1. Who We Are and What This Policy Covers
Bootheo LLC ("Bootheo," "we," "us," or "our") operates the Bootheo platform — a mobile and web application for photo booth operators to manage events, gear, crew, clients, and business lifecycle activities. This Privacy Policy explains what personal information we collect, how we use it, and how we handle it when you use our services at bootheo.com and associated applications.
This policy applies to all users of the Bootheo platform, including account owners, organization members, and staff users. By creating an account or using Bootheo, you agree to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account registration information: name, email address, and password (or OAuth credentials if you sign in via Google or Apple)
- Organization details: business name, business address, and branding assets you upload
- Operational data you enter: event records, gear inventory, service history, crew assignments, venue profiles, contact records, and run-of-show templates
- Client and contact information you enter into the platform on behalf of your business
- Communications you send to us, including support requests
2.2 Information Collected Automatically
- Log data: IP address, browser type, device identifiers, pages visited, and timestamps
- Usage data: features used, actions taken within the platform, and session duration
- Cookies and similar technologies used to maintain your session and remember preferences
2.3 Information from Third Parties
- Payment information: when you subscribe to a Bootheo plan, payments are processed by Stripe. We receive a confirmation of payment and a Stripe customer identifier. We do not store your full credit card number.
- Authentication providers: if you use Google Sign-In or Apple Sign-In, we receive your name and email address from those providers as permitted by your settings with them.
3. How We Use Your Information
We use the information we collect to:
- Create and maintain your account and organization
- Provide, operate, and improve the Bootheo platform
- Process subscription payments and manage billing through Stripe
- Send transactional communications: account confirmations, password resets, invitation emails, and service notices
- Respond to support requests and troubleshoot issues
- Monitor platform security, detect fraud, and enforce our Terms of Service
- Comply with legal obligations
We do not sell your personal information. We do not use your data for advertising or share it with third parties for their own marketing purposes.
4. How We Share Your Information
We share your information only in the following circumstances:
4.1 Within Your Organization
If you are a member of a Bootheo organization, the organization owner and other members with appropriate permissions may see your name, profile information, and the operational data you contribute (event records, assignments, etc.). This is inherent to the collaborative nature of the platform.
4.2 Service Providers
We share data with third-party vendors who help us operate the platform, under confidentiality obligations:
- Supabase: database hosting and authentication infrastructure
- Stripe: payment processing and subscription management
- Resend: transactional email delivery
- Expo / Apple / Google: mobile application distribution and push notifications
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Bootheo LLC, our users, or the public.
4.4 Business Transfers
If Bootheo LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the platform before your information is transferred and becomes subject to a different privacy policy.
5. Data Retention and Account Deletion
This section describes exactly how your data is handled when an account or organization is deleted. We have designed this process to be transparent and predictable.
5.1 Active Account Retention
We retain your personal information and operational data for as long as your account is active. If you discontinue use without formally deleting your account, we will retain your data until you request deletion or we otherwise close your account.
5.2 Account Deletion Process
When you initiate account or organization deletion through the Bootheo settings:
Immediate: Your access is revoked at the moment you submit the deletion request. You will be signed out and will not be able to log in or access your data during the grace period.
30-day grace window: Your data enters a soft-deleted state for 30 days. During this period, if you believe the deletion was made in error, you may contact us at privacy@bootheo.com to request restoration. Restoration during this window is handled by our support team; there is no self-service undo in the current version.
Permanent purge: After 30 days, your data is permanently and automatically deleted from our systems. This deletion is irreversible. We will purge: your user record, your organization record, all events, gear inventory and service history, contacts, client records, venue profiles, staff assignments, templates, invitation records, and all uploaded files (event attachments, gear photos, branding assets).
5.3 What Is Retained After Deletion
A small category of data is intentionally retained after permanent purge for legitimate legal and operational reasons. We disclose this retention explicitly:
Stripe customer record: Your Stripe customer object is retained by Stripe and referenced by us for financial, tax, and chargeback purposes, as required by financial recordkeeping obligations. This record does not include your operational Bootheo data; it is limited to billing and payment history.
