Privacy Policy

1Overview & Scope

This Privacy Policy describes how boobie.ai Technologies LLC ("Company," "we," "us," or "our"), a Nevada limited liability company, collects, uses, stores, shares, and protects personal information in connection with the boobie.ai platform, website, applications, APIs, and related services (collectively, the "Services").

This Policy applies to all users of the Services worldwide and is designed to comply with applicable global privacy laws, including but not limited to: the European Union General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Children's Online Privacy Protection Act ("COPPA"), and other applicable state, national, and international privacy regulations.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to our data practices, please discontinue use of the Services.

Our Commitment: We do not sell your personal information. We collect only what is necessary to provide and improve our Services, and we handle your data with the utmost care, transparency, and respect for your privacy rights.

2Data We Collect

We collect information in the following categories:

2.1 Account Information

When you register for an account, we collect:

Full name and display name
Email address
Password (stored in hashed/encrypted form — we never store plaintext passwords)
Profile information you choose to provide (bio, photo, professional details)
Account preferences and settings
Subscription tier and account status

2.2 Payment Information

Payment processing is handled exclusively by Stripe, Inc., a PCI DSS-compliant payment processor. We do not store full credit card numbers, CVV codes, or bank account numbers on our servers. We receive and retain from Stripe:

Billing name and address
Last four digits of payment card
Card type and expiration date (tokenized)
Transaction history and subscription status
Stripe customer ID for billing purposes

2.3 Usage Data

We automatically collect information about how you interact with the Services:

IP address and approximate geographic location (city/country level)
Browser type, version, and language settings
Operating system and device type
Pages visited, features used, and time spent on the platform
API call logs, request metadata, and error logs
Referral sources and exit pages
Performance and diagnostics data

2.4 Voice Call Recordings & Transcripts

If you use voice-related features of the Services (including AI voice synthesis, voice call tools, or recording capabilities), we may collect:

Voice recordings and audio samples you submit or create
Transcripts generated from voice recordings
Voice biometric data (where applicable and with your explicit consent)
Metadata associated with voice sessions (duration, timestamps, quality metrics)

Notice regarding voice data: Voice recordings may be used to train, improve, or personalize AI models. Where required by law (e.g., Illinois BIPA), we obtain explicit written consent before collecting biometric voice data. You may opt out of voice data use for AI training at any time through your account settings or by contacting privacy@boobie.ai.

2.5 Cookies & Tracking Technologies

We use cookies and similar tracking technologies as described in Section 5 below.

2.6 Communications

When you contact us for support, feedback, or other inquiries, we retain the content of those communications and your contact information to respond and improve our Services.

2.7 User Content

Content you upload, create, or submit through the Services, including audio files, scripts, project files, and other creative materials.

Data Category	Legal Basis (GDPR)	Purpose
Account Information	Contract performance	Account creation & management
Payment Information	Contract performance, Legal obligation	Billing & fraud prevention
Usage Data	Legitimate interest	Service improvement & security
Voice Recordings	Consent / Contract performance	Service delivery & AI model improvement
Cookies	Consent / Legitimate interest	Analytics & functionality
Communications	Legitimate interest	Customer support

3How We Use Your Data

We use the information we collect for the following purposes:

Service Delivery: To create and manage your account, process payments, provide access to features and tools, and fulfill our contractual obligations to you.
Platform Improvement: To analyze usage patterns, diagnose technical issues, develop new features, and enhance the performance and security of the Services.
AI Model Training & Improvement: To train, fine-tune, and improve our artificial intelligence systems (where you have not opted out and where permitted by law).
Personalization: To tailor the Services to your preferences, recommend relevant features, and provide a customized user experience.
Communications: To send transactional emails (account confirmations, billing receipts, security alerts), product updates, and — with your consent — marketing communications. You may opt out of marketing emails at any time.
Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, policy violations, and other illegal or harmful activity.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests; to enforce our Terms and Conditions; and to protect the rights, property, and safety of the Company, our users, and the public.
Business Operations: To conduct internal analytics, audits, research, and planning to support our business objectives.

We will not use your personal data for purposes materially different from those described above without providing you with prior notice and, where required, obtaining your consent.

4Data Sharing

We do not sell, rent, or trade your personal information to any third party for monetary or other valuable consideration. Full stop.

