Effective date: March 18, 2026

Privacy policy

This privacy policy ("Policy") describes how Boom Logic / The Boom Company ("we", "us", or "our") collects, uses, and protects information when you use the BCRM platform ("Service"). We are committed to protecting your privacy and handling your data responsibly.

1. Information we collect

We collect information in three categories: account information you provide, usage data we collect automatically, and CRM data you upload.

Account information

When you create an account, we collect your name, email address, and password. If you sign up through a social provider (Google, GitHub), we receive your name and email from that provider. Organization owners may provide billing information (processed by Stripe — we do not store credit card numbers). Team members' names and email addresses are collected when they are invited to an organization.

Usage data

We automatically collect information about how you use the Service, including pages visited, features used, BoomCredit consumption, search queries, email campaign metrics (opens, clicks, bounces), and browser/device information. We use cookies and similar technologies for session management, analytics, and affiliate attribution (see Cookies section below).

CRM data

You may upload contacts, companies, deals, notes, activities, files, email templates, and other business data to the Service. This data belongs to you — we process it only to provide and improve the Service. We do not access, analyze, or use your CRM data for advertising, profiling, or any purpose other than delivering the Service.

2. How we use your information

We use your information to: (a) provide, maintain, and improve the Service; (b) process payments and manage subscriptions; (c) send transactional emails (account verification, password resets, billing receipts); (d) communicate product updates, security notices, and support responses; (e) monitor usage to enforce plan limits and prevent abuse; (f) generate aggregated, anonymized analytics to improve the Service; (g) comply with legal obligations. We do not sell your personal information. We do not use your data for targeted advertising.

3. Data sharing

We share your data only in these circumstances: (a) Service providers — we use third-party services to operate the platform, including Stripe (payments), email delivery infrastructure, and AI/data providers for prospecting features. These providers process data on our behalf under contractual obligations. (b) Legal requirements — we may disclose data if required by law, subpoena, or court order. (c) Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. (d) With your consent — we may share data when you explicitly authorize it. We never share your CRM data with other BCRM customers or third parties for their marketing purposes.

4. Data security

We implement industry-standard security measures to protect your data: all data is encrypted in transit using TLS 1.3 and at rest using AES-256. Access to production systems is restricted to authorized personnel with multi-factor authentication. We use role-based access control to ensure team members can only access data appropriate to their role. We conduct regular security assessments and maintain incident response procedures. While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

5. Data retention

We retain your account and CRM data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for account reactivation, after which it is queued for deletion. Deletion is completed within 90 days of the retention period expiring. Billing records and transaction history are retained for 7 years to comply with tax and accounting regulations. You may request immediate deletion of your data by contacting us at privacy@bcrm.one.

6. Your rights

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) correct inaccurate data; (c) delete your data ("right to be forgotten"); (d) export your data in a portable format; (e) restrict or object to certain processing; (f) withdraw consent where processing is based on consent. To exercise any of these rights, contact us at privacy@bcrm.one. We will respond within 30 days. California residents have additional rights under the CCPA, and EU/EEA residents have rights under the GDPR.

7. Cookies and tracking

We use cookies for: (a) essential session management (keeping you signed in); (b) analytics (understanding how the Service is used to improve it); (c) affiliate attribution (tracking referrals for our affiliate program with a 90-day cookie window). We do not use cookies for advertising or cross-site tracking. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

8. Third-party services

The Service integrates with third-party providers including: Stripe for payment processing, email infrastructure providers for campaign delivery, Apollo and Explorium for prospecting data, and AI model providers for intelligent features. Each provider has its own privacy policy. We select providers that maintain appropriate data protection standards and process data under contractual agreements.

9. International data transfers

BCRM is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

10. Children's privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, contact us at privacy@bcrm.one.

11. Changes to this policy

We may update this Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before taking effect. The "effective date" at the top of this page indicates when the Policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@bcrm.one or by mail at: Boom Logic, Attn: Privacy, Delaware, United States.