Privacy Policy

Booster Box ("we", "us", "our") operates the Booster Box website and related services. We are the data controller for the personal data we collect through the Service. This policy explains what data we collect, how we use it, and your rights.

We may collect and process the following:

• Account data: Name, email address, password (stored hashed), and profile image if you set one.
• Order and payment: Billing and shipping address, phone number, and transaction history. Payment card details are processed by our payment provider (Stripe); we do not store full card numbers.
• Support: Emails and messages you send when contacting support, and any ticket history.
• Usage and technical: IP address, browser type, device information, and logs of your visits and actions on the site (e.g. for security and improving the service).
• KYC and compliance: If required for payouts or regulatory reasons, we may collect identity documents and verification results (see our KYC page).

We use your data to: provide the Service (accounts, orders, pull boxes, support); process payments and comply with financial and legal obligations; verify identity where needed (e.g. KYC); communicate with you about orders, account, or support; send marketing only if you have opted in; improve the site and prevent fraud or abuse; and enforce our terms and policies.

We do not sell your personal data to third parties. We may share data with service providers (e.g. hosting, payment processing, email) who act on our instructions and are bound by confidentiality. We may also disclose data where required by law or to protect our rights.

We process your data on the basis of: performance of a contract (providing the Service); consent (e.g. marketing, optional preferences); legal obligation (e.g. tax, anti-money laundering); and our legitimate interests (security, fraud prevention, improving the Service) where those interests are not overridden by your rights.

We use cookies and similar technologies to keep you logged in, remember preferences (e.g. theme), and understand how the site is used. Essential cookies are necessary for the Service to function. Analytics or marketing cookies may be used if you consent. You can change your browser settings to refuse or delete cookies; some features may not work correctly if you do.

We retain your data for as long as your account is active or as needed to provide the Service, and for a reasonable period thereafter for legal, tax, or dispute purposes. Order and payment records are typically kept for at least seven years for legal and tax compliance. Support tickets and logs may be retained for a shorter period. You may request deletion of your account and associated data subject to our legal obligations.

If you are in the UK or EEA, you have the right to: access your personal data; request correction of inaccurate data; request erasure ("right to be forgotten") in certain circumstances; object to or restrict certain processing; data portability; and withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority (e.g. the ICO in the UK). To exercise these rights, contact us via Support.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Your data may be processed in or transferred to countries outside the UK/EEA where our service providers operate. Where we do so, we ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) are in place.

For privacy-related questions or to exercise your rights, please contact us via our Support page or the contact details on the website.