We may share your data with the following categories of recipients only as necessary to provide the Services or as required by law:

4.1 Service Providers

We engage carefully vetted third-party service providers who process data on our behalf, bound by contractual data processing agreements that prohibit them from using your data for any purpose other than providing services to us. These include:

Stripe, Inc. — Payment processing and billing
Cloud infrastructure providers — Hosting, storage, and compute (e.g., AWS, Google Cloud)
Email service providers — Transactional and communications delivery
Analytics providers — Usage analytics and performance monitoring (data anonymized/aggregated where possible)
Security and fraud prevention vendors — Identity verification and threat detection

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law; (b) protect our legal rights; (c) prevent fraud or criminal activity; or (d) protect the safety of our users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, financing, or corporate restructuring, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Services prior to any such transfer and inform you of your rights regarding your data.

4.4 Aggregated & De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with partners, researchers, or the public for industry analysis, trend reporting, or educational purposes.

5Cookies & Tracking

We use cookies and similar technologies (web beacons, pixels, local storage) to operate and improve the Services. The types of cookies we use include:

Cookie Type	Purpose	Can Be Disabled?
Strictly Necessary	Authentication, security, session management — required for the Services to function.	No (required)
Functional	Remembering your preferences, settings, and personalization choices.	Yes
Analytics	Understanding usage patterns and performance to improve the Services (e.g., page views, feature engagement).	Yes
Marketing / Targeting	Delivering relevant advertising and measuring campaign effectiveness (only where you have consented).	Yes

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling non-essential cookies may affect some features of the Services. For EU/UK users, we obtain your consent before placing non-essential cookies in accordance with GDPR/PECR requirements.

We do not currently respond to browser-level "Do Not Track" (DNT) signals, but we respect Global Privacy Control (GPC) signals where required by applicable law.

6Data Retention

We retain your personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, and comply with our legal obligations. Our general retention guidelines are:

Account data: Retained for the duration of your active account, plus up to 3 years after account closure (to handle post-termination disputes, legal claims, and compliance requirements).
Payment records: Retained for 7 years as required by applicable tax and financial regulations.
Voice recordings and transcripts: Retained for the duration of your active subscription, unless you request earlier deletion. De-identified audio used for model training may be retained longer in aggregated form.
Usage logs and analytics: Typically retained for 12–24 months in identifiable form, then anonymized or deleted.
Support communications: Retained for 3 years from date of last contact.
Marketing consent records: Retained as long as legally required to demonstrate compliance.

When data is no longer required, we securely delete or anonymize it using industry-standard methods. You may request earlier deletion of your data as described in Section 7.

7Your Rights

Depending on your location and applicable law, you have the following rights with respect to your personal information. We honor all legally applicable rights globally:

Right of Access Request a copy of the personal data we hold about you.

Right to Correction Request correction of inaccurate or incomplete personal data.

Right to Deletion Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to Portability Receive your data in a structured, machine-readable format and transfer it to another provider.

Right to Restrict Processing Request that we limit how we use your data in certain circumstances.

Right to Object Object to processing based on legitimate interests, including profiling and direct marketing.

Withdrawal of Consent Withdraw consent at any time where processing is based on your consent, without affecting prior lawful processing.

Non-Discrimination Exercise your privacy rights without receiving discriminatory treatment or degraded service.

To exercise any of these rights, please submit a request to privacy@boobie.ai with the subject line "Privacy Rights Request." We will respond within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your applicable data protection authority (e.g., your EU supervisory authority or the UK Information Commissioner's Office) if you believe we have violated applicable privacy law.

8Children's Privacy

The Services are strictly intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13.

In compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, and its implementing regulations, we do not direct the Services to children, and we do not knowingly collect, maintain, or use personal information from children under 13 years of age. Users between 13 and 17 are also prohibited from using the Services without verifiable parental or guardian consent.

If we discover or are notified that we have inadvertently collected personal information from a child under 13, we will promptly take reasonable steps to delete such information from our records. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@boobie.ai.

We do not condition participation in the Services on a child's disclosure of more personal information than is reasonably necessary. Any accounts found to be created by users under 13 will be terminated upon discovery.

9Security Measures

We implement comprehensive technical, organizational, and administrative safeguards to protect your personal information against unauthorized access, loss, destruction, alteration, or disclosure. Our security measures include:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at rest: Sensitive data stored in our databases is encrypted using AES-256 or equivalent encryption standards.
Access controls: Strict role-based access controls limit employee and contractor access to personal data on a need-to-know basis.
Password security: User passwords are salted and hashed using industry-standard algorithms (e.g., bcrypt); plaintext passwords are never stored or transmitted.
Multi-factor authentication: Available and encouraged for all user accounts; required for administrative access.
Regular security assessments: We conduct periodic penetration testing, vulnerability assessments, and security audits.
Incident response: We maintain a data breach response plan. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable regulators as required by law (GDPR Art. 33/34: within 72 hours; CCPA: within applicable timeframes).
Employee training: All personnel with access to personal data receive privacy and security training.

