Privacy policy

Last updated: Septempber 2025

Your privacy matters. This Policy explains what data Boble collects, why we collect it, how we share it with payment processors and Merchants, and your rights — including special protections for minors under COPPA.

1. Who We Are

Boble, Inc. (“Boble,” “we,” “our,” or “us”) operates an all-in-one SaaS platform enabling businesses (“Merchants”) to sell digital products, accept payments, and host branded communities for their customers (“Buyers” or “Community Members”). We are headquartered in the United States.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: name, email address, password, profile photo.

• Business information (Merchants): business name, address, tax ID, payment processor credentials, subscription tier.

• Payment information: billing address and payment method details (processed securely via your chosen processor — Boble does not store full card numbers).

• Identity verification (Merchants): government-issued ID, EIN or SSN, business registration documents required for KYC and AML compliance.

• Content: digital products, posts, messages, and other content you upload or share on the platform.

2.2 Information Collected Automatically

• IP address, browser type, device identifiers, and operating system.

• Pages visited, features used, time spent, and clickstream data.

• Cookies and similar tracking technologies (see Section 7).

2.3 Information from Third Parties

• Payment processors may share transaction status and fraud signals with us.

• If you connect a third-party service, we receive data you authorize that service to share.

• Identity verification services may share verification results with us.

3. How We Use Your Information

• Provide, operate, and improve the Boble platform and community features.

• Process payments and payouts between Merchants and their customers.

• Send transactional emails (receipts, security alerts, product updates).

• Personalize your experience and surface relevant content.

• Detect and prevent fraud, abuse, and policy violations.

• Comply with legal obligations including KYC, AML, OFAC sanctions screening, and tax reporting.

• Enforce our Terms of Service.

• With your consent, send marketing communications (you may opt out at any time).

4. How We Share Your Information

We do not sell your personal information. We share data only as follows:

4.1 With Merchants

If you purchase from or join a community hosted by a Merchant, that Merchant receives your name, email, and purchase details necessary to fulfill your order and manage their community. Merchants are independently responsible for handling this data in accordance with applicable privacy laws.

4.2 With Payment Processors

To enable payment processing, Boble shares the following data with your connected processor (Boble Payments, Stripe, PayPal, or other supported processors):

• Transaction amounts and metadata.

• Buyer email addresses and billing information (as required by the processor).

• Merchant business and payout details.

Each processor handles this data under its own privacy policy. By using a processor integration, you consent to this data sharing.

4.3 With Service Providers

Cloud hosting, analytics, email delivery, identity verification, and fraud prevention vendors — all bound by data processing agreements.

4.4 For Legal Reasons

When required by law, court order, subpoena, or to protect the safety of users or the public. This includes mandatory reporting of CSAM to NCMEC and cooperation with law enforcement investigations.

4.5 Business Transfers

In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Financial records may be retained for up to seven (7) years to comply with tax and financial reporting requirements. You may request deletion of your account at any time (see Section 8).

6. Security

We use industry-standard safeguards including TLS encryption in transit, encrypted storage, access controls, and regular security audits. No system is completely secure; please use a strong, unique password and notify us immediately of any suspected unauthorized access at security@boble.com.

7. Cookies & Tracking

We use cookies and similar technologies for authentication, security, analytics, and remembering your preferences. You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

8. Your Privacy Rights

Depending on your location, you may have the right to:

• Access, correct, or delete your personal data.

• Object to or restrict certain processing.

• Data portability (receive a copy of your data in a machine-readable format).

• Withdraw consent at any time where processing is based on consent.

• Lodge a complaint with a supervisory authority (if applicable).

To exercise these rights, email privacy@boble.com.

9. Children’s Privacy & COPPA Compliance

9.1 Our Default Policy

Boble does not direct its platform to children under 13 and does not knowingly collect personal information from children under 13 without verifiable parental consent. If we discover that we have collected personal information from a child under 13 without parental consent, we will delete it within 30 days.

9.2 What COPPA Requires

COPPA is a U.S. federal law that requires: a clear privacy policy; verifiable parental consent before collecting personal information from children under 13; parental ability to review, correct, or delete their child’s information; minimal data collection; and reasonable data security practices.

9.3 Verifiable Parental Consent

FTC-recognized methods for verifiable parental consent include: signed consent form via mail, fax, or electronic scan; credit/debit card with parental notification; toll-free phone number staffed by trained personnel; video conference verification; and government-issued ID verification. Email confirmation alone is not sufficient.

9.4 Parental Rights

Parents and legal guardians of children under 13 may at any time: review their child’s personal information; request corrections or deletion; refuse further collection; and consent to collection without consenting to third-party disclosure. Contact privacy@boble.com for Boble-level requests, or the relevant Merchant for community-specific requests.

9.5 Data Retention for Minors

Personal information collected from children is retained only as long as necessary for the service. Upon parental request or account deletion, all personal information for users under 13 is deleted within 30 days.

9.6 Merchant Obligations

If a Merchant operates a community directed to or including users under 13, the Merchant is independently subject to COPPA and must collect verifiable parental consent, publish a COPPA-compliant privacy policy, and limit data collection. See Section 13.2 of our Terms of Service for full Merchant obligations.

9.7 Reporting

Report COPPA violations to compliance@boble.com or the FTC at ftc.gov/report.

10. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes by email or prominent in-platform notice at least 14 days before they take effect.