← Back

Privacy Policy

Last updated: April 22, 2026

Draft for review. This document is a plain-English summary of how Boojiai handles data. It is not a substitute for legal advice and will be reviewed by counsel before we launch paid marketing. Questions? Email hello@boojiai.com.

1. What this policy covers

This policy explains what Boojiai does with data about you, the Boojiai user — the person who creates an account and builds a project. It does not cover the relationship between you and your visitors. That part is covered in Section 7 below.

2. Information we collect about you

  • Account information: your name, email, and (for email signups) a password stored as a one-way hash.
  • Google sign-in: if you sign in with Google, we receive your name, email, and profile picture from Google.
  • Usage data: which features you use, which projects you create, and aggregate interaction patterns. We use this to improve the service.
  • Payment data: if you subscribe or buy a top-up pack, our payment processor (LemonSqueezy) collects your billing details. Boojiai does not see or store your card number.

3. How we use your information

We use your information to provide the service, process payments, send you service-related messages, and improve Boojiai. We do not sell your personal data to anyone. We do not use your personal content or your project content to train AI models without your explicit consent.

4. Generated content

The text, images, and code generated for your project belong to you. Boojiai stores them so the service works (so your site can load, so you can export, so you can keep editing). We do not reuse your generated content outside your project.

5. Third-party services we use

Boojiai runs on top of a few third-party services. Each has its own privacy policy:

  • Anthropic — AI generation for your project content and concierge replies.
  • Vercel — hosts Heeo and the sites deployed to *.heeo.io.
  • Supabase — stores Boojiai's application database (hosted in the EU).
  • LemonSqueezy — processes Boojiai subscription and top-up payments.
  • Google — provides Google Sign-In if you choose that option.
  • Sentry — captures application errors and diagnostics so we can fix bugs. See Section 6 below for what's recorded.

6. Cookies and similar storage

Boojiai and Boojiai-hosted sites use a small number of cookies and browser-storage items:

  • Essential session cookies — keep you signed in while you use Boojiai. Required for the service to work.
  • Concierge visitor identifier — a random ID stored in your visitors' browsers so the concierge can remember a conversation across page reloads. Not linked to personal data.
  • "Coming soon" vote dedup cookie — when a visitor votes on an upcoming feature on your site, we set a cookie that lasts up to 1 year so the same visitor is not counted twice.
  • Error diagnostics (Sentry). When you encounter an error in Boojiai, our error-monitoring tool records a short replay of what happened on the page just before the error, together with your browser type and the URL you were on. This only runs when an error actually occurs — not during normal use. The recording is used to fix the bug and is not used for advertising.

If you operate Boojiai-hosted sites for EU visitors, you may need to show your own cookie notice — see Section 7.

7. Visitor data from your concierge (processor relationship)

Your site includes a concierge chat widget. When your visitors send messages, we store and process those messages on your behalf. Under GDPR and similar laws:

  • You are the data controller for your visitors' messages. You decide why they are collected and what happens to them.
  • Boojiai is the data processor. We store and display those messages so your concierge works and so you can read them.
  • If your visitors are in the EU (or similar jurisdictions), you may need your own privacy notice on your site telling them that a concierge records their chat.
  • You can ask us to delete your visitor chat history at any time.

We do not use your visitors' messages to train AI models. We do use the content of their conversation, in real time, to generate the concierge's reply — that is how the concierge works.

8. Data storage and retention

Your data is stored encrypted in our application database. We keep it for as long as your account is active. Paused projects are preserved so you can reactivate them. You can request deletion of your account and all associated data at any time — we process deletion requests within 30 days.

9. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you. You can exercise these rights by contacting us. For users in the EU and UK, this includes the rights described in GDPR Articles 15–22.

You can export your project files at any time through the Export feature.

10. Changes to this policy

We may update this policy. If a change is material, we will notify you by email or in-product before it takes effect.

11. Contact

Privacy questions: hello@boojiai.com.