Skip to main content
Boomfire

Home Privacy Policy

Privacy Policy

Last updated: 26 May 2026. Operator: Boomfire, United States.

This Privacy Policy explains how Boomfire ("we", "us") processes personal data when you use Boomfire (the "Service"). We process data in line with the EU General Data Protection Regulation (GDPR) and applicable national law.

1. Data controller

Boomfire
Illinois, USA
United States
Email: legal@boomfire.com

2. Categories of personal data

  • Account data: email address, display name, password hash (if you register with email), profile avatar URL, theme and settings preferences.
  • Dashboard content: widgets you install, layouts, notes, bookmarks, RSS subscriptions, and other content you choose to store in the Service.
  • OAuth data: if you sign in with Google or Facebook, we receive identifiers and profile fields permitted by those providers.
  • Usage and technical data: IP address, browser type, session identifiers, timestamps, and server logs needed to operate and secure the Service.
  • Communications: messages you send to support and notification content we deliver in the app.

3. Purposes and legal bases (Art. 6 GDPR)

  • Provide the Service (contract, Art. 6(1)(b)): account creation, authentication, syncing dashboards, running widgets you install.
  • Security and abuse prevention (legitimate interests, Art. 6(1)(f)): fraud detection, rate limiting, incident response.
  • Legal compliance (legal obligation, Art. 6(1)(c)): records we must keep under applicable law.
  • Product improvement (legitimate interests, Art. 6(1)(f)): aggregated, non-identifying statistics about feature usage.
  • Marketing communications (consent, Art. 6(1)(a), where applicable): only if you opt in; you may withdraw consent at any time.

4. Cookies and similar technologies

We use strictly necessary cookies and local storage for authentication, session continuity, and guest dashboard preferences. Optional cookies or third-party widgets are described in our Cookie Policy. Non-essential technologies are used only after you consent where required.

5. Recipients and processors

We may share data with:

  • Hosting and infrastructure providers that operate our servers and databases.
  • Authentication providers (Google, Facebook) when you choose those sign-in methods.
  • Email or notification delivery services, if enabled.
  • Professional advisers or authorities when legally required.

We use written agreements with processors that require GDPR-compliant handling. We do not sell your personal data.

6. International transfers

If data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or an adequacy decision, unless a narrower legal exception applies.

7. Retention

  • Account and dashboard data: kept while your account is active and for a reasonable period after deletion for backups and legal claims.
  • Server logs: typically up to 90 days unless needed for security investigations.
  • Guest local data: stored in your browser until you clear it; not synced to our servers unless you sign in and choose to sync.

8. Your rights

Under GDPR you may have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate data.
  • Erase data ("right to be forgotten") where applicable.
  • Restrict or object to certain processing.
  • Data portability for data you provided in a structured, commonly used format.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with your local supervisory authority.

To exercise your rights, email legal@boomfire.com. We respond within one month unless the request is complex. For step-by-step account and OAuth data deletion, see our Data Deletion Instructions.

9. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Art. 22 GDPR.

10. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. Contact us if you believe a child has provided personal data.

11. Changes

We may update this policy. Material changes will be highlighted in the Service or by email where appropriate. Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.