Privacy Policy
Effective date: May 27, 2026 Last updated: May 27, 2026
Boon ("Boon," "we," "us," or "our") is operated as a sole proprietorship by Minhaz Us Salakeen Fahme, based at House 8, Road 2, Block J, Baridhara, Dhaka 1212, Bangladesh.
This Privacy Policy explains what personal information Boon collects when you visit useaboon.com, buy a Boon for someone, or redeem a Boon as a recipient. It also explains what we do with that information, who we share it with, and the rights you have over it.
We've written this in plain language. We're a small operation, and we'd rather tell you clearly what happens to your data than hide it behind boilerplate. If anything here is unclear, write to us at privacy@useaboon.com and we'll explain.
1. Who this policy applies to
This policy applies to three groups of people:
- Buyers — people who purchase a Boon as a gift for someone else.
- Recipients — people who receive a Boon and redeem it to use Claude.
- Visitors — people who browse useaboon.com without buying or redeeming.
Different parts of this policy apply to different groups. We'll be explicit about which is which.
2. The information we collect
When you visit useaboon.com (visitors)
Our landing site is hosted by Netlify (USA). Netlify automatically logs basic information about visitors — IP address, browser type, pages visited, referring site. This is standard server-log information used to keep the site running and detect abuse. We don't use this information to build profiles of you.
We do not currently run third-party analytics, advertising trackers, or behavioural cookies on the landing site. If that changes, we'll update this policy and the site will tell you before setting cookies.
When you buy a Boon (buyers)
To process a purchase, we collect:
- Your name and email address.
- The recipient's name and email address.
- The personal message and occasion you choose to include with the gift.
- Your payment information — which is collected directly by our payment processor, Stripe. Boon does not see, store, or have access to your full card number. We receive only a record of the transaction (amount, status, last four digits of the card, country) so we know your payment succeeded.
If you choose to send the gift anonymously, the recipient will see "Someone sent you a Boon" instead of your name in the gift email, but we still retain your buyer record internally so we can support you if something goes wrong (e.g. the recipient's email bounces and we need to contact you).
When you redeem a Boon (recipients)
To redeem and use your Boon, we collect:
- Your email address and name, via our authentication provider Clerk (so you can sign in to chat).
- Your chat conversations with Claude — the messages you send and the responses you receive.
- The prompts you submit for image generation and the images that are generated as a result.
- Basic usage information — which gift you're using, how many credits you've used, when you last used it.
The chat conversations and generated images are stored so that you can come back later and continue where you left off. We don't read them in the normal course of operating Boon.
Information you can't avoid giving us
Some information is automatically collected by the systems Boon runs on, regardless of what you do:
- Server logs — IP addresses, browser identifiers, timestamps, URLs, error traces. Kept for operational reasons (security, debugging) for up to 90 days.
- Authentication tokens — Clerk sets cookies on your browser when you sign in. These are required for you to stay logged in. Clerk's cookie policy is part of its own privacy notice (see Section 5).
3. What we do with your information
We use the information above for the following purposes:
- To deliver Boon to you. Processing your purchase, sending the gift email, letting the recipient sign in and chat, generating images, deducting credits from the balance, sending you a receipt.
- To support you when something goes wrong. If a gift email bounces, we contact the buyer. If you write to us at hello@useaboon.com or privacy@useaboon.com, we use your email address to reply.
- To keep Boon running and safe. Detecting abuse, debugging errors, fixing bugs, preventing fraud. Technical limits on response length and per-gift balance caps are enforced using the usage information we collect.
- To meet our legal obligations. Tax records, fraud investigation, responding to lawful requests from authorities.
We do not:
- Sell your personal information.
- Share your personal information with advertisers.
- Use your chat conversations or generated images to train AI models.
- Use your chat conversations or generated images for any purpose other than operating Boon for you.
