Legal

Privacy Policy

Data controller

The data controller is Christopher Lasgi, publisher of the platform boostecom.app, operating under the BoostEcom brand.

Contact: contact@boostecom.fr

Scope

This policy applies to all BoostEcom services:

  • The web platform — accessible at boostecom.app (dashboard, scanner, chat, workflows)
  • The ContextIQ Chrome extension — visual element selector for the BoostEcom platform

Data collected — Platform

When using the platform, the following data may be collected:

  • Account data — email address, name, authentication information
  • Organization data — team name, members, roles
  • Project data — configurations, connectors, settings
  • Conversation data — messages exchanged with the AI assistant
  • Billing data — subscription information (payment details are processed directly by Stripe)
  • Browsing data — IP address, browser type, pages viewed, timestamps
  • Scanner data — URL submitted for audit, scan results

Data processed — ContextIQ Chrome Extension

The ContextIQ Chrome extension is a visual element selector. It does not collect any personal data. The following data is processed locally on your device:

  • DOM elements — HTML structure, CSS classes, attributes and visible text of the selected element
  • Screenshot — cropped image of the selected element
  • Page context — URL and title of the page where the element is selected
  • Computed styles — CSS visual properties of the element (colors, dimensions, typography)

This data is stored in your browser's chrome.storage.local and only transmitted to an open boostecom.app tab via postMessage. It is never sent to any third-party server. The extension only operates when manually activated by the user and does not collect any data in the background.

Purpose of processing

  • Provide the platform services (dashboard, scanner, AI assistant, workflows)
  • Manage user accounts, teams and subscriptions
  • Send transactional emails (confirmation, billing, notifications)
  • Improve the platform performance and reliability
  • Ensure security and prevent abuse

Legal basis

Data processing is based on:

  • Contract performance (GDPR Art. 6.1.b) — for the provision of subscribed services
  • Legitimate interest (GDPR Art. 6.1.f) — for service improvement and security
  • Consent (GDPR Art. 6.1.a) — for non-essential cookies

Sub-processors

Vercel

Hosting and deployment

United States
Convex

Real-time database

United States
Neon

Authentication database

United States
Stripe

Payment processing

United States
Resend

Transactional emails

United States
Upstash

Cache and queues

United States
Anthropic

AI models (via AI Gateway)

United States
OpenAI

AI models (via AI Gateway)

United States

Data retention

  • Account data — retained for the duration of the subscription, deleted within 30 days after account closure
  • AI conversations — retained for the duration of the subscription
  • Scan reports — 90 days
  • Browsing logs — 12 months maximum
  • Billing data — retained in accordance with legal obligations (10 years)
  • Chrome extension data — stored locally, deletable by the user at any time

International transfers

Some sub-processors are located in the United States. These transfers are governed by the European Commission's standard contractual clauses and/or the EU-U.S. Data Privacy Framework, in compliance with the GDPR.

Your rights

Under the GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object and to restriction of processing

To exercise these rights, contact us at contact@boostecom.fr. You may also file a complaint with the CNIL (French Data Protection Authority).

Last updated: April 2026