🥳 Big news: Boon.Today has joined Ad For Good® — Meet the first AI built for responsible, impact-driven ads.

  • Ad For Good® Label
  • Use Cases
  • Blog
    • Log inGet started

    Privacy Policy

    (Last updated: 21 May 2025)

    1. Who We Are

    Boon.Today Inc. ("Boon.Today", "we", "us", "our") is a Delaware‑registered company that operates:

    • boon.today – our corporate website;

    • the Ad For Good® SaaS platform for advertisers and cause‑partners; and

    • the Brand Explorer AI tool.

    We are the controller for personal data described in this Policy, unless we state that we act as a processor on behalf of a customer.

    Contact: doers@adforgood.com  

    EU/UK representative – doers@adforgood.com

    Data Protection Officer (DPO) –doers@adforgood.com

    2. The Data We Collect

    Category Examples

    Account Data Name, email, password, organisation, country

    Profile Data Optional photo, role, phone

    Billing Data Billing contact, VAT/EIN, card/ACH token

    Usage Data Log‑ins, clicks, pages viewed, AI prompts, campaign actions

    Technical Data IP address, browser type, device ID, cookies

    Marketing Data Newsletter opt‑ins, preferences

    Donation Data (processor) Donation amount, campaign, donor first/last name, email

    Sensitive data: We do not knowingly collect special‑category data (GDPR Art 9) or children’s data (< 16 yrs). Please do not submit such information.

    3. How and Why We Use Your Data

    Purpose Legal basis (EU/UK GDPR)CCPA/CPRA category Provide, secure & maintain the Services Contract • Legitimate interest"Identifiers", "Internet activity"Process payments & invoicesContract • Legal obligation"Commercial information"Send transactional emails & alertsContract"Identifiers"Improve features incl. Brand Explorer AI Legitimate interest (analytics & product dev.) • Consent for cookies"Internet activity"Marketing emails, newsletters, surveysConsent (you can withdraw anytime)"Identifiers"Comply with law, defend legal claimsLegal obligation • Legitimate interestvaries

    We do not sell or share personal data for cross‑context behavioural advertising.

    4. Cookies & Similar Tech

    We use:

    • Essential cookies – sign‑in, CSRF protection;

    • Analytics cookies (Google Analytics 4 – IP anonymised);

    • Functional cookies – remember settings;

    • Advertising cookiesnone.

    On first visit we display a cookie banner asking you to Accept all or Manage preferences. You can change or withdraw consent anytime in Cookie Settings.

    Cookie lifetimes: 1 day – 13 months.

    5. Sharing & Sub‑Processors

    We restrict access to those who need it to run the Services. External recipients are:

    • Hosting & infrastructure: Amazon Web Services (EU / US), Cloudflare.

    • Payments: Stripe.

    • Email & communications: SendGrid, Intercom, Aircall.

    • Analytics & product: Google Analytics, Amplitude.

    We sign Data Processing Agreements (DPAs) / Standard Contractual Clauses with every sub‑processor.

    6. International Transfers

    We primarily host data in EU‑West (Ireland) and the United States.

    When we transfer personal data outside the EEA/UK/Switzerland we rely on:

    • Adequacy decisions (e.g. UK→EEA, EU→CH);

    • EU/UK Standard Contractual Clauses with supplementary measures (encryption in transit & at rest, access controls).

    7. Retention

    • Account data – retained while your subscription is active plus 3 years.

    • Usage logs – 12 months.

    • Cookies – as per Section 4.

    • Donation data (processor) – as agreed in the customer DPA.

    8. Your Rights

    Region Rights

    EU/UK/CH Access • Rectification • Erasure • Restriction • Portability • Objection • No automated decision‑making • Lodge complaint with supervisory authority (e.g. CNIL, ICO)

    California Know • Delete • Correct • Opt‑out of “sale/share” (not applicable) • Limit use of sensitive info (not applicable)

    Virginia/Colorado/Connecticut/Utah Access • Correct • Delete • Opt‑out of targeted ads & profiling • Appeal

    How to exercise: Email doers@adforgood.com. We will respond within 30 days (EU/UK) or 45 days (US state laws). We may request ID verification.

    9. Security

    We apply industry‑standard technical and organisational measures:

    • AES‑256 encryption at rest; TLS 1.2+ in transit;

    • WAF, DDoS mitigation, daily backups;

    • Role‑based access, MFA for staff;

    • Annual penetration tests.

    In the unlikely event of a data breach we will notify affected users and regulators within the timelines required by law.

    10. Children

    The Services are not directed at children under 16. If you believe we hold personal data about a child please contact us and we will delete it.

    11. Changes to this Policy

    We may update this Policy to reflect legal or operational changes. Material changes will be announced on our website and, where appropriate, by email 30 days before they take effect. The “Last updated” date indicates the latest revision.

    12. Contact

    • General privacy questions: doers@adforgood.com

    • Data subject requests: doers@adforgood.com

    © 2025 Boon.Today Inc.  All rights reserved.

    Cookie Settings

    Cookie Settings

    We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

    These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

    These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

    These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

    These cookies help us to better deliver marketing content and customized ads.

    View Cookie Policy