Privacy Policy
BoostGood Privacy Policy
Effective date: 13 March 2026
Last updated: 13 March 2026
This Privacy Policy explains how Except Integrated Sustainability BV ("BoostGood," "we," "us," or "our") collects, uses, stores, and protects personal data when you use the BoostGood platform ("Service"). This policy is provided in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), specifically Articles 13 and 14.
1. Data Controller
The data controller for the processing described in this Privacy Policy is:
Except Integrated Sustainability BV
Registered in the Netherlands
Contact: hello@boostgood.eco
Website: boostgood.eco
For questions or requests related to your personal data, you can contact us at hello@boostgood.eco.
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1. Account Information
- Full name
- Email address
- Organization name
- Account credentials (passwords are stored in hashed form only)
- Role within the organization (e.g., administrator, user)
2.2. Billing Information
- Billing address
- Payment method details (processed and stored by Stripe; we do not store full credit card numbers)
- Invoice history and payment records
2.3. Chat and AI Interaction Data
- Conversations with AI models conducted through the chatbot interface
- Prompts, queries, and AI-generated responses
- Model selection and usage preferences
2.4. Uploaded Documents and Files
- Files uploaded to the cloud storage component (Nextcloud)
- Documents added to the knowledge base
- Any personal data contained within those files
2.5. Usage Data
- Login timestamps and session duration
- Feature usage patterns (which tools are used and how frequently)
- AI credit consumption
- Error logs and system events related to your account
2.6. Technical Data
- IP address
- Browser type and version
- Operating system
- Device type
3. Purposes of Processing
We process your personal data for the following purposes:
| Purpose | Data categories used |
|---|---|
| Providing and operating the Service | Account info, chat data, uploaded files, usage data |
| User authentication and account management | Account info, technical data |
| Billing and payment processing | Billing info, account info |
| Processing AI queries through third-party models | Chat data, usage data |
| Improving the Service and fixing bugs | Usage data, technical data, error logs |
| Communicating with you about the Service | Account info (name, email) |
| Complying with legal obligations | Billing info, account info |
| Preventing fraud and ensuring security | Technical data, usage data, account info |
4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6(1):
4.1. Contract Performance (Art. 6(1)(b))
Processing that is necessary to perform our contract with you, including:
- Providing the Service as described in the Terms of Service
- Managing your account
- Processing payments
- Delivering AI functionality
4.2. Legitimate Interest (Art. 6(1)(f))
Processing that is necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes:
- Improving and optimizing the Service
- Ensuring platform security and preventing abuse
- Analyzing usage patterns in aggregate to guide product development
- Sending service-related communications (e.g., maintenance notices, security alerts)
4.3. Legal Obligation (Art. 6(1)(c))
Processing that is necessary to comply with legal obligations, including:
- Retaining billing records for 7 years as required by Dutch tax law (Algemene Wet inzake Rijksbelastingen)
- Responding to lawful requests from authorities
4.4. Consent (Art. 6(1)(a))
Where applicable, we may process data based on your explicit consent, for example for marketing communications. You may withdraw consent at any time by contacting us at hello@boostgood.eco.
5. Sub-Processors
We use the following third-party sub-processors to deliver the Service. Each sub-processor processes data only for the specific purpose described.
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Anthropic | AI model provider (Claude) | Chat prompts and responses | United States |
| OpenAI | AI model provider (GPT) | Chat prompts and responses | United States |
| Google (Gemini) | AI model provider (Gemini) | Chat prompts and responses | EU/United States |
| Mistral | AI model provider | Chat prompts and responses | France (EU) |
| DeepSeek | AI model provider | Chat prompts and responses | China |
| Stripe | Payment processing | Billing info, payment details | United States (with EU entity) |
| Contabo | VPS hosting infrastructure | All service data (encrypted at rest) | Germany (EU) |
| Hetzner | VPS hosting infrastructure | All service data (encrypted at rest) | Germany/Finland (EU) |
| Scaleway | Transactional email delivery | Email addresses, email content | France (EU) |
We maintain written data processing agreements with each sub-processor, as required by GDPR Article 28.
6. International Data Transfers
Some of our sub-processors are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for each transfer:
6.1. Transfers to the United States (Anthropic, OpenAI, Stripe)
These transfers are protected by the EU-U.S. Data Privacy Framework, where the recipient is certified, or by Standard Contractual Clauses (SCCs) adopted by the European Commission.
