Privacy Policy — Boredroom

Last updated: March 2026

Your privacy matters to us. This Privacy Policy explains what information we collect, how we use it, and what rights you have over it. We have written this to be clear and human. Not to bury important things in legalese.

This Policy applies to all users of Boredroom at boredroom.online, regardless of location.

1. Who Controls Your Data

Boredroom is operated by Khronocorp Enterprises. We are the data controller responsible for your personal information collected through the Platform.

Contact: privacy@boredroom.online

2. Information We Collect

2.1 Information you provide directly

Account information: your name, email address, and password when you register.
Profile details: your role, agency name, and any other information you choose to add.
Content you upload: project files, design assets, briefs, invoices, and other creative work stored in the Platform.
Payment information: billing details processed securely through Stripe or Paystack. We do not store your full card details. These are handled entirely by our payment providers.
Communications: messages you send through the Platform's chat and messaging features.

2.2 Information collected automatically

Usage data: pages visited, features used, time spent on the Platform, and interaction patterns.
Device and technical data: IP address, browser type, operating system, and device identifiers.
Cookies: essential cookies for authentication and user preferences. See Section 9 for details.

3. How We Use Your Information

We use your information to:

Provide, operate, and improve the Boredroom Platform.
Process payments and manage your subscription.
Send transactional emails, account confirmations, payment receipts, password resets.
Send product updates and feature announcements (you can opt out at any time).
Analyze usage patterns to understand how the Platform is used and where to improve it.
Ensure the security and integrity of the Platform.
Comply with our legal obligations.

Legal Basis for Processing (EU/GDPR Users)

For users in the European Union, we process your personal data on the following legal basis:

Contract performance: processing necessary to provide the service you have signed up for.
Legitimate interests: analytics and platform improvement, fraud prevention, and security.
Consent: marketing communications, where you have opted in.
Legal obligation: compliance with applicable laws.

4. Data Storage and Security

Your data is stored securely using Supabase infrastructure with encrypted cloud storage. We implement industry-standard security measures including:

Encryption of data in transit (TLS/SSL) and at rest.
Access controls limiting who within our team can access user data.
Regular security reviews and monitoring.

While we take security seriously and implement strong safeguards, no system is completely immune to risk. We will notify you promptly in the event of a data breach that affects your personal information.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

Active account data is retained for the duration of your use of the Platform.
If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it.
Payment records are retained for a minimum of 7 years for tax and legal compliance purposes.
Usage analytics data is retained in anonymized form for up to 24 months.

6. Sharing Your Data

We do not sell your personal data. Full stop.

We share data only in the following limited circumstances:

6.1 Service Providers

We use trusted third-party providers to operate the Platform:

Stripe — payment processing (international).
Paystack — payment processing (Africa).
Supabase — database and file storage infrastructure.
Resend — transactional email delivery.

Each provider is bound by data processing agreements and their own privacy policies.

6.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or regulatory authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Boredroom, our users, or others.

6.3 Business Transfers

If Khronocorp Enterprises is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

7. International Data Transfers

Boredroom serves users globally. Your data may be processed in countries outside your own, including Nigeria, the United States, and the European Economic Area.

For users in the European Union: where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or we rely on adequacy decisions where applicable.

8. Your Rights

You have rights over your personal data. Regardless of where you are located, you can:

Access: request a copy of the personal data we hold about you.
Correction: request that we correct inaccurate or incomplete data.
Deletion: request that we delete your personal data (the "right to be forgotten").
Portability: request your data in a structured, machine-readable format.
Objection: object to our processing of your data for marketing purposes.
Withdrawal of consent: where processing is based on consent, withdraw it at any time.

Additional Rights for EU Users (GDPR)

If you are in the European Union, you also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

Additional Rights for California Users (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights.

To exercise any of your rights, contact us at privacy@boredroom.online. We will respond within 30 days.

9. Cookies

We use essential cookies only. The kind that keep you logged in, remember your preferences, and make the Platform work properly.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies that follow you around the web. No surveillance. Just the basics needed to run the Platform.

You can manage cookie settings in your browser at any time.

Early Access Period

This section applies during the Early Access phase only and will be removed upon full public launch.

10. Early Access Data Handling

During the Early Access period, we may collect additional usage data, feedback, and reviews to improve the Platform before full public launch. Specifically:

Usage patterns and feature interactions may be logged in greater detail than in the full release.
Reviews and feedback you submit are stored and used to improve the Platform.
No Early Access data will be shared publicly without your explicit consent.

Your participation in Early Access is voluntary and your data rights remain unchanged. Thank you for helping us build something better.

11. Children's Privacy

Boredroom is not directed at children under the age of 13. We do not knowingly collect personal data from children. If we become aware that a child under 13 has provided us with personal data, we will delete it immediately. If you believe we have inadvertently collected such data, contact us at privacy@boredroom.online.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the Platform before the changes take effect. The updated date at the top of this page will always reflect when it was last revised.

Continued use of the Platform after changes constitutes your acceptance of the updated Policy.

13. Contact Us

Questions, concerns, or requests about this Privacy Policy or your data:

Email: privacy@boredroom.online
General enquiries: hello@boredroom.online
Website: boredroom.online
Registered entity: Khronocorp Enterprises