet or electronic storage is completely secure.
Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities as required by applicable law, including GDPR requirements.
9. Your Rights & Choices
9.1 European Privacy Rights (GDPR)
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you, including your account information, project data, and collaboration records.
- Right to Rectification: You can request that we correct inaccurate or incomplete information in your account or other records.
- Right to Erasure: You can request that we delete your personal data (subject to certain exceptions for legal or business obligations).
- Right to Restriction of Processing: You can request that we restrict the processing of your data under certain circumstances.
- Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
- Right to Object: You can object to our processing of your personal data based on legitimate interests or for direct marketing.
- Right Against Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal effects.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.
To exercise these rights, please contact us using the details provided in the “Contact Us” section. We will respond to your request within 30 days.
9.2 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You can request information about the personal information we have collected, used, disclosed, and sold.
- Right to Delete: You can request the deletion of your personal information (subject to certain exceptions for legal obligations).
- Right to Opt-Out of Sale/Sharing: You can opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising.
- Right to Correct: You can request that we correct inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: You can limit the use and disclosure of sensitive personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To exercise these rights, you can:
- Submit a request via email to privacy@boastimage.com
- Use the “Do Not Sell My Personal Information” link in the footer of our website
We will verify your identity before responding to your request. You may designate an authorized agent to make requests on your behalf.
SaaS Application Users
- Account Management: You can update, modify, or delete your account information at any time through your account settings.
- Project Data Control: You can export, modify, or delete project data including content items, annotations, comments, tasks, and collaboration settings.
- Content Management: You can upload, replace, or delete content items (web pages, images, PDFs) and manage version history.
- Collaboration Control: You can invite or remove team members, manage external collaborator access, and control sharing settings for your projects.
All Users – General Rights
- Access & Correction: You can request to view, update, or correct your personal information by contacting us at privacy@boastimage.com.
- Data Deletion & Portability: You can request the deletion or portability of your personal data where applicable by law. We will honor requests as required but may retain certain data for legal or business obligations.
- Marketing Opt-Out: If you receive marketing emails from us, you can unsubscribe anytime by clicking the link in the email or contacting us directly.
- Cookie Control: Most web browsers allow you to control cookies through their settings. We provide a cookie consent banner on our website that allows you to select which categories of cookies you wish to accept. Disabling cookies may affect certain functionalities.
10. International Data Transfers
The personal information we collect may be transferred to and stored in countries outside of your jurisdiction, including the United States, where our servers are located. These countries may have different data protection laws than your country of residence.
For transfers from the European Economic Area (EEA) to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses in our agreements with service providers and partners.
- Data Processing Agreements: We enter into data processing agreements with all third-party service providers that access personal data of European Union (EU) residents.
- Adequacy Decisions: Where available, we rely on European Commission adequacy decisions for certain countries.
You can request a copy of these safeguards by contacting us using the details in the “Contact Us” section.
11. Third-Party Links & Integrations
BoastImage services may contain links to third-party sites or services. We are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party services you use.
When our Platform integrates with third-party services (such as payment processors or analytics tools), those services may collect data according to their own privacy policies. We recommend reviewing those policies before connecting such services.
Specific third-party integrations may include:
- Payment processors for subscription fees
- Analytics tools for platform improvement
- Browser extension distribution platforms (for our Chrome extension)
12. Children’s Privacy
Our Platform is intended for business and professional use and is not designed for children under the age of 16. We do not knowingly collect information from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately so we can remove it.
13. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience. We categorize cookies as follows:
- Strictly Necessary Cookies: Essential for website functionality, account access, and platform security. These cannot be disabled.
- Performance/Analytics Cookies: Help us understand how visitors interact with our website and platform features.
- Functional Cookies: Enable enhanced functionality, personalization, and remember your preferences.
- Targeting/Advertising Cookies: Used to deliver relevant advertisements and marketing content.
You can manage your cookie preferences through our cookie banner or your browser settings.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we do, we will post the updated version at https://boastimage.com/privacy and note the effective date.
If changes are significant, we will:
- Notify you by email (if we have your email address)
- Display a prominent notice on our website
- In some cases, obtain your consent again if required by law
Your continued use of BoastImage services after any revisions become effective indicates your acceptance of the updated Policy.
For questions related to data protection and privacy compliance, including General Data Protection Regulation (GDPR) inquiries, please contact us at:
Email: privacy@boastimage.com
Subject Line: “Data Protection Inquiry”
If you have questions or concerns regarding this Privacy Policy or our data practices, please reach out:
Email: privacy@boastimage.com
General Inquiries: support@boastimage.com
Postal Address: SaaS Experts, Inc., 136 Arthurs Rd, Troutman NC USA
For EU/EEA Inquiries: privacy+eu-representative@boastimage.com
For California Privacy Requests: privacy+california-privacy@boastimage.com
You also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.
</section>