Deletion audit record: We retain a narrow audit record of the deletion event itself — capturing who initiated the deletion, when it occurred, and what organizational scope was deleted. This record survives the purge and is used for internal compliance and dispute resolution. It does not contain your operational data.
5.4 Member vs. Organization Owner Deletion
The scope of deletion differs depending on your role:
Organization owner deleting the organization: All data described in Section 5.2 is permanently purged, subject only to the retentions in Section 5.3.
Staff member or team member deleting their own account: Your personal account record is deleted. However, operational data you contributed to the organization — event records, gear entries, assignments, etc. — is reassigned to the organization and continues to exist under organization ownership. Your name is removed from those records and replaced with a neutral label ("Former Team Member"). The organization's operational continuity is not disrupted by a member's departure.
This distinction matters: if you are a staff member, deleting your Bootheo account removes you from the platform but does not erase the operational records you contributed. If you require full erasure of your contributed data, see Section 7 (Your Rights).
6. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Maintain your authenticated session
- Remember your preferences within the platform
- Collect aggregate usage analytics to improve the platform
We do not use third-party advertising cookies. You may disable cookies in your browser settings, but doing so may prevent you from using certain features of the platform, including staying logged in.
7. Your Rights
7.1 Access and Correction
You may access and update your personal information through your account settings at any time. For information you cannot update yourself, contact us at privacy@bootheo.com.
7.2 Deletion
You may delete your account through the Settings section of the Bootheo dashboard. See Section 5 for the full deletion process and what is retained. For staff members who need erasure of contributed operational data beyond what standard deletion provides, contact us at privacy@bootheo.com with a specific erasure request.
7.3 Data Portability
You may request an export of your personal data by contacting us at privacy@bootheo.com. We will provide your data in a commonly used, machine-readable format within 30 days of a verified request.
7.4 Objection and Restriction
You may object to or request restriction of certain processing of your personal data. We will evaluate such requests and respond within 30 days.
7.5 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, disclose, and sell (we do not sell personal information). You have the right to delete your personal information, subject to certain exceptions. You have the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at privacy@bootheo.com.
7.6 European Union / EEA and United Kingdom Residents (GDPR / UK GDPR)
If you are located in the European Union, European Economic Area, or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR (as applicable), including the right to access, rectify, erase, restrict processing of, and port your personal data, and the right to object to processing. Our lawful basis for processing your data is primarily the performance of our contract with you (providing the Bootheo service) and our legitimate interests in operating and improving the platform.
For erasure requests: routine account deletion results in the reassignment and anonymization of contributed operational data as described in Section 5.4. If you require full erasure of your identity from contributed records, contact us at privacy@bootheo.com with a GDPR or UK GDPR erasure request. We will assess and respond within 30 days.
To lodge a complaint, you may contact your local data protection authority (in the UK, the Information Commissioner's Office). Bootheo LLC is operated from Florida, USA. EU-U.S. data transfers are made pursuant to Standard Contractual Clauses (EU Commission Implementing Decision 2021/914, Module Two: controller to processor) incorporated into Bootheo LLC's Data Processing Agreement with Supabase, Inc. A Transfer Impact Assessment has been completed and is retained on file. The same transfer framework covers UK-to-US transfers under the UK GDPR, as Supabase's DPA includes the UK Addendum to the SCCs approved by the UK ICO.
8. Data Security
We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS) and at rest, access controls, and secure authentication infrastructure. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
If you believe your account has been compromised, contact us immediately at privacy@bootheo.com.
9. Children's Privacy
Bootheo is a business operations platform intended for use by adults. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a minor, we will delete it promptly. If you believe we have inadvertently collected information from a minor, please contact us at privacy@bootheo.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by a prominent notice within the platform at least 14 days before the changes take effect. Your continued use of Bootheo after the effective date of a revised policy constitutes your acceptance of the changes.
The current version of this policy is always available at bootheo.com/privacy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us:
Bootheo LLC
Email: privacy@bootheo.com
Website: bootheo.com
Florida, United States
We will respond to all legitimate requests within 30 days.