Skip to main content
BoostLLMs
Get started free

Legal

Privacy Policy

Last updated: May 21, 2026

1. Who We Are

BoostLLMs is the data controller for personal data processed in connection with the Service, in line with the EU General Data Protection Regulation (GDPR) and applicable national data-protection law.

2. What We Collect

We collect only what we need to provide the Service:

  • Account data: email address, hashed password, account creation timestamp, optional display name.
  • Project data: domains you add, scan results, generated schema markup, llms.txt content, audit history.
  • Billing data: processed by Stripe; we receive customer ID, subscription status, last 4 digits and brand of payment card. We do not see or store full card numbers.
  • Usage data: request logs, error events, feature interactions, IP address, user agent — used for security, debugging, and product analytics.
  • Anonymous scan data: for unauthenticated Quick Scans, we store the URL, scan results, and the requesting IP address (rate-limited) but no identifying account.

3. How We Use It

  • Deliver the Service: run scans, generate schema and llms.txt, serve the JavaScript snippet.
  • Process payments and manage subscriptions through Stripe.
  • Authenticate sessions and protect against fraud or abuse.
  • Communicate operationally (security alerts, billing receipts, important changes).
  • Improve the product — aggregated, de-identified analytics where possible.

4. Legal Bases (GDPR)

  • Contract: processing necessary to provide the Service you signed up for.
  • Legitimate interest: security monitoring, fraud prevention, product improvement.
  • Legal obligation: tax and accounting records related to billing.
  • Consent: any marketing email beyond transactional notifications; revocable at any time.

5. Who We Share Data With

We use the following processors and infrastructure providers:

  • Stripe (USA / Ireland) — payment processing.
  • Supabase (Singapore / EU regions) — database, authentication, file storage.
  • Cloudflare (USA) — CDN, DNS, and DDoS protection for the JavaScript snippet at cdn.boostllms.com.
  • Hostinger (EU) — application hosting.
  • Third-party web crawling and content extraction services — used to fetch and parse public pages of domains audited via Pro Scan and schema generation.

We do not sell your data. We do not share personal data with third parties for their own marketing purposes.

6. International Transfers

Some processors operate outside the European Economic Area. Where that is the case, we rely on appropriate safeguards including European Commission Standard Contractual Clauses (SCCs).

7. Retention

We retain account data while your account is active, plus a reasonable archival window after deletion to satisfy legal and accounting obligations (typically up to 7 years for tax records). Quick Scan results for unauthenticated visitors are retained for up to 90 days. Pro Scan audit history is retained for the lifetime of your project unless you delete it.

8. Your Rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (subject to legal retention obligations).
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time (for processing based on consent).
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.

To exercise any of these rights, contact us at [email protected].

9. Cookies and Local Storage

We use essential cookies and local storage to keep you signed in, remember your theme preference (light/dark/system), and operate the dashboard. We do not use advertising cookies or cross-site trackers. If we add analytics that involves cookies in the future, we will update this policy and request consent where required.

10. The BoostLLMs JavaScript Snippet

The snippet served at cdn.boostllms.com/s.js only fetches JSON-LD schema markup keyed by the current URL and host. It does not collect personal data about your site visitors, does not set cookies, and does not contact any third-party advertising network.

11. Security

We use encryption in transit (HTTPS), encrypted database storage, hashed passwords, row-level access controls, and access logging. No system is perfectly secure, but we work to protect your data and disclose breaches promptly where required by law.

12. Children

The Service is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can delete it.

13. Changes to This Policy

We may update this policy. Material changes will be communicated by email or in-product notice. The “Last updated” date at the top reflects the latest revision.

14. Contact

Privacy questions, data requests, or complaints? Email [email protected]. We respond within 30 days as required by GDPR.