Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how SaaS Experts, Inc. (“we,” “us,” “our”), the owner and operator of the BoastImage brand, collects, uses, and safeguards the personal information you (“you” or “your”) provide when using our visual feedback and collaboration application or related services (collectively, the “Platform”).

By using or accessing any BoastImage services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our Platform and refrain from providing any personal information.

This Privacy Policy has been drafted to comply with various privacy regulations including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable laws.

2. Who We Are

Company Name: SaaS Experts, Inc.

Brand: BoastImage (at https://boastimage.com)

Primary Purpose: We operate a Software-as-a-Service (SaaS) application for visual feedback and collaboration on web pages, images, and PDF documents. Our platform enables teams to upload content, add annotations, manage tasks, and collaborate with internal team members and external stakeholders.

Data Controller: For the purposes of the GDPR, SaaS Experts, Inc. is the data controller for personal information collected through our Platform.

Data Protection Representative: For individuals in the EU/EEA, our designated EU representative can be contacted at: privacy+eu-representative@boastimage.com

3. Categories of Data Subjects

This Privacy Policy applies to the following categories of individuals:

Software-as-a-Service (SaaS) Application Users: Individuals who create accounts and use our visual feedback and collaboration tools.
Website Visitors: Individuals who visit boastimage.com or its subdomains.
Support Recipients: Individuals who contact us for technical support or assistance.
External Collaborators: Individuals who are granted access to view and comment on projects without creating a BoastImage account (loginless collaboration).

4. Information We Collect

4.1 Account & Subscription Details

Contact Information: When you create an account or subscribe to our services, we collect your name, email address, billing address, company information, and other details needed to manage your account and subscription.
Payment Information: Payments are processed by third-party providers (e.g., Stripe, PayPal). We do not store complete credit card details on our servers.
User Roles & Permissions: We collect information about user roles (administrator, employee, external viewer) and project access permissions.

4.2 SaaS Application Data

Project Information: Project names, settings, descriptions, and organizational structure.
Content Data: Web page captures, images (PNG, JPG, GIF), PDF documents, and related metadata uploaded to the platform.
Annotation Data: Comments, annotations, conversation threads, and feedback added to content items.
Task Data: Task information, assignments, status updates, and workflow data at both project and item levels.
Version Data: Version history for content items, including previous versions and change tracking.
Collaboration Data: Team member assignments, external collaborator access, sharing settings, and access codes.
Usage Analytics: Platform usage patterns, feature utilization, and performance optimization data.

4.3 Website & Platform Analytics

Technical Information: IP addresses, browser types, device information, operating systems, and pages visited across our platform.
Cookies & Tracking: We use cookies and similar technologies to improve user experience, analyze usage patterns, and provide personalized content. You can control cookie preferences through your browser settings.

4.4 Support & Communications

Help Desk Communications: When you contact support, you may provide information such as account details, screenshots, error logs, or technical configurations.
Marketing Communications: With appropriate consent, we collect email addresses and preferences for newsletters, product updates, and promotional content. You can unsubscribe at any time.

4.5 External Collaborator Data

Loginless Collaboration: External collaborators can view and comment on projects without creating a BoastImage account. We collect minimal information necessary for collaboration, such as email addresses (if provided) and names (if provided) for comment attribution.
Access Control: Project owners control who has access to their projects through sharing links and access codes. External collaborators’ access is limited to the specific projects they are invited to.

4.6 Categories of Personal Information (for California Privacy Rights)

In accordance with the CCPA/CPRA, we collect the following categories of personal information:

Identifiers: Names, email addresses, IP addresses, domain names, business identifiers.
Commercial Information: Services purchased, subscription details, transaction history.
Internet Activity: Browser information, website interaction data, search queries, platform usage.
Geolocation Data: General location data based on IP address or business location.
Professional Information: Company name, job title, business services, industry specialization.
Inferences: Derived data about preferences, behaviors, or business characteristics based on platform usage.

For users in the European Economic Area (EEA), we process your personal data on the following legal bases:

Performance of Contract: Processing necessary to fulfill our contractual obligations, including providing SaaS services and delivering customer support.
Legitimate Interests: Processing that serves our legitimate business interests, such as improving our Platform, ensuring security, preventing fraud, analyzing usage patterns, and marketing to existing customers, where these interests are not overridden by your rights and freedoms.
Consent: Processing based on your specific, informed, and unambiguous consent, such as for marketing communications, certain cookies, or optional data sharing features. You have the right to withdraw consent at any time.
Legal Obligation: Processing necessary to comply with applicable laws, regulations, tax requirements, or legal proceedings.

We only collect and process the minimum amount of data necessary for the stated purposes.

