Privacy Policy
How Boomerang collects and uses your information.
Table of Contents
Definitions and Scope
In this Privacy Policy ("Policy"), "Boomerang", "we", "us", and "our" refer to the Boomerang service and its operating entity. "You" and "your" refer to the individual or organisation accessing or using our services. "Services" means, collectively, our website and any domains or subdomains (the "Site"), the Boomerang Discord app (the "App"), our application programming interface (the "API"), and related applications, tools, or features we provide.
This Policy explains how we collect, use, disclose, store, protect, and otherwise process personal data when you use the Services. It should be read together with our Terms of Service at bmrg.app.
Introduction
Scope and Acceptance
Please read this Policy before accessing or using the Services. The Services may expand or change at any time, with or without prior notice, at Boomerang’s discretion. By accessing or using the Services, you acknowledge that your data is processed in accordance with this Policy. If you disagree with any part of this Policy, do not use the Services.
Policy Acceptance and Revisions
We may update this Policy from time to time. Where changes are material, we will take reasonable steps to notify you through the Services or other appropriate means. The effective date appears above. Continued use after the effective date constitutes acceptance of the updated Policy.
Data We Collect
Account and Discord Data
- Public user information (usernames, unique identifiers, and avatars).
- Public server (guild) information (names, unique identifiers, roles, icons, and channels).
Server Configuration and Feature Data
Administrators who connect or configure the App acknowledge that related configuration and usage information they submit may be logged to our systems to operate and troubleshoot the Services.
- Configuration data (roles, channels, strings, options, and settings you provide or adjust).
- Feature and command parameters needed to deliver functionality.
Usage, Logs, and Diagnostics
- Command, feature, and API usage logs (user, command or endpoint, parameters where relevant, timestamps, server identifiers, and technical metadata).
- Device and technical data (IP address, user agent, log files, diagnostics, performance metrics, and crash reports).
Support Request Data
Content you submit when opening a support ticket through our Discord server, together with any categorisation, routing information, or draft responses generated from that content.
Cookies and Site Data
We use cookies and similar technologies on the Site. See the "Cookies and Tracking Technologies" section for details.
Sources of Data
- Directly from you when you interact with the Services.
- From Discord as permitted by your authorisations and Discord’s platform policies.
- From cookies and similar technologies when you use the Site.
- From our processors and service providers (for example, payment and analytics providers) where permitted.
How We Use Data
Service Delivery
- Provide, operate, and maintain the Services.
- Configure and deliver features you choose to use.
- Provide customer support and respond to enquiries.
- Analyse and route support requests submitted through our Discord server using automated tools, including generating draft responses for review.
Safety, Abuse Prevention, and Compliance
- Monitor, secure, and protect the Services, including fraud prevention and abuse detection.
- Comply with legal obligations and enforce our Terms of Service.
Analytics and Product Improvement
- Analyse Service usage to improve reliability, performance, and user experience.
- Conduct aggregated, de-identified analytics and reporting.
Payments and Subscriptions
- Process payments and manage subscriptions.
- Communicate about billing, changes, and service updates.
Legal Bases for Processing
Where applicable (e.g., the UK or EEA), we process personal data under one or more of the following legal bases:
- Performance of a contract: to provide and support the Services you request.
- Legitimate interests: to secure, improve, and operate the Services in a way that is proportionate and respects your rights.
- Consent: where required for specific optional activities (for example, certain cookies).
- Legal obligation: to comply with laws, court orders, and regulatory requirements.
In Australia, we handle personal information in accordance with the Australian Privacy Principles to the extent they apply.
Payment Information
Processors
If you purchase access to the Services, payments are processed by third-party providers including Stripe and Chargebee. Boomerang does not store full payment card details.
Policies and Compliance
Information handled by payment processors is subject to their privacy policies and compliance frameworks (for example, PCI DSS). You should review their privacy policies for details: stripe.com/privacy and www.chargebee.com/privacy/.