6.2. Transfers to China (DeepSeek)
Transfers to DeepSeek are protected by Standard Contractual Clauses (SCCs). We have conducted a transfer impact assessment for this transfer. Please note: if you prefer not to have your data processed by DeepSeek, you can avoid selecting DeepSeek models in the chatbot interface. Using DeepSeek models is entirely optional.
6.3. Data minimization for AI providers
When your queries are sent to AI model providers, only the conversation content necessary to generate a response is transmitted. Account information, billing data, and other personal data are not shared with AI model providers.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account information | Duration of active subscription + 90 days | Required for service delivery and post-cancellation data export |
| Chat and AI interaction data | Duration of active subscription + 90 days | Stored on your dedicated VPS |
| Uploaded files | Duration of active subscription + 90 days | Stored on your dedicated VPS |
| Usage and technical data | Duration of active subscription + 90 days | Service improvement and troubleshooting |
| Billing records | 7 years from the transaction date | Dutch tax law requirement |
| Personal data after purge | Permanently deleted | PII is scrubbed upon purge after the 90-day archive period |
After subscription termination, your data is archived for 90 days. During this period, you may request data export. After the archive period, all personal data is permanently deleted from our systems, except for billing records which are retained for the legally required period with personal identifiers minimized.
8. Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:
8.1. Right of Access (Art. 15)
You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
8.2. Right to Rectification (Art. 16)
You have the right to request correction of inaccurate personal data or completion of incomplete data.
8.3. Right to Erasure (Art. 17)
You have the right to request deletion of your personal data, subject to legal retention obligations (e.g., billing records).
8.4. Right to Restriction of Processing (Art. 18)
You have the right to request that we restrict processing of your personal data in certain circumstances, for example while we verify the accuracy of your data.
8.5. Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
8.6. Right to Object (Art. 21)
You have the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
8.7. Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
8.8. Exercising Your Rights
To exercise any of these rights, contact us at hello@boostgood.eco. We will respond to your request within 30 days. If we need additional time (up to 60 additional days for complex requests), we will notify you within the initial 30-day period.
We may request verification of your identity before processing your request to protect against unauthorized access.
9. Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The relevant authority for the Netherlands is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Postal address: Postbus 93374, 2509 AJ Den Haag, Netherlands
Phone: +31 (0)70 888 8500
You may also lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
10. Cookies and Tracking
10.1. Website Analytics
We use Plausible Analytics for website analytics on boostgood.eco. Plausible is a privacy-focused analytics tool that does not use cookies and does not collect personal data. It provides aggregate statistics only.
10.2. Essential Cookies
The Service may use strictly necessary cookies (e.g., session cookies for authentication) to ensure proper functioning. These cookies are exempt from consent requirements under the ePrivacy Directive because they are essential for the service you have requested.
10.3. No Third-Party Tracking
We do not use third-party advertising trackers, social media pixels, or similar tracking technologies on the Service or our website.
11. Security Measures
We implement appropriate technical and organizational measures to protect personal data, including:
- Data isolation: Each client's data is stored on a dedicated virtual private server (VPS), ensuring physical separation from other clients' data
- Encryption in transit: All data transmitted between your browser and the Service is encrypted using TLS 1.2 or higher
- Encryption at rest: Data stored on VPS instances is encrypted at the filesystem level
- Access controls: Administrative access to client VPS instances is restricted to authorized personnel and protected by SSH key authentication
- Authentication: User passwords are hashed using industry-standard algorithms; multi-factor authentication is available
- Monitoring: We monitor for unauthorized access attempts and security anomalies
- Backups: Regular automated backups are maintained and encrypted
For a detailed description of our technical and organizational measures, please refer to the Data Processing Agreement.
12. Children's Data
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at hello@boostgood.eco, and we will take steps to delete such data.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last updated" date at the top of this policy
- For material changes, we will notify you via email or through the Service at least 30 days before the changes take effect
- We will make the previous version available upon request
Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the changes.
14. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:
Except Integrated Sustainability BV
Email: hello@boostgood.eco
Website: boostgood.eco
Except Integrated Sustainability BV
hello@boostgood.eco
boostgood.eco