Legal · Optin8 / BoothIQ

Privacy Policy

We believe privacy is a product feature, not a legal obligation. This document explains exactly what data BoothIQ collects, why we collect it, who sees it, and how you can control it. No legalese. No surprises.

Effective: April 16, 2025Last updated: April 16, 2025

01 — Data Collection

Information We Collect

BoothIQ collects only the information necessary to deliver its booth intelligence services. We operate on a principle of data minimisation — if we don't need it, we don't take it.

Account & Organisation Data

  • Name, email address, and password (hashed) when you sign up
  • Organisation name, industry, and payment details
  • User role (Admin, Manager, or Volunteer) assigned within your org

Lead & Event Data

  • Scanned business card images (processed in-session, not retained as raw images)
  • Lead contact information: name, email, phone, company, and job title
  • Questionnaire responses and qualification notes entered by your team
  • AI-generated lead scores, enrichment data, and score reasoning
  • Campaign metadata: event name, city, date range

Usage & Device Data

  • Device identifier (used for single-session enforcement, not for advertising)
  • App version, platform (iOS/Android/Web), and session timestamps
  • Network status (online/offline) to manage the sync queue

02 — Purpose

How We Use Your Data

Every piece of data we collect has a specific, documented purpose. We do not sell your data. We do not use it for advertising. We do not train general AI models on your leads without explicit consent.

DataPurposeLegal Basis
Account infoAuthentication & access controlContract
Lead contact dataCore product functionalityContract
AI scoring inputsLead qualification & enrichmentLegitimate interest
Device IDSingle-session securityLegitimate interest
Push tokensIn-app notificationsConsent
Usage analyticsProduct improvementLegitimate interest

03 — AI & Automation

AI Processing & Third-Party Models

BoothIQ uses two AI models to deliver its core intelligence features. We are transparent about exactly what data each model receives.

Claude (Anthropic)

Optical Character Recognition for business card parsing

A photo of the business card, cropped in-session. Raw images are not stored on our servers after parsing is complete.

Gemini (Google)

Lead enrichment, AI scoring & email draft generation

Lead contact fields (name, email, company, role) and questionnaire responses. No PII beyond what is needed for the specific inference.

Both Anthropic and Google operate under enterprise data processing agreements that prohibit using submitted data to train their public models. BoothIQ subscribes to the enterprise tier of both services specifically for this protection.

AI scoring is asynchronous and advisory only. A volunteer never manually assigns a score — the AI suggests, and your team decides. No automated decision with legal or significant effect is made solely by AI.

04 — Sharing

Who We Share Data With

BoothIQ does not sell, rent, or trade your data. We share data only with the following categories of sub-processors, each engaged under a binding data processing agreement:

Supabase

Database, authentication & real-time infra

US / EU

Anthropic

Business card OCR (Claude API)

US

Google DeepMind

Lead enrichment & scoring (Gemini API)

US / EU

Expo / EAS

Mobile build pipeline & push notifications

US

Stripe (future)

Payment processing (campaign-credit purchases)

US / EU

We may disclose data if required by law, court order, or to protect the rights, property, or safety of BoothIQ, its users, or the public.

05 — Security

Data Security

We apply defence-in-depth security across the BoothIQ stack. No system is 100% secure, but these controls represent the current state of our posture:

Encryption in transit

All client-server communication uses TLS 1.3. API keys are never sent to the client.

Encryption at rest

Supabase encrypts all database data at rest using AES-256. Backups are encrypted separately.

Row-Level Security

Supabase RLS policies ensure every query is scoped to the authenticated organisation. Cross-org data access is structurally impossible.

Single-device session

Each user account is tied to one device at a time. New logins invalidate the previous session, reducing account takeover risk.

Key management

Service role keys are never exposed to the client. The Next.js server proxy validates all privileged requests.

Offline queue isolation

Offline lead data is stored in AsyncStorage on-device and encrypted. It is flushed only after authenticated sync.

06 — Your Rights

Your Rights & Choices

Depending on your jurisdiction (including GDPR in the EU/EEA and applicable Indian data protection law), you have the following rights over your personal data:

Access

Request a copy of all personal data we hold about you.

Rectification

Correct inaccurate or incomplete personal data.

Erasure

Request deletion of your account and associated personal data. Note: lead data owned by an organisation is the organisation's data — individual team members cannot delete it unilaterally.

Portability

Export your leads and campaigns in CSV/JSON format at any time from the web dashboard.

Restriction

Ask us to restrict processing of your data in specific circumstances.

Objection

Object to processing based on legitimate interest, including profiling.

Withdraw consent

Revoke push notification consent at any time in the app settings.

To exercise any of these rights, email privacy@optin8.com. We will respond within 30 days (or as required by applicable law).

07 — Retention

Data Retention

We retain data for as long as your organisation account is active, plus a short post-deletion grace period for recovery purposes.

Account & org data

Duration of active account + 60 days post-deletion

Lead & campaign data

Duration of active account + 60 days post-deletion

Business card images

Purged immediately after OCR parsing (not stored)

AI enrichment results

Duration of active account (stored in lead record)

Session logs

90 days rolling

Push notification tokens

Until revoked or app uninstalled

Billing records

7 years (statutory requirement)

You may request early deletion of your data at any time by contacting privacy@optin8.com. Deletion is irreversible.

08 — Contact

Contact & DPO

BoothIQ is a product of Optin8. For all privacy-related enquiries, data subject requests, or to reach our Data Protection point of contact:

Optin8

Privacy & Data Protection

privacy@optin8.comoptin8.com

If you are in the EU/EEA and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local supervisory authority.

Policy Changes

We may update this policy to reflect product changes or regulatory requirements. Material changes will be announced in-app and by email to account admins at least 14 days in advance. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of BoothIQ after the effective date constitutes acceptance of the updated policy.