Logo
Boomerang
Privacy Policy
Last Updated: 4 July 2026

Privacy Policy

How Boomerang collects and uses your information.

Last Updated: 4 July 2026

Table of Contents

Definitions and Scope

In this Privacy Policy ("Policy"), "Boomerang", "we", "us", and "our" refer to the Boomerang service and its operating entity. "You" and "your" refer to the individual or organisation accessing or using our services. "Services" means, collectively, our website and any domains or subdomains (the "Site"), the Boomerang Discord app (the "App"), our application programming interface (the "API"), and related applications, tools, or features we provide.

This Policy explains how we collect, use, disclose, store, protect, and otherwise process personal data when you use the Services. It should be read together with our Terms of Service at bmrg.app.

Introduction

Scope and Acceptance

Please read this Policy before accessing or using the Services. The Services may expand or change at any time, with or without prior notice, at Boomerang’s discretion. By accessing or using the Services, you acknowledge that your data is processed in accordance with this Policy. If you disagree with any part of this Policy, do not use the Services.

Policy Acceptance and Revisions

We may update this Policy from time to time. Where changes are material, we will take reasonable steps to notify you through the Services or other appropriate means. The effective date appears above. Continued use after the effective date constitutes acceptance of the updated Policy.

Data We Collect

Account and Discord Data

  • Public user information (usernames, unique identifiers, and avatars).
  • Public server (guild) information (names, unique identifiers, roles, icons, and channels).

Server Configuration and Feature Data

Administrators who connect or configure the App acknowledge that related configuration and usage information they submit may be logged to our systems to operate and troubleshoot the Services.

  • Configuration data (roles, channels, strings, options, and settings you provide or adjust).
  • Feature and command parameters needed to deliver functionality.

Usage, Logs, and Diagnostics

  • Command, feature, and API usage logs (user, command or endpoint, parameters where relevant, timestamps, server identifiers, and technical metadata).
  • Device and technical data (IP address, user agent, log files, diagnostics, performance metrics, and crash reports).

Support Request Data

Content you submit when opening a support ticket through our Discord server, together with any categorisation, routing information, or draft responses generated from that content.

Cookies and Site Data

We use cookies and similar technologies on the Site. See the "Cookies and Tracking Technologies" section for details.

Sources of Data

  • Directly from you when you interact with the Services.
  • From Discord as permitted by your authorisations and Discord’s platform policies.
  • From cookies and similar technologies when you use the Site.
  • From our processors and service providers (for example, payment and analytics providers) where permitted.

How We Use Data

Service Delivery

  • Provide, operate, and maintain the Services.
  • Configure and deliver features you choose to use.
  • Provide customer support and respond to enquiries.
  • Analyse and route support requests submitted through our Discord server using automated tools, including generating draft responses for review.

Safety, Abuse Prevention, and Compliance

  • Monitor, secure, and protect the Services, including fraud prevention and abuse detection.
  • Comply with legal obligations and enforce our Terms of Service.

Analytics and Product Improvement

  • Analyse Service usage to improve reliability, performance, and user experience.
  • Conduct aggregated, de-identified analytics and reporting.

Payments and Subscriptions

  • Process payments and manage subscriptions.
  • Communicate about billing, changes, and service updates.

Payment Information

Processors

If you purchase access to the Services, payments are processed by third-party providers including Stripe and Chargebee. Boomerang does not store full payment card details.

Policies and Compliance

Information handled by payment processors is subject to their privacy policies and compliance frameworks (for example, PCI DSS). You should review their privacy policies for details: stripe.com/privacy and www.chargebee.com/privacy/.

Cookies and Tracking Technologies

Types of Cookies

  • Essential cookies: required for core functionality.
  • Functional cookies: remember preferences and settings.
  • Analytics cookies: help us understand usage and improve the Services.

Controls

Where required by law, we request consent for non-essential cookies. You can control cookies through your browser settings; disabling cookies may affect functionality.

Analytics and Monitoring Tools

Vendors We Use

We use analytics and monitoring providers to help operate, measure, and improve the Services, including Mixpanel and New Relic.

