Privacy Policy

SocialBoost Digital Ltd. ("we," "us," "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information obtained through our website at socialboostdigital.com and our associated services.

This Policy is compliant with the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR post-Brexit, and the California Consumer Privacy Act (CCPA) for California residents. Where applicable law provides stronger protections, those protections apply.

We act as a Data Controller under GDPR for personal data collected through our platform. Our legal bases for processing personal data include contractual necessity (processing orders), legitimate interest (fraud prevention, service improvement), and consent (marketing communications).

We collect the following categories of information:

Information You Provide Directly:

• Public social media profile URLs or usernames submitted when placing orders (e.g., your Instagram handle or YouTube channel URL). We do not collect or require account passwords.
• Email address, submitted for order confirmations, support communications, and newsletter subscriptions.
• Payment information, processed exclusively through PCI-DSS compliant third-party processors (Stripe). We never receive or store full card numbers.
• Support communications: messages sent to our team via email, live chat, or support ticket systems.

Information Collected Automatically:

• IP address and approximate geographic location (city/country level) for fraud prevention and service optimization.
• Browser type, device type, operating system, and screen resolution for analytics and compatibility.
• Pages visited, time spent on site, referral source, and click patterns via anonymized analytics platforms.
• Session identifiers for maintaining cart state and authenticated portal sessions.

Your information is used for the following legitimate purposes:

• Processing and delivering your orders to the specified public profile URLs.
• Sending order confirmation, delivery status updates, and support responses to your email address.
• Fraud detection, account security, and abuse prevention.
• Improving service quality, delivery systems, and platform performance through aggregated, anonymized analytics.
• Sending periodic marketing communications to subscribers who have opted in, with clear unsubscribe mechanisms in every message.
• Legal compliance: retaining transaction records as required by applicable financial regulations.

We will not use your personal data for any purpose incompatible with the purposes described in this Policy without first obtaining your explicit consent or being otherwise permitted by applicable law.

SocialBoost Digital implements technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. Our security infrastructure includes:

• 256-bit AES encryption for all data at rest, including customer databases, order records, and email logs.
• TLS 1.3 encryption for all data in transit between your browser and our servers.
• SOC 2 compliant infrastructure providers (Supabase, Cloudflare, Vercel) for data storage and network delivery.
• Access controls limiting personal data access to authorized personnel with verified need-to-know.
• Regular security audits and penetration testing of our platform infrastructure.
• Automatic session expiration and re-authentication requirements for client portal access.

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We notify affected users within 72 hours of becoming aware of any personal data breach that poses a risk to their rights and freedoms, in compliance with GDPR Article 33.

Our Algorithmic Safety Verified™ delivery protocol operates entirely without account access. If any representative claiming to work for SocialBoost Digital requests your social media password, treat this as a phishing attempt and report it to security@socialboostdigital.com immediately.

We share personal data only in the following limited circumstances:

• With payment processors (Stripe) to complete transactions — subject to their independent privacy policies and PCI-DSS compliance.
• With email service providers (for transactional and marketing communications) — limited to the email address and first name only.
• With analytics providers using anonymized, aggregated data that cannot be used to identify individual users.
• With law enforcement, regulatory bodies, or legal authorities when required by valid legal process, court order, or mandatory disclosure obligation.
• With a successor entity in the event of a merger, acquisition, or sale of substantially all assets — with prior notice to users and equivalent privacy protections maintained.

Our platform integrates with third-party services including Stripe (payments), Cloudflare (CDN and security), Supabase (database), Vercel (hosting), and analytics platforms. Each operates under its own privacy policy and security standards.

Our blog and intelligence reports may contain links to external websites and publications. This Privacy Policy does not apply to external sites. We encourage you to review the privacy policies of any third-party sites you visit.

We use essential cookies required for platform functionality (session management, cart persistence, authentication) and optional analytics cookies to understand aggregate usage patterns. We do not use third-party advertising tracking cookies.

You can control cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to place and receive orders. A full Cookie Policy is available at /legal/cookies.

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal minimum retention requirements:

• Order records and transaction data: 7 years (financial regulatory compliance).
• Email communications and support tickets: 3 years from last interaction.
• Session logs and access records: 90 days.
• Marketing subscriber data: until unsubscription, then deleted within 30 days.
• Account data for registered portal users: until account deletion request, subject to legal hold obligations.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for direct marketing purposes at any time.
• Right to Restriction: Request that we restrict processing while a dispute is under review.
• CCPA Rights (California residents): Right to know, right to delete, right to opt-out of sale (we do not sell data), and right to non-discrimination for exercising privacy rights.

To exercise any of these rights, contact privacy@socialboostdigital.com with "Privacy Request" in the subject line. We respond within 30 days (GDPR) or 45 days (CCPA) of verified request receipt.

SocialBoost Digital's Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a minor, we will delete that information promptly. Parents or guardians who believe their child has submitted personal information to our platform should contact privacy@socialboostdigital.com.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email to registered users at least 14 days before the effective date. The updated Policy will be posted on this page with a revised effective date.

For all privacy-related inquiries, data subject requests, or concerns about our data practices:

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For UK users: the Information Commissioner's Office (ICO) at ico.org.uk.