6. How We Use Your Information

Platform Operation & Service Delivery

We use your information to provide, maintain, and improve our SaaS application services. This includes account management, subscription processing, feature delivery, and platform performance optimization.

Visual Feedback & Collaboration

We process uploaded content, annotations, comments, and task data to enable visual feedback workflows and team collaboration. This includes displaying annotations on content items, managing conversation threads, tracking task completion, and maintaining version history.

Customer Service & Support

Support communications and technical information help us troubleshoot issues, improve our Platform, and provide assistance.

Communication & Marketing

We send service-related communications including account updates, security notices, and platform changes. Marketing communications are sent only with appropriate consent and include opt-out mechanisms.

Platform Improvement & Analytics

We analyze aggregated and anonymized usage data to improve platform functionality, develop new features, and optimize user experience. This helps us enhance our collaboration tools and maintain service quality.

Legal Compliance & Safety

We may process your information to comply with legal obligations, respond to legal claims, prevent fraud, or protect the rights and safety of users and the public.

Service Providers & Partners

We share limited personal information with third parties who perform services on our behalf (payment processors, hosting providers, email services, analytics tools). These providers are contractually required to protect your data and use it only for specified services.

Third-Party Integrations

With your authorization, we may share data with integrated services such as payment processors or analytics tools. You maintain control over these integrations and can revoke access at any time.

Legal Requirements & Safety

We may disclose your information if required by law or if we believe it is necessary to comply with legal obligations, enforce our terms, protect rights and property, or ensure user and public safety.

Business Transfers

If SaaS Experts, Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with continued protection under this Policy or notification of changes.

No Sale of Personal Information

We do not sell your personal information to third parties for monetary or other valuable consideration as defined under the CCPA/CPRA. We do not share your personal information with third parties for cross-context behavioral advertising purposes.

8. Data Retention & Security

Data Retention Periods

Account Information: Retained for the duration of your account plus 2 years for business records.
SaaS Application Data: Projects, content items, annotations, comments, tasks, and collaboration data retained according to user settings and subscription terms, typically for the duration of active accounts plus historical access as needed.
Transaction Data: Financial records retained for 7 years to comply with tax and accounting requirements.
Support Communications: Retained for 2 years from resolution for service improvement.
Marketing Preferences: Retained until you unsubscribe or withdraw consent.

Security Measures

We implement comprehensive safeguards including encryption of data in transit and at rest, access controls, regular security assessments, staff training, and incident response procedures. Our security measures are designed to protect against unauthorized access, alteration, disclosure, or destruction of your personal information. However, no method of transmission over the internet or electronic storage is completely secure.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities as required by applicable law, including GDPR requirements.

9. Your Rights & Choices

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right to Access: You can request a copy of the personal data we hold about you, including your account information, project data, and collaboration records.
Right to Rectification: You can request that we correct inaccurate or incomplete information in your account or other records.
Right to Erasure: You can request that we delete your personal data (subject to certain exceptions for legal or business obligations).
Right to Restriction of Processing: You can request that we restrict the processing of your data under certain circumstances.
Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
Right to Object: You can object to our processing of your personal data based on legitimate interests or for direct marketing.
Right Against Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal effects.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise these rights, please contact us using the details provided in the “Contact Us” section. We will respond to your request within 30 days.

9.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You can request information about the personal information we have collected, used, disclosed, and sold.
Right to Delete: You can request the deletion of your personal information (subject to certain exceptions for legal obligations).
Right to Opt-Out of Sale/Sharing: You can opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising.
Right to Correct: You can request that we correct inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: You can limit the use and disclosure of sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise these rights, you can:

Submit a request via email to privacy@boastimage.com
Use the “Do Not Sell My Personal Information” link in the footer of our website

We will verify your identity before responding to your request. You may designate an authorized agent to make requests on your behalf.

9.3 Platform-Specific Rights & Choices

SaaS Application Users

Account Management: You can update, modify, or delete your account information at any time through your account settings.
Project Data Control: You can export, modify, or delete project data including content items, annotations, comments, tasks, and collaboration settings.
Content Management: You can upload, replace, or delete content items (web pages, images, PDFs) and manage version history.
Collaboration Control: You can invite or remove team members, manage external collaborator access, and control sharing settings for your projects.

All Users – General Rights

Access & Correction: You can request to view, update, or correct your personal information by contacting us at privacy@boastimage.com.
Data Deletion & Portability: You can request the deletion or portability of your personal data where applicable by law. We will honor requests as required but may retain certain data for legal or business obligations.
Marketing Opt-Out: If you receive marketing emails from us, you can unsubscribe anytime by clicking the link in the email or contacting us directly.
Cookie Control: Most web browsers allow you to control cookies through their settings. We provide a cookie consent banner on our website that allows you to select which categories of cookies you wish to accept. Disabling cookies may affect certain functionalities.