Data Handling

These providers may receive pseudonymous identifiers, event data, and technical telemetry. We configure them to avoid collecting unnecessary personal data and to respect applicable platform policies.

Your Choices

Where required by law, we request consent for analytics cookies and similar technologies. Some providers offer their own opt-out mechanisms; consult their policies for details.

Sharing and Disclosure

Service Providers and Processors

We do not sell personal data. We may disclose personal data to service providers and processors (e.g., hosting, storage, security, analytics, payments) under appropriate contracts.

We use Groq as an AI inference provider to process support requests submitted through our Discord server. Groq acts as an independent processor, does not sell or share this data, and retains it only as long as necessary to provide the service. Privacy Policy: groq.com/privacy-policy/

Platform Partners

We may share information with platform partners (e.g., Discord) in line with your authorisations and their policies.

International Transfers

Locations

Your information may be transferred to, stored in, and processed in countries other than your own. Our primary infrastructure is hosted in the United States of America, including New York and other destinations, and in other jurisdictions where our providers operate.

Safeguards

If you are outside Australia and choose to provide information, you acknowledge that your data may be transferred to and processed in Australia and the United States. Where required by law (e.g., UK or EEA), we implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent mechanisms.

Security

Measures

We implement administrative, technical, and organisational measures designed to protect personal data. No system is perfectly secure, and transmission over the internet carries inherent risks.

Access Controls

Only authorised personnel may access user data for legitimate purposes and subject to confidentiality obligations. We continuously work to improve safeguards and limit sensitive data collection.

Data Retention

Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Operational Records

Operational logs and analytics may be retained for longer periods where needed for security, auditing, and improvement, and may be aggregated or de-identified.

Children

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so that we can take appropriate action.

Your Privacy Rights

Global Rights

Subject to applicable law, you may have the right to access, rectify, erase, or port your personal data, and to restrict or object to certain processing. Where processing relies on consent, you may withdraw consent at any time; this does not affect the lawfulness of processing prior to withdrawal.

How to Exercise Your Rights

To exercise your rights, email [email protected] with sufficient detail to identify you and your request. We may need to verify your identity. We do not accept such requests via our support server, direct messages, or other channels.

Regulatory Contacts

Residents of some jurisdictions may also have the right to lodge a complaint with a supervisory authority. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au/.

Data Removal and Service Impact

Deletion Requests

You may request deletion of personal data by emailing [email protected]. We will assess and action requests in accordance with applicable law and our operational requirements. Certain records (for example, security logs or audit trails) may be retained where we have a lawful basis, including for safety, fraud prevention, and compliance.

Effect on Access

If we delete your core account data, your ability to use the Services will cease. Publicly available artefacts or de-identified operational records may be retained where legally or operationally necessary.

Administrator and Server Data

If you are a server administrator and configure the App, the configuration, role, channel, and related settings you submit may be processed and stored to provide and support the Services. You are responsible for ensuring that your use of the Services and any data you submit complies with applicable laws and Discord’s policies.

Automated Decision-Making

We use automated tools, including artificial intelligence, to analyse and route support requests submitted through our Discord server and to assist in preparing responses to them. Requests sent by email to [email protected] are handled by our support team directly and are not processed by AI. Where a request relates to a matter that could reasonably be expected to significantly affect your rights or interests, such as an account exclusion or ban, a human reviews the matter before any action is taken. We do not use automated systems to make final decisions of that kind without human involvement.

If you prefer that your support request not be processed by AI, you may contact us by email at [email protected] instead of opening a ticket through Discord.

Changes to This Policy

We may amend this Policy to reflect operational, legal, or regulatory changes. Material changes will be highlighted through the Services or by other appropriate means. The updated Policy becomes effective on the date shown above.

Contact and Complaints

Contact Us

For questions or concerns about this Policy or our privacy practices, email [email protected]. We generally respond within 72 hours, though complex matters may take longer. If we require additional information to process your request or complaint, we will contact you.

Urgent Matters

Urgent law enforcement enquiries and reports of critical security issues should be sent to [email protected]. Non-urgent messages sent to this address may be discarded without response.