Loading privacy policy...
HomePrivacy Policy
Legal document

Privacy Policy

How we collect, use, and protect your personal data — written in plain language, not legalese.

Last Updated01 Jan 2026
Effective Date01 Jan 2026
Jurisdiction India / US / EU
Versionv2.0
01

Overview

Bootprime ("we", "us", "our") is a technology services company based in India. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit bootprime.com or engage our automation and AI services.

While Bootprime operates from India, we serve clients globally including the United States, United Kingdom, and European Union. This policy aligns with major international privacy frameworks including GDPR and applicable US privacy regulations such as CCPA where relevant.

✓ We never sell your personal data. We never have. We never will.

02

Data Controller

The data controller responsible for your personal information is:

Company Bootprime
Location India
Email contact@bootprime.com
Website bootprime.com
Regions Global

For privacy queries or to exercise your data rights, contact us at contact@bootprime.com with subject line Privacy Request.

03

What We Collect

Information You Provide Directly

  • Contact information — name, email address, company name, job title via contact form or audit booking
  • Project details — descriptions of your business processes, tools, tech stack, and automation requirements during discovery
  • Communications — emails, messages, and meeting notes exchanged during our engagement
  • Payment data — billing details processed via our secure payment provider (we do not store card numbers directly)
  • NDA and contract details — names, signatures, and business information in formal agreements

Information Collected Automatically

  • Usage data — pages visited, time spent, clicks, referral sources, browser and device type
  • IP address — used for security and geographic analytics at country/region level only
  • Cookie data — see Section 10 for full details
  • Technical logs — server access logs retained for security and debugging

Client Business Data (Automation Projects)

When building automations we may temporarily access sample business data such as invoices, spreadsheets, and CRM records. This data is:

  • Accessed only with your explicit consent and under NDA
  • Processed only within your own infrastructure where possible
  • Never stored permanently on our systems
  • Deleted from test environments upon project completion
04

How We Use Your Information

  • Service delivery — to scope, build, test, and deploy automation solutions for your business
  • Communication — to respond to enquiries, send project updates, and provide support
  • Billing & contracts — to process payments and manage legal agreements
  • Product improvement — aggregate, anonymised analytics to improve our website and services
  • Marketing (opt-in only) — newsletters or resources if you have subscribed. Unsubscribe anytime via any email
  • Legal compliance — to meet obligations under UK/EU/US law including tax, anti-fraud, and data protection
  • Security — to detect, investigate, and prevent fraud, spam, or abuse

We will never use your data for automated decision-making that produces legal or significant effects without human oversight.

05

Legal Basis for Processing

For users in the UK and EU, we process your personal data under the following lawful bases:

  • Contract performance — processing necessary to deliver our agreed services to you
  • Legitimate interests — operating and improving our business, preventing fraud, website analytics
  • Consent — for optional marketing emails and non-essential cookies (you may withdraw at any time)
  • Legal obligation — where we must process data to comply with applicable laws
06

Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share data with trusted third-party providers strictly necessary to operate our business:

  • Calendly / Scheduling tools — to manage audit and discovery call bookings
  • Payment processors (e.g. Stripe) — for secure payment handling
  • Email / CRM platforms — for project communications and, with consent, newsletters
  • Cloud infrastructure (e.g. AWS) — for hosting automation workflows where applicable
  • Analytics providers — anonymised usage data only, with IP anonymisation enabled
  • Legal or regulatory authorities — only if required by law, court order, or to protect safety

All third-party providers are contractually bound to process data only as instructed and in compliance with GDPR/UK GDPR standards.

07

Data Retention

We retain your personal data only for as long as necessary:

  • Client project data — retained for the engagement duration plus 2 years for legal purposes, then deleted
  • Contact form enquiries — retained for 12 months if no engagement follows, then deleted
  • Financial / billing records — retained for 7 years under UK/US tax and accounting law
  • Marketing email subscribers — retained until you unsubscribe or request deletion
  • Website analytics — aggregated and anonymised; raw IP logs deleted within 90 days
  • NDA / contracts — retained for the life of the agreement plus 6 years thereafter
08

Security

We implement appropriate technical and organisational measures to protect your data:

  • HTTPS / TLS encryption for all data in transit
  • Encrypted storage for sensitive files and credentials
  • Access controls limiting data to those who need it for the project
  • NDA signed before any discussion of your business data
  • Automations deployed within your own cloud infrastructure where feasible
  • No permanent storage of client operational data on Bootprime servers

Despite best efforts, no internet transmission is 100% secure. If you suspect a security issue, contact contact@bootprime.com immediately.

09

Your Rights

UK / EU Rights (GDPR)

  • Right of access — request a copy of personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing — ask us to pause processing in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent — at any time, where processing is based on consent
  • Right to complain — lodge a complaint with the UK ICO at ico.org.uk or your EU supervisory authority

US Rights (CCPA / State Laws)

  • Right to know — what personal information we collect and how it is used
  • Right to delete — request deletion of your personal information
  • Right to opt-out — we do not sell data; you may request written confirmation at any time
  • Right to non-discrimination — we will not discriminate against you for exercising your rights

To exercise any right, email contact@bootprime.com with subject Data Rights Request. We respond within 30 days (UK/EU) or 45 days (US).

10

Cookies

We use cookies to make the website function and to understand how visitors use it. You are asked to consent to non-essential cookies on your first visit.

Essential Cookies

Required for the site to function. Cannot be disabled. Include session management and security tokens.

Analytics Cookies (Optional)

Anonymised analytics with IP masking to understand traffic patterns. Set only if you consent.

Marketing Cookies (Optional)

If you opt in, we may use pixels or tracking to measure campaign effectiveness. No behavioural advertising is conducted.

You can change cookie preferences at any time via the cookie banner or by clearing cookies in your browser settings.

11

International Transfers

Bootprime operates across the US and UK. Some third-party tools may process data outside the UK/EEA. Where transfers occur, we ensure appropriate safeguards are in place:

  • UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Binding corporate rules or equivalent protections with third parties
12

Children's Privacy

Bootprime's services are intended exclusively for business professionals aged 18 and over. We do not knowingly collect personal data from children under 16 (UK/EU) or under 13 (US).

If you believe we have inadvertently collected data from a minor, contact us immediately and we will delete it promptly.

13

Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify active clients by email if changes significantly affect how we use their data
  • Post a notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

14

Contact & Complaints

For any privacy questions, data requests, or concerns:

✉️

Get in touch

Email contact@bootprime.com with subject Privacy Request. We respond within 2 business days and resolve data requests within 30 days (UK/EU) or 45 days (US).

UK users may lodge a complaint with the Information Commissioner's Office at ico.org.uk. EU residents may contact their national supervisory authority.

Ready to stop doing manual work?

Book a free 30-minute process audit. We'll map your most time-consuming manual processes and tell you exactly what's automatable.

Book My Free Audit →
🍪 We use cookies

Essential cookies keep this site working. Optional analytics help us improve it. Required for UK/EU GDPR compliance.