4. The legal basis we rely on (for EU/UK users)
If you're in the European Union, the United Kingdom, or another jurisdiction that has equivalent rules, we want you to know the specific legal basis we rely on for processing your data:
- Contract (Article 6(1)(b) of GDPR) — for everything required to deliver the Boon you bought or received. Processing your payment, sending the gift email, running the chat, generating images, tracking credit balances.
- Legitimate interest (Article 6(1)(f) of GDPR) — for security, abuse prevention, debugging, and basic server logs. We've considered your interests and think these uses are proportionate and expected.
- Legal obligation (Article 6(1)(c) of GDPR) — for tax records, fraud investigation, and responses to lawful government requests.
- Consent (Article 6(1)(a) of GDPR) — we'll ask for it explicitly if we ever do anything not covered by the bases above (e.g. marketing emails to recipients).
You can withdraw consent or object to legitimate-interest processing by writing to privacy@useaboon.com.
5. The third parties we share information with (sub-processors)
Boon is a small operation built on top of established service providers. The following companies receive some of your personal information in order to deliver Boon to you. Each of them has its own privacy policy, and we've linked to it.
| Provider | What they do for Boon | What they receive | Where |
|---|---|---|---|
| Vercel, Inc. | Hosts the Boon application | All data passing through the app (server logs, requests) | USA |
| Netlify, Inc. | Hosts useaboon.com landing site | Basic visitor logs | USA |
| Stripe, Inc. | Processes your payment | Name, email, payment information, transaction record | USA |
| Clerk, Inc. | Handles sign-in and authentication | Email, name, authentication tokens | USA |
| Supabase, Inc. | Database and file storage | Most of the data described in Section 2 (chat history, gift records, generated images) | USA |
| Anthropic PBC | Provides the Claude model that powers chat | The messages you send to Claude and the conversation context | USA |
| OpenAI, L.L.C. | Provides the image generation model | The prompts you submit for image generation | USA |
| Resend, Inc. | Sends transactional emails (gift emails, receipts, bounce notifications) | Email addresses, personal messages, gift codes | USA |
| ImprovMX | Forwards inbound email from hello@useaboon.com and privacy@useaboon.com to our personal inbox | Any email you send to us | EU |
Each provider acts as a processor under GDPR — meaning they handle your data on our instructions, not for their own independent purposes. We chose providers that publish their own GDPR-compliant data processing addenda and offer standard contractual clauses (SCCs) for international data transfers.
Important note on AI providers. Anthropic and OpenAI process the content you send through Claude and the image generator respectively. They have their own privacy policies governing what they do with that data, including their own data retention and (in some cases) training-data policies. We use their API products, which under their published terms means they do not train models on your prompts and outputs by default. If those terms change, we'll update this policy.
6. International data transfers
Most of our sub-processors are based in the United States. If you're in the EU, UK, or another jurisdiction with data-protection laws, your personal information will be transferred outside that jurisdiction when you use Boon.
We rely on Standard Contractual Clauses (SCCs) published by the European Commission for these transfers, which our sub-processors include in their service terms. You can request a copy of the relevant transfer mechanism for any specific sub-processor by writing to privacy@useaboon.com.
Bangladesh, where Boon is operated from, does not currently have an adequacy decision from the European Commission. The operational data we hold (your buyer or recipient record) is stored on Supabase's US infrastructure, not on servers in Bangladesh. Founder access from Bangladesh is governed by the SCC framework above.
7. How long we keep your information
| Data type | Retention period |
|---|---|
| Buyer records (name, email, gift purchased) | Retained while the gift is active, plus 7 years after expiry for tax and accounting purposes. |
| Recipient account (name, email, authentication) | Retained while you have any active gift or remaining credits, plus a reasonable wind-down period after all gifts have expired. |
| Chat conversations and generated images | Retained while the associated gift remains usable — that is, until expiry (one year from purchase) or, for gifts redeemed in the last 30 days before expiry, until the end of the 30-day grace period. After that, associated chat conversations and images may be deleted as part of regular data minimization. You can also delete individual conversations from the chat interface at any time. |
| Server logs | Up to 90 days. |
| Email content (sent through Resend) | Up to 60 days, in Resend's standard event log. |
| Tax and payment records | 7 years (or longer if required by Bangladesh tax law or your local jurisdiction). |
If you want your data deleted earlier than these defaults allow, write to privacy@useaboon.com — see Section 8 for what we can do.
