GDPR & Data Rights
This page supplements our Privacy Policy with specific information for users in the European Economic Area (EEA), the United Kingdom, and California.
Last updated: February 21, 2026
1. Data Controller
ContentBoost is the data controller for personal data processed through our service. For any data protection inquiries, contact us at [email protected].
2. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following legal bases:
Contract performance (Art. 6(1)(b))
Processing your store URL, product catalog, and account data to deliver the service you signed up for (visibility checks, content generation).
Legitimate interest (Art. 6(1)(f))
Rate limiting via IP address and browser fingerprint to prevent abuse. Anonymized analytics to improve the product. Displaying recent checks as social proof.
Consent (Art. 6(1)(a))
Analytics cookies (Google Analytics). Email communications beyond transactional messages. You can withdraw consent at any time.
Legal obligation (Art. 6(1)(c))
Retaining payment records as required by tax and accounting laws.
3. Personal Data We Process
| Data Category | Purpose | Retention |
|---|---|---|
| Store URL and name | Running visibility checks, generating content | 30 days (free tools), account lifetime (paid) |
| IP address | Rate limiting, spam prevention | 90 days |
| Browser fingerprint (hashed) | Spam prevention | Session only |
| Email address | Account management, communications | Account lifetime + 30 days |
| Product catalog data | Content generation | Account lifetime |
| Payment data | Processing transactions | 7 years (legal requirement) |
| Analytics events | Product improvement | 26 months (Google Analytics default) |
4. Sub-processors and International Transfers
Your data may be processed by the following sub-processors, some of which are located outside the EEA:
| Service | Purpose | Location |
|---|---|---|
| Clerk | Authentication | USA |
| Stripe | Payments | USA |
| AI service providers | AI search, content generation, analysis | USA |
| Cloudflare | Bot protection (Turnstile) | Global CDN |
| Google Analytics | Usage analytics | USA |
| Neon | Database hosting | USA |
For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, or the service provider's own approved transfer mechanisms.
5. Your Rights Under GDPR
If you are in the EEA or UK, you have the following rights:
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten")
Request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
Right to data portability
Receive your data in a structured, machine-readable format (JSON).
Right to restrict processing
Ask us to limit how we process your data while a dispute is resolved.
Right to object
Object to processing based on legitimate interest, including analytics and social proof display.
Right to withdraw consent
Withdraw consent for analytics cookies or optional email communications at any time.
6. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information we collect, use, and disclose.
- Right to delete your personal information.
- Right to opt out of the sale of personal information. We do not sell your personal information.
- Right to non-discrimination for exercising your privacy rights.
7. How to Exercise Your Rights
To make a data request, email us at [email protected] with the subject line "Data Rights Request". Include:
- Your name and email address associated with your account
- Which right you are exercising (access, deletion, portability, etc.)
- Any details that help us locate your data (e.g., store URL used in a free tool)
We will verify your identity and respond within 30 days. If we need more time, we will notify you of the extension and the reason for it.
8. Right to Lodge a Complaint
If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection supervisory authority. We would appreciate the opportunity to address your concerns directly first, so please reach out to us at [email protected].
9. Contact
For any data protection questions or requests, email [email protected].