Privacy Policy

Boafo Agent is a software product operated by Boafo Digital Ltd ("Boafo", "we", "us", "our"), a company registered in England and Wales. Contact: hello@boafo.digital. For the purposes of the UK GDPR and the Data Protection Act 2018, Boafo Digital Ltd is the data controller of the personal data described in this policy, except where we act as a processor on behalf of our business customers (see section 4).

This policy applies to the marketing website at ai.boafo.digital, the Boafo Agent admin console, AI Employee chat widgets embedded on customer websites, demo requests, lead forms, the ROI calculator, our email communications, and any future paid subscriptions or one-time onboarding fees processed through our payment partners.

• Contact and enquiry data: name, work email, phone (optional), company, website, industry, employee range, plan of interest, onboarding preference, and the free-text message you submit through demo, contact, pricing-interest, early-access or lead forms.
• Conversation data: messages exchanged with our website assistant and any AI Employee deployed on a customer site, including any contact details a visitor chooses to share.
• ROI calculator inputs: the numbers you enter to estimate recovered revenue. Stored to improve the calculator and follow up if requested.
• Account and access data: email, hashed authentication credentials and role for admin console users.
• Usage and device data: IP address, user agent, pages visited, referrer, UTM parameters, events such as page views, CTA clicks, pricing views, ROI start/complete, demo start/complete and lead completion.
• Payment data (future): when self-serve checkout is enabled, Stripe will process your card details directly. We receive a transaction reference, billing email, last four digits, country and the plan purchased. We never see or store full card numbers.

When an AI Employee runs on a customer website, our business customer is the controller of any personal data their visitors submit through the chat widget. Boafo Agent processes that data on their behalf under a Data Processing Agreement that mirrors UK GDPR Article 28 requirements. We do not use customer chat data to train shared AI models.

• Respond to enquiries and run demos. Lawful basis: legitimate interests, or steps to enter a contract at your request.
• Provide the AI Employee service. Lawful basis: contract performance with our business customers.
• Send service emails (lead notifications, booking confirmations, calendar invitations, follow-ups, onboarding updates). Lawful basis: contract performance or legitimate interests.
• Send marketing emails only to business contacts who opt in or are existing customers in line with the PECR soft opt-in. You can unsubscribe at any time.
• Measure site and product performance via Google Analytics 4 and Microsoft Clarity. Lawful basis: consent where required, legitimate interests otherwise. See cookies below.
• Take payment for one-time onboarding fees and recurring subscriptions, when those features are enabled. Lawful basis: contract performance and legal obligation (tax, accounting).
• Prevent abuse and keep the platform secure. Lawful basis: legitimate interests and legal obligation.

We use a small number of cookies and similar identifiers:

• Strictly necessary: session, authentication and security cookies. Always on.
• Analytics: Google Analytics 4 (`_ga`, `_gid`) and Microsoft Clarity (`_clck`, `_clsk`, `MUID`) to measure traffic, funnel performance and CTA behaviour. Set with consent where required by UK PECR / EU ePrivacy rules.
• Attribution: first-party storage of UTM parameters to attribute leads to their source.

You can clear or block cookies through your browser. Blocking analytics cookies does not affect access to the service.

We share personal data only with vetted processors who help us run the service, under contracts that meet UK GDPR requirements:

• Cloud hosting and database (Supabase, Cloudflare).
• Email delivery (Resend) for service and lead notifications.
• Calendar and meeting links (Google Calendar with Google Meet).
• Analytics (Google Analytics 4, Microsoft Clarity).
• AI model providers used to power AI Employee responses.
• Payment processing (Stripe) when paid plans are enabled.
• Professional advisers, regulators or law enforcement where legally required.

We do not sell personal data.

Some processors are based outside the UK and EEA. Where personal data is transferred to such a country, we rely on UK adequacy regulations, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism. Details are available on request.

• Lead and demo enquiries: up to 24 months after last contact, then deleted or anonymised.
• Customer conversation logs: for the duration of the customer contract plus 12 months, unless the customer requests earlier deletion.
• Billing and tax records (when payments are enabled): 6 years, as required by HMRC.
• Analytics data: per the GA4 and Clarity defaults, typically 14 to 26 months.

Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time without affecting the lawfulness of prior processing. Exercise any of these rights by emailing hello@boafo.digital. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

We use encryption in transit (TLS) and at rest, tenant isolation via row-level security, scoped API keys, audit logs and least-privilege access controls. No system is perfectly secure: please use a strong unique password for any admin account and notify us immediately if you suspect unauthorised access.

Boafo Agent is a B2B service not directed to children. We do not knowingly collect personal data from anyone under 16.

We may update this policy from time to time. The "Last updated" date above reflects the latest revision. Material changes will be highlighted on the site or notified by email where appropriate.

Privacy questions, rights requests and data protection enquiries: hello@boafo.digital.