10. International Data Transfers

The personal information we collect may be transferred to and stored in countries outside of your jurisdiction, including the United States, where our servers are located. These countries may have different data protection laws than your country of residence.

For transfers from the European Economic Area (EEA) to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards such as:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses in our agreements with service providers and partners.
Data Processing Agreements: We enter into data processing agreements with all third-party service providers that access personal data of European Union (EU) residents.
Adequacy Decisions: Where available, we rely on European Commission adequacy decisions for certain countries.

You can request a copy of these safeguards by contacting us using the details in the “Contact Us” section.

11. Third-Party Links & Integrations

BoastImage services may contain links to third-party sites or services. We are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party services you use.

When our Platform integrates with third-party services (such as payment processors or analytics tools), those services may collect data according to their own privacy policies. We recommend reviewing those policies before connecting such services.

Specific third-party integrations may include:

Payment processors for subscription fees
Analytics tools for platform improvement
Browser extension distribution platforms (for our Chrome extension)

12. Browser Extension

The Boast Image browser extension (“Extension”) collects and processes the following data:

Authentication Data

We store authentication tokens in the extension’s local storage (chrome.storage.local) to maintain your login session across browser sessions. These tokens are encrypted and only used to authenticate API requests to Boast Image servers. We do not store passwords or other sensitive authentication credentials.

Screenshot Data

When you use the Extension to capture screenshots, the image data is temporarily stored in memory during the capture and save process. Screenshots are only transmitted to our servers when you explicitly choose to save them to your Boast Image account. We do not automatically collect, store, or transmit screenshot data. All captures require your explicit action to save.

Tab Information

The Extension monitors tab URL changes solely to detect successful authentication when you log in to Boast Image in a browser tab. This information is used only to synchronize your authentication state with the Extension. For screenshot capture, the Extension accesses the active tab’s visual content only when you explicitly trigger a capture. This data is not stored or transmitted until you choose to save it.

User Preferences

We store your last selected project ID in local extension storage to improve your user experience. This data remains on your device and is not transmitted to our servers except as part of the save operation.

Permissions Usage

activeTab: Used to capture visible content as screenshots when you request it
storage: Used to store authentication tokens and user preferences locally on your device
tabs: Used to detect authentication state and to capture tab content
scripting with <all_urls>: Used to inject content scripts for region selection functionality. Content scripts only run when you initiate a capture, and no data is collected from websites without your explicit action

Data Transmission

Screenshot data is only transmitted to Boast Image servers when you explicitly save an image to your account. Authentication tokens are transmitted only to authenticate API requests. Tab URLs are never transmitted to our servers except as part of screenshot metadata if you choose to include it.

Data Storage

All extension data is stored locally on your device using chrome.storage.local. Authentication tokens and preferences are stored locally and are not accessible to other extensions or websites. Screenshot data is temporarily stored in memory during capture and is cleared after saving or canceling.

Third-Party Access

The Extension does not share data with third parties. All data transmission is between your browser and Boast Image servers only.

13. Children’s Privacy

Our Platform is intended for business and professional use and is not designed for children under the age of 16. We do not knowingly collect information from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately so we can remove it.

Our website uses cookies and similar technologies to enhance user experience. We categorize cookies as follows:

Strictly Necessary Cookies: Essential for website functionality, account access, and platform security. These cannot be disabled.
Performance/Analytics Cookies: Help us understand how visitors interact with our website and platform features.
Functional Cookies: Enable enhanced functionality, personalization, and remember your preferences.
Targeting/Advertising Cookies: Used to deliver relevant advertisements and marketing content.

You can manage your cookie preferences through our cookie banner or your browser settings.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we do, we will post the updated version at https://boastimage.com/privacy and note the effective date.

If changes are significant, we will:

Notify you by email (if we have your email address)
Display a prominent notice on our website
In some cases, obtain your consent again if required by law

Your continued use of BoastImage services after any revisions become effective indicates your acceptance of the updated Policy.

16. Data Protection Contact

For questions related to data protection and privacy compliance, including General Data Protection Regulation (GDPR) inquiries, please contact us at:

Email: privacy@boastimage.com
Subject Line: “Data Protection Inquiry”

17. Contact Us

If you have questions or concerns regarding this Privacy Policy or our data practices, please reach out:

Email: privacy@boastimage.com
General Inquiries: support@boastimage.com
Postal Address: SaaS Experts, Inc., 136 Arthurs Rd, Troutman NC USA
For EU/EEA Inquiries: privacy+eu-representative@boastimage.com
For California Privacy Requests: privacy+california-privacy@boastimage.com

You also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.