← Back to Home

Privacy Policy

Last Updated: January 1, 2025

Effective Date: January 1, 2025

1. Introduction

BoAnalyst ("we," "us," "our") operates boanalyst.com (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our entertainment and informational platform. By using BoAnalyst, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information:

• Account Registration: Name, email address, password (encrypted using bcrypt with 12 rounds), phone number (optional)
• Profile Information: Display name, profile picture, bio, entertainment preferences
• Payment Information: Processed securely through Razorpay (we store transaction IDs, not card details)
• Subscription Data: Plan type, billing cycle, subscription status, payment history

2.2 Automatically Collected Information:

• Usage Data: Pages visited, features used, time spent, click patterns, search queries
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies & Tracking: Session cookies, authentication tokens (JWT), preference cookies
• Location Data: General location based on IP address (not GPS)
• Log Data: Access times, error logs, security events, audit trails

2.3 User-Generated Content:

• Forum posts, comments, replies, discussions
• Movie reviews, ratings, watchlists
• Messages and communications with support

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide movie analysis, box office data, forum access, premium features
• Account Management: Create and maintain your account, authenticate logins, manage subscriptions
• Personalization: Customize content recommendations, tailor user experience
• Communication: Send transactional emails (verification, receipts), service updates, newsletters (with consent)
• Payment Processing: Process subscriptions, handle refunds (per our no-refund policy), maintain billing records
• Security: Detect fraud, prevent abuse, enforce terms, protect user safety
• Analytics: Analyze usage patterns, improve platform performance, develop new features
• Legal Compliance: Comply with applicable laws, respond to legal requests, enforce our rights
• Marketing: Send promotional content (with opt-in consent only)

4. Data Security & Encryption

4.1 Security Measures Implemented:

• Encryption at Rest: AES-256-GCM encryption for sensitive data in database
• Encryption in Transit: TLS/SSL for all data transmission
• Password Security: bcrypt hashing with 12 rounds, minimum complexity requirements
• Session Security: Secure JWT tokens, SHA-256 hashed session IDs, automatic expiration
• Access Controls: Role-based permissions, principle of least privilege
• Rate Limiting: Protection against brute force attacks (5 attempts, 15-minute lockout)
• Audit Logging: Complete audit trail of all security-relevant actions
• Regular Updates: Security patches, dependency updates, vulnerability scanning

4.2 Data Breach Protocol:

In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide details about the breach, affected data, and remedial actions taken.

5. Information Sharing & Disclosure

We do NOT sell your personal information. We may share information in the following circumstances:

• Service Providers: Razorpay (payment processing), email service providers (transactional emails), hosting providers (Namecheap)
• Legal Requirements: Court orders, subpoenas, government requests, law enforcement
• Business Transfers: In case of merger, acquisition, or sale of assets
• Consent: When you explicitly authorize sharing
• Public Forums: Your forum posts and reviews are publicly visible
• Aggregate Data: Anonymized, non-identifiable statistics for analytics

6. Cookies & Tracking Technologies

6.1 Types of Cookies We Use:

• Essential Cookies: Required for authentication, security, basic functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Understand usage patterns and improve services
• Session Cookies: Temporary cookies deleted when you close browser

6.2 Managing Cookies:

You can control cookies through browser settings. Disabling essential cookies may affect platform functionality.

7. Your Privacy Rights

7.1 Access & Portability:

• Request a copy of your personal data in machine-readable format
• Access your account information through account settings

7.2 Correction & Update:

• Update your profile information, email, password anytime
• Request correction of inaccurate data

7.3 Deletion & Right to be Forgotten:

• Delete your account and associated data through account settings
• Request complete data deletion (we retain some data for legal compliance)
• Deletion is permanent and cannot be undone

7.4 Opt-Out Rights:

• Unsubscribe from marketing emails (transactional emails cannot be opted out)
• Disable non-essential cookies
• Restrict data processing for specific purposes

7.5 Object & Restrict:

• Object to processing of your data for direct marketing
• Request restriction of processing in certain circumstances

To exercise these rights, contact: privacy@boanalyst.com

8. Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Personal data deleted within 30 days (except legal requirements)
• Transaction Records: Retained for 7 years for tax and legal compliance
• Audit Logs: Retained for 1 year for security purposes
• Backup Data: Removed from backups within 90 days of deletion

9. Children's Privacy

BoAnalyst is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent/guardian and believe your child has provided us with personal information, contact us immediately at privacy@boanalyst.com, and we will delete such information within 48 hours.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by regulatory authorities
• Adequate data protection measures equivalent to applicable laws
• Encryption during transfer and at rest

11. Third-Party Links

Our platform may contain links to third-party websites (movie studios, distributors, news sources). We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any information.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with exceptions)
• Right to opt-out of sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights
• Right to designate an authorized agent

To exercise CCPA rights: privacy@boanalyst.com

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Right to access, rectification, erasure, restriction, portability
• Right to object to processing and automated decision-making
• Right to withdraw consent at any time
• Right to lodge a complaint with supervisory authority

Legal Basis for Processing: Consent, contract performance, legal obligations, legitimate interests

14. Indian Data Protection

We comply with the Information Technology Act, 2000 and applicable Indian data protection laws. Indian users have rights to access, correction, and deletion of personal data.

15. Changes to Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use after changes constitutes acceptance. For material changes, we will provide prominent notice or email notification.