Privacy Policy

BosQa is a software-as-a-service platform built for photographers, videographers, and social media directors. Our service generates AI-powered pre-production briefs, post-production reports, and branded content outputs.

For purposes of data protection law, BosQa is the data controller for personal information we collect from you directly. Our primary place of business is the United States.

Contact: legal@bosqa.app

Account information

• Email address (used to create and access your account)
• Password (stored as a secure hash — we never see it in plaintext)
• Studio name, tagline, contact phone, website, location, and social handles (optional — you provide these to appear on your PDF reports)
• Studio logo (uploaded by you, stored securely)

Brand and project content

• Brand onboarding answers (vibe, audience, hashtags, etc.) that you enter to generate your brand voice profile
• Project details (shoot date, deliverables, shot list ideas, post-shoot notes) that you enter to generate briefs and reports
• AI-generated outputs (briefs, reports, captions) stored in your account

Payment information

• Stripe handles all payment processing. We store only your Stripe customer ID and subscription status — we never see or store your full card number, CVV, or bank details.

Usage data

• Pages you visit within the app, features you use, and actions you take (collected via PostHog analytics)
• IP address, browser type, device type, and operating system
• Session recordings (inputs are masked — we cannot see what you type in form fields)
• Error logs and performance data

• To create and manage your account
• To provide the BosQa service — generating AI-powered briefs, reports, and content
• To process payments and manage your subscription via Stripe
• To send transactional emails (account confirmation, password reset, subscription receipts)
• To improve the product using aggregated, anonymized usage analytics
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations
• To respond to your support requests

We do not sell your personal data. We do not use your data to train AI models. We do not send unsolicited marketing emails without your opt-in consent.

We share data with the following trusted third parties, only to the extent necessary to provide the service:

Each of these providers has their own privacy policy and data processing agreements. We have data processing agreements (DPAs) in place with each provider where required by law.

BosQa uses Anthropic's Claude AI to generate creative briefs, reports, and captions. When you generate content, the relevant inputs (brand onboarding answers, project details, post-shoot notes) are sent to Anthropic's API to produce the output.

What Anthropic receives: The text you enter into brand setup and project forms. We do not send your name, email, payment information, or uploaded files to Anthropic.

What Anthropic does with it: Per Anthropic's API terms, inputs and outputs are not used to train their models by default. See Anthropic's Privacy Policy for full details.

You own your outputs. All AI-generated content (briefs, reports, captions, brand profiles) belongs to you. BosQa claims no copyright or ownership over content generated using your inputs.

• Account data is retained for as long as your account is active.
• If you delete your account, we delete your personal data within 30 days. Anonymized, aggregated analytics data may be retained longer.
• Payment records are retained for 7 years as required by accounting and tax law.
• Backups may contain your data for up to 90 days after deletion.

Regardless of where you live, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data in your profile
• Delete your account and associated data (via Settings → Danger zone, or by emailing us)
• Export your data in a machine-readable format
• Object to certain uses of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, email legal@bosqa.app. We will respond within 30 days.

If you are in the European Union or United Kingdom, the following applies:

Legal bases for processing:

• Contract performance — processing your account data and generating content is necessary to provide the service you signed up for.
• Legitimate interests — analytics and security monitoring to improve the product and prevent fraud.
• Legal obligation — retaining payment records as required by law.
• Consent — for optional analytics and session recording (you may opt out via our cookie settings).

Your GDPR rights include access, rectification, erasure, restriction, portability, and the right to object. You also have the right to lodge a complaint with your local supervisory authority.

Data transfers: Our infrastructure is primarily US-based. Transfers from the EU/UK are covered by Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.

If you are a California resident, the California Consumer Privacy Act grants you additional rights:

• Right to know what personal information we collect and how it is used
• Right to delete your personal information
• Right to opt out of the sale or sharing of your personal information (we do not sell or share your data)
• Right to non-discrimination for exercising your privacy rights
• Right to correct inaccurate personal information

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

To submit a CCPA request, email legal@bosqa.app with the subject line "CCPA Request."

We use the following types of cookies and similar technologies:

• Essential cookies — required for authentication and keeping you logged in (cannot be disabled).
• Analytics cookies — PostHog uses cookies to track usage patterns and session behavior. Form inputs are masked. You can opt out by contacting us.

We do not use advertising cookies, retargeting pixels, or third-party tracking for ad purposes.

BosQa is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal data, please contact us at legal@bosqa.app and we will delete it promptly.

BosQa is operated from the United States. If you access the service from outside the US, your information will be transferred to and processed in the US. We rely on lawful transfer mechanisms including Standard Contractual Clauses for EU/UK data transfers.

By using BosQa, you acknowledge that your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date at the top of this page. Your continued use of BosQa after changes become effective constitutes your acceptance of the updated policy.

For privacy-related questions, data requests, or concerns:

• Email: legal@bosqa.app
• Response time: within 30 days (we aim for 5 business days)