Privacy Policy

This Privacy Policy explains how BoringKit collects, uses, stores, shares, and protects information when you use the website, signed-in workspace, tools, file processors, queues, API, AI-assisted features, billing flows, documentation, and support channels.

We may collect account details such as name, email address, authentication identifiers, plan, subscription status, credit balance, workspace settings, API key metadata, and support preferences.

We collect product usage information such as accepted worker/API tool runs, selected options, tool path, credit ledger entries, queue status, job identifiers, file metadata, output metadata, download events, error classes, retention timestamps, API requests, webhook delivery state, and abuse-prevention signals. In-browser tools do not create workspace job rows by default; if local activity history is enabled, it should be metadata-only such as tool name, timestamp, status, and output type.

We may collect device and technical information such as IP address, browser, operating system, approximate location derived from network data, referrer, pages viewed, logs, diagnostics, and security telemetry.

In-browser tools are designed to process supported input in your browser tab where practical. For those tools, the selected file or text should not be uploaded to BoringKit servers unless the product clearly switches to a server, worker, API, or retained workspace flow.

Server-side, worker, queue, API, AI-assisted, batch, or retained-output tools may upload files, text, URLs, prompts, options, and metadata so the requested job can run and results can be delivered.

Do not submit sensitive, regulated, confidential, or third-party data unless you have the right to process it and the selected plan, tool, file expiry setting, and your own compliance obligations allow it.

We use information to provide the product, authenticate users, run tools, process files, manage queues, deliver outputs, show workspace history, enforce plan limits, meter credits, issue receipts, support API access, provide customer support, investigate failures, improve reliability, prevent abuse, detect fraud, secure the service, and comply with legal obligations.

We may use aggregated or de-identified operational metrics to improve tool quality, capacity planning, pricing, reliability, and product design.

Some tools may use AI assistance for extraction, cleanup, summarization, classification, formatting, naming, validation, or generation. AI processing may be routed through one or more infrastructure or model providers depending on product configuration, availability, plan, and safety controls.

We avoid naming a single provider as a permanent privacy dependency because routing can change. When AI assistance is used, we send only the information needed to perform the requested feature and apply the retention and security controls available for that processing path.

AI outputs can be wrong or incomplete. Do not use AI-assisted output as the sole basis for legal, medical, financial, safety, employment, or regulated decisions.

Paid purchases may be processed by a payment gateway, payment processor, reseller, or Merchant of Record. BoringKit does not store full card numbers or full payment credentials.

We may receive billing metadata such as plan, amount, currency, tax status, transaction identifiers, payment status, receipt details, renewal state, refund state, and fraud or dispute signals so we can activate access, reconcile credits, provide support, and comply with accounting obligations.

We may use cookies, local storage, session tokens, analytics, and similar technologies to keep users signed in, protect accounts, remember preferences, measure product usage, detect abuse, monitor reliability, and improve the product. Browser settings may let you block some technologies, but blocking them can break login, checkout, workspace, or tool execution.

We do not sell personal data. We may share limited information with service providers that help operate BoringKit, such as hosting, storage, authentication, databases, observability, security, analytics, email, support, payment, tax, AI, document processing, media processing, and abuse-prevention providers.

We may disclose information when required by law, to protect rights and safety, to investigate abuse, to respond to valid legal requests, or as part of a business transfer involving BoringKit assets, provided appropriate safeguards apply.

File expiry depends on the data type, plan, tool, and legal need. In-browser processing is intended to avoid server retention for the file itself. Server-side input files are generally temporary. Outputs, job records, and workspace rows may remain available until the displayed expiry time or plan retention limit.

We may retain account, billing, credit ledger, API key metadata, security logs, abuse-prevention records, support messages, and audit metadata for longer where needed to provide the service, resolve disputes, enforce Terms, prevent fraud, or comply with law.

We use technical and organizational safeguards intended to protect accounts, files, jobs, API keys, runtime secrets, and infrastructure. These may include encryption in transit, access controls, secret management, authentication, scoped API keys, monitoring, validation, upload limits, retention controls, and abuse detection.

No internet service can guarantee absolute security. You should use strong passwords, protect sessions and API keys, avoid submitting unnecessary sensitive data, and revoke credentials you no longer use.

BoringKit may process information in countries where its infrastructure and service providers operate. Those locations may have data protection laws different from your location. We use reasonable safeguards for cross-border processing where required.

Depending on your location, you may request access, correction, deletion, export, restriction, or objection related to your personal data. You may also close workspace rows, revoke API keys, delete certain outputs where the product allows it, unsubscribe from non-essential emails, or cancel paid plans.

Some records cannot be immediately deleted if we need them for security, fraud prevention, accounting, legal compliance, dispute resolution, or service integrity.

BoringKit is not intended for children under 13 or the minimum age required by applicable law. Do not use BoringKit if you are not old enough to consent to these terms in your location.

For privacy, deletion, data access, or security questions, contact support@boringkit.com.