Analytics and Monitoring Tools
Vendors We Use
We use analytics and monitoring providers to help operate, measure, and improve the Services, including Mixpanel and New Relic.
- Mixpanel: product analytics for feature usage and engagement. Privacy Policy: mixpanel.com/legal/privacy-policy/
- New Relic: performance and availability monitoring. Privacy Policy: newrelic.com/termsandconditions/privacy
Data Handling
These providers may receive pseudonymous identifiers, event data, and technical telemetry. We configure them to avoid collecting unnecessary personal data and to respect applicable platform policies.
Your Choices
Where required by law, we request consent for analytics cookies and similar technologies. Some providers offer their own opt-out mechanisms; consult their policies for details.
International Transfers
Locations
Your information may be transferred to, stored in, and processed in countries other than your own. Our primary infrastructure is hosted in the United States of America, including New York and other destinations, and in other jurisdictions where our providers operate.
Safeguards
If you are outside Australia and choose to provide information, you acknowledge that your data may be transferred to and processed in Australia and the United States. Where required by law (e.g., UK or EEA), we implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent mechanisms.
Security
Measures
We implement administrative, technical, and organisational measures designed to protect personal data. No system is perfectly secure, and transmission over the internet carries inherent risks.
Access Controls
Only authorised personnel may access user data for legitimate purposes and subject to confidentiality obligations. We continuously work to improve safeguards and limit sensitive data collection.
Data Retention
Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.
Operational Records
Operational logs and analytics may be retained for longer periods where needed for security, auditing, and improvement, and may be aggregated or de-identified.
Children
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so that we can take appropriate action.
Your Privacy Rights
Global Rights
Subject to applicable law, you may have the right to access, rectify, erase, or port your personal data, and to restrict or object to certain processing. Where processing relies on consent, you may withdraw consent at any time; this does not affect the lawfulness of processing prior to withdrawal.
How to Exercise Your Rights
To exercise your rights, email [email protected] with sufficient detail to identify you and your request. We may need to verify your identity. We do not accept such requests via our support server, direct messages, or other channels.
Regulatory Contacts
Residents of some jurisdictions may also have the right to lodge a complaint with a supervisory authority. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au/.
Data Removal and Service Impact
Deletion Requests
You may request deletion of personal data by emailing [email protected]. We will assess and action requests in accordance with applicable law and our operational requirements. Certain records (for example, security logs or audit trails) may be retained where we have a lawful basis, including for safety, fraud prevention, and compliance.
Effect on Access
If we delete your core account data, your ability to use the Services will cease. Publicly available artefacts or de-identified operational records may be retained where legally or operationally necessary.
Administrator and Server Data
If you are a server administrator and configure the App, the configuration, role, channel, and related settings you submit may be processed and stored to provide and support the Services. You are responsible for ensuring that your use of the Services and any data you submit complies with applicable laws and Discord’s policies.
Automated Decision-Making
We use automated tools, including artificial intelligence, to analyse and route support requests submitted through our Discord server and to assist in preparing responses to them. Requests sent by email to [email protected] are handled by our support team directly and are not processed by AI. Where a request relates to a matter that could reasonably be expected to significantly affect your rights or interests, such as an account exclusion or ban, a human reviews the matter before any action is taken. We do not use automated systems to make final decisions of that kind without human involvement.
If you prefer that your support request not be processed by AI, you may contact us by email at [email protected] instead of opening a ticket through Discord.
Changes to This Policy
We may amend this Policy to reflect operational, legal, or regulatory changes. Material changes will be highlighted through the Services or by other appropriate means. The updated Policy becomes effective on the date shown above.
Contact and Complaints
Contact Us
For questions or concerns about this Policy or our privacy practices, email [email protected]. We generally respond within 72 hours, though complex matters may take longer. If we require additional information to process your request or complaint, we will contact you.
Urgent Matters
Urgent law enforcement enquiries and reports of critical security issues should be sent to [email protected]. Non-urgent messages sent to this address may be discarded without response.