8. Your rights
You have the following rights regarding the information we hold about you. These rights are strongest under GDPR (EU/UK) and CCPA (California), but we extend them to all users regardless of where you live.
- Access. You can ask us for a copy of the personal information we hold about you.
- Correction. You can ask us to fix information that's wrong or incomplete.
- Deletion. You can ask us to delete your personal information. Some data we may need to keep for legal reasons (tax records, fraud investigation), but we'll be specific about what we can and can't delete.
- Portability. You can ask for your data in a structured, machine-readable format.
- Objection. You can object to processing we do on the basis of legitimate interest.
- Withdrawal of consent. Where we rely on consent, you can withdraw it at any time.
For California residents specifically, you also have the right to know what categories of personal information we sell or share (we don't), and the right not to be discriminated against for exercising these rights.
To exercise any of these rights, email privacy@useaboon.com. We'll respond within 30 days. We may need to verify your identity before acting on a request — usually by confirming you have access to the email address on the relevant Boon account.
If you're in the EU or UK and feel we haven't handled your request properly, you have the right to complain to your local data protection authority. We'd appreciate the chance to fix it first, though.
9. Children
Boon's minimum ages are:
- Buyers must be 18 or older. Purchasing a Boon is a commercial contract, and we don't enter into contracts with minors.
- Recipients must be 16 or older. Boon stores personal information including chat conversations and generated images, and we extend our service to recipients on this basis.
If you believe someone under these ages is using Boon, write to privacy@useaboon.com and we'll deactivate their account and delete their information.
These age minimums are also stated in our Terms of Service.
10. Security
We protect your information using:
- Encrypted connections (TLS) for all traffic between you and Boon.
- Encrypted storage at rest for the database and file storage, as provided by Supabase.
- Service-role authentication between the Boon application and our database — meaning the database isn't directly accessible from the browser.
- Strong password and authentication policies provided by Clerk, including support for multi-factor authentication.
- Hardcoded spending and usage caps that limit the consequences of any compromised account.
No system is perfectly secure. If we ever discover a breach affecting your personal information, we'll notify you and the relevant authorities within the timeframes required by law (72 hours under GDPR).
11. Cookies
Boon uses cookies (small files stored on your browser) for the following purposes:
- Authentication. Required for you to stay signed in. Set by Clerk.
- Session continuity. Required for the app to remember your current conversation. Set by Boon.
We do not currently use cookies for analytics, advertising, or tracking across other websites. If we ever start doing so, we'll update this policy and request your consent through a cookie banner in advance.
12. Changes to this policy
We'll update this policy when our practices change or when the law requires it. The "Last updated" date at the top of the page reflects the most recent change.
When we make a material change — meaning a change that affects what we do with your data in a way you might care about — we'll let you know by email at least 30 days before it takes effect, for any user with an active Boon. Minor changes (typos, clarifications, adding a sub-processor that doesn't change what we do with your data) are made silently.
You can subscribe to receive notice of any change at all by writing to privacy@useaboon.com.
13. Contacting us
For anything related to your data — questions, requests, complaints — write to:
For general support, write to:
For postal correspondence:
Minhaz Us Salakeen Fahme House 8, Road 2, Block J Baridhara, Dhaka 1212 Bangladesh
We aim to respond to all data-related requests within 30 days. If a request is complex or you've sent a lot of follow-ups, we may take longer — but we'll tell you we're doing so.
Boon is an independent gifting concierge. We're not affiliated with Anthropic, OpenAI, or any of the other providers listed above; we use their products to deliver Boon to you under their respective developer terms.