Privacy Policy

Effective date: March 20, 2026

Who We Are

BoomSauce, Inc. ("BoomSauce," "we," "us") operates an email marketing and lead acquisition platform at app.boomsauce.com. This Privacy Policy describes how we collect, use, and protect your information when you use our service.

Information We Collect

Account information: When you sign up via Google OAuth, we receive your email address and display name from Google (userinfo.email and userinfo.profile scopes). We do NOT request access to Gmail, Google Drive, or any other Google services beyond basic profile information.

Company and profile data: Information you provide about your organization, role, and preferences.

Contacts: Contact lists and lead data you upload or generate through our lead search feature.

Campaign data: Email content, templates, sequences, scheduling preferences, and campaign configuration.

Email tracking: Open events, click events, reply detection, and bounce data for emails sent through the platform.

Usage data: Pages visited, features used, and actions taken within the platform for analytics and product improvement.

How We Use Your Information

We use collected information to:

  • Provide and operate the BoomSauce platform
  • Send email campaigns on your behalf
  • Track email opens, clicks, and replies for campaign analytics
  • Power lead search and contact discovery features
  • Provide account support via in-app chat
  • Improve and develop new features

Google OAuth

We use Google OAuth solely for authentication. The only Google data we access is your email address and basic profile name. We do not read, send, or manage your Gmail messages. We do not access Google Contacts, Google Calendar, or any other Google Workspace data.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway with encrypted connections (TLS). Sessions are managed using iron-session with encrypted, HTTP-only cookies. We implement standard security practices including encrypted data in transit, secure session management, and role-based access controls.

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share data only with infrastructure providers necessary to operate the service (hosting, database, email delivery) and as required by law.

Your Rights and Controls

You may:

  • Request deletion of your account and all associated data
  • Export your contacts and campaign data
  • Update your profile information at any time
  • Revoke Google OAuth access through your Google Account settings

To exercise these rights, contact us through the in-app support chat.

Cookies

We use session cookies only (iron-session) to maintain your authenticated session. We do not use advertising cookies, tracking pixels on our own site, or third-party analytics cookies.

GDPR and CCPA Compliance

If you are located in the European Economic Area (EEA) or California, you have additional rights under the GDPR or CCPA respectively. These include the right to access, correct, delete, and port your personal data, as well as the right to object to or restrict certain processing. To make a request, contact us via in-app support.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the platform. Continued use of BoomSauce after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or data requests, reach us through the in-app support chat at app.boomsauce.com.