While we employ robust security measures, no system is completely impenetrable. We cannot guarantee absolute security of your data. If you discover a security vulnerability, please report it responsibly to privacy@boobie.ai.

10International Transfers

boobie.ai Technologies LLC is incorporated in the United States and operates primarily from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other jurisdictions, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs): Where required by GDPR, we enter into European Commission-approved Standard Contractual Clauses with data recipients.
UK International Data Transfer Agreements (IDTAs): For transfers from the United Kingdom in accordance with UK GDPR.
Adequacy decisions: Where applicable, we rely on adequacy decisions by the European Commission recognizing the destination country as providing adequate data protection.

By using the Services, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this Policy.

11California Residents — CCPA/CPRA

This section applies to California residents and supplements the information above in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Cal. Civ. Code §§ 1798.100 et seq.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by CCPA: Identifiers; Personal Records; Commercial Information; Internet/Electronic Activity; Audio, Electronic, Visual, or Similar Information; Professional or Employment Information; and Inferences drawn from any of the above.

11.2 Your California Rights

California residents have the right to:

Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, the business purposes, and the categories of third parties with whom it is shared.
Delete: Request deletion of personal information, subject to certain exceptions.
Correct: Request correction of inaccurate personal information.
Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Limit Sensitive PI Use: Limit the use and disclosure of sensitive personal information to certain permitted purposes.
Non-Discrimination: Not receive discriminatory treatment for exercising your CCPA rights.

11.3 Submitting California Requests

To exercise your California rights, contact us at privacy@boobie.ai with subject "CCPA Privacy Request." We will respond within 45 days (extendable by an additional 45 days with notice). We may need to verify your identity using information already in our records. You may designate an authorized agent to make requests on your behalf by providing written authorization or a power of attorney.

11.4 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

12EU & UK Residents — GDPR

This section applies to individuals in the European Economic Area (EEA) and the United Kingdom and supplements the information above in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK GDPR.

12.1 Data Controller

boobie.ai Technologies LLC acts as the data controller with respect to your personal data processed in connection with the Services. For GDPR-related inquiries, please contact our Data Protection Officer at privacy@boobie.ai.

12.2 Legal Bases for Processing

We rely on the following legal bases to process your personal data (as indicated in the data table in Section 2):

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Services and fulfill our agreement with you.
Legitimate interests (Art. 6(1)(f)): Processing for security, fraud prevention, analytics, and service improvement, where not overridden by your rights.
Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable laws (e.g., tax and financial record-keeping).
Consent (Art. 6(1)(a)): Processing for marketing communications, non-essential cookies, and voice biometric data, where you have given explicit consent.
Vital interests (Art. 6(1)(d)): Processing necessary to protect the vital interests of you or another natural person in emergency situations.

12.3 GDPR Rights

Under GDPR, you have the rights described in Section 7 above. You may exercise these rights by contacting privacy@boobie.ai. We will respond within 30 days (extendable by an additional 60 days for complex requests, with notice).

12.4 Supervisory Authority

You have the right to lodge a complaint with your EU Member State's data protection supervisory authority or, for UK residents, the Information Commissioner's Office (ICO) at ico.org.uk, if you believe we have infringed applicable data protection law.

12.5 Data Protection Officer

We have designated a Data Protection Officer (DPO) responsible for overseeing our data protection compliance. You may contact our DPO directly at privacy@boobie.ai with subject line "DPO Inquiry."

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page;
Notify you by email to the address associated with your account;
Display a prominent banner or notification within the Services; and/or
Where required by law, obtain your consent before the change takes effect.

Non-material changes (e.g., clarifications, grammar corrections, or updated contact details) may be made without specific notice. We encourage you to review this Policy periodically to stay informed of our data practices.

Continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the changes.

14Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

boobie.ai Technologies LLC
Privacy & Data Protection
Email: privacy@boobie.ai

For legal notices, please also send a copy to compliance@boobie.ai.

We are committed to resolving privacy complaints promptly and fairly. If you are unsatisfied with our response, you retain the right to escalate to your applicable data protection authority as described in Sections 11 and 12.

§ Table of Contents