Privacy Policy (GDPR Compliant)

Last updated: 3 October 2025
Valid in the EU & EEA

1. Data Controller

Boostified AB
Malmö, Sweden
info@boostifiedpay.com

2. Personal Data We Collect

2.1 User Account Data

  • Full name

  • Email address

  • Password (encrypted)

  • Profile information

  • Notification preferences

2.2 Workspace Data

  • Workspace name and settings

  • Team member emails

  • Uploaded Workspace Content

  • Logs and activity data

  • Workspace billing settings

2.3 Technical & Usage Data

  • IP address

  • Device identifiers

  • Browser and operating system

  • Login timestamps

  • Navigation and feature usage

2.4 Billing Data

  • Payment method

  • Transaction history

  • VAT and invoicing details

2.5 Communication Data

  • Emails sent from BOOSTIFIED—Pay

  • Responses and support messages

3. How We Use Your Data

We process your personal data to:

  • Provide and operate the platform

  • Secure and authenticate User accounts

  • Process payments and subscriptions

  • Improve platform performance

  • Deliver customer support

  • Send service announcements and product updates

  • Send marketing communications (opt-out available)

  • Comply with EU legal obligations (tax, accounting, fraud prevention)

4. Legal Basis under GDPR

BOOSTIFIED—Pay processes data under the following legal bases:

  • Contract (Art. 6(1)(b)) – to provide the service

  • Legitimate Interest (Art. 6(1)(f)) – product improvement, security, fraud prevention

  • Consent (Art. 6(1)(a)) – marketing emails and newsletters

  • Legal Obligation (Art. 6(1)(c)) – tax, accounting, and compliance requirements

5. Sharing of Data

We may share data with:

  • Payment processors

  • Hosting and cloud providers

  • Analytics and monitoring tools

  • Integration partners

  • Legal authorities when required

We do not sell personal data.

All processors operate under GDPR-compliant agreements.

6. International Transfers

Data may be transferred outside the EU/EEA only when adequate safeguards exist, such as:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • GDPR-compliant data processing agreements

7. Data Retention

We retain:

  • User account data while the account is active

  • Workspace content until deleted by the Workspace Owner

  • Billing data for 7 years as required by EU accounting law

  • Technical logs only as long as necessary for security and diagnostics

8. Your GDPR Rights

You may request at any time:

  • Access to your personal data

  • Correction of inaccurate data

  • Deletion (“right to be forgotten”)

  • Restriction of processing

  • Data portability

  • Objection to processing based on legitimate interest

  • Withdrawal of consent (for marketing emails)

To exercise your rights, contact: privacy@boostifiedpay.com

You may lodge a complaint with your national Data Protection Authority.

9. Cookies & Tracking

BOOSTIFIED—Pay uses cookies and similar technologies for authentication, performance monitoring, analytics, and personalization.
A cookie banner will allow you to accept, reject, or manage categories of cookies in compliance with the ePrivacy Directive and GDPR.

10. Security Measures

We implement industry-standard measures including:

  • Encryption in transit and at rest

  • Access controls

  • Regular security audits

  • Monitoring and intrusion detection

  • Secure development practices

No system is fully secure, but we work continuously to protect your data.

11. Automated Decision-Making

BOOSTIFIED—Pay does not perform automated decision-making that produces legal or significant effects under GDPR Article 22.

12. Changes to This Policy

We may update this Privacy Policy from time to time.
Continued use of the platform after updates constitutes acceptance.

13. Contact Information

For questions, rights requests, or concerns:

Boostified AB
Kärleksgatan 2A, Malmö
211 49
info@boostifiedpay.com