Privacy Policy

Your privacy is critically important to us. At Borumi, we follow these principles:

We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
We store personal information for only as long as we have a reason to keep it.
We aim for full transparency on how we gather, use, and share your personal information.

Below is our Privacy Policy, which incorporates and clarifies these principles.

Who is the data controller

The Data Controller of your personal data is:

Federico Terzi

Address: Via Giulio Cesare Croce 26, San Giovanni in Persiceto, Bologna, Italy

In all matters regarding our services, including the processing of your personal data, you can contact us at [email protected]

What this policy covers

This Privacy Policy applies to the information that we collect about you when you use:

Our websites (including borumi.com)
Our mobile applications (including the Borumi iOS and Android apps)
Our desktop applications (including the Borumi macOS and Windows apps)

Throughout this Privacy Policy we’ll refer to our websites, mobile applications, desktop applications, and other products and services collectively as “Services.”

Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

What is the information we collect

We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.

We collect this information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.

Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us directly. Here are some examples:

Basic account information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a Borumi account to provide an email address and password, along with a username or name.
Payment and contact information: There are various ways in which you may provide us payment information and associated contact information. For example, if you buy something from us, we’ll collect information to process those payments and contact you. If you buy something from us, such as a subscription or a licence for Borumi, you’ll provide additional personal and payment information like your name, credit card information, and contact information. We also keep a record of the purchases you’ve made.
Communications with us: You may also provide us with information when you respond to surveys, join our waitlists, communicate with our customer support team, post a question in our public forums, or sign up for a newsletter. When you communicate with us via form or email, we store a copy of our communications.

Information We Collect Automatically

We also collect some information automatically:

Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, language preference, the date and time of access, operating system. We collect this information for security reasons, such as to identify potential attackers, and for statistical purposes, such as to track the performance of our Services.
Transactional information: When you make a purchase through our Services, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.
Error reporting: In case of errors in our Services, we also gather diagnostic reports to help us develop our product and avoid such errors in the future. In such case, we collect your log data such as IP address, device name, operating system version, app configuration, time and date of the error, and other statistics.
Activity information: In order to monitor and improve our Services, we collect (anonymous) usage data, such as when the application is opened, or when a certain feature is used. Before gathering this data, we take several precautions to completely anonymize the data, such as stripping away personal information. Moreover, we don’t use a persistent session identifier (eg. cookie) to correlate events between different sessions, and every time the application is restarted, or the webpage is refreshed, we generate a new session identifier.
Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions. We might also use the location information to enable certain payment providers for users on certain geographic areas.

Information We Collect from Other Sources

We may also get information about you from other sources. For example:

Third Party Login: If you create or log in to your Borumi account through another service (like Google) we’ll receive associated login information (e.g. a connection token, your username, your email address)

How and Why We Use Information

Purposes for Using Information

We use information about you for the purposes listed below:

To provide our Services. For example, to set up and maintain your account, provide customer service, process payments and orders, and verify user information.
To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services. Or, for example, by monitoring and analyzing how users interact with our Services so we can create new features that we think our users will enjoy and make our Services easier to use.
To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Borumi and others, which may result in us, for example, declining a transaction or terminating Services.
To fix problems with our Services. For example, by monitoring, debugging, repairing, and preventing issues.
To communicate with you. For example, by emailing you to ask for your feedback, to notify you when a waitlist product is ready, marketing emails, share tips for getting the most out of our products, or keep you up to date on Borumi. Note that marketing emails will never be sent without your explicit opt-in, that you can always revoke.

Legal Bases for Collecting and Using information

The processing of your personal data is based on the following legal grounds:

Responding to your inquiries: Processing is carried out either to pursue our legitimate interest in providing information about our activities (Article 6(1)(f) of the GDPR) or to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR).
Provision of electronic services: Processing is necessary to fulfill our contractual obligations to you, as outlined in Article 6(1)(b) of the GDPR.
Establishing, exercising, or defending legal claims and ensuring the security of your data: Processing is justified by our legitimate interest in protecting our rights and safeguarding your information, as specified in Article 6(1)(f) of the GDPR.
Analytical and statistical purposes: Processing is based on our legitimate interest in improving our services and communicating about our activities, in accordance with Article 6(1)(f) of the GDPR.
Marketing purposes: Marketing purposes (such as promotional emails) will only be performed after an explicit consent, so in accordance to Article 6(1)(a) of the GDPR
Waitlist notifications: If you subscribed to one of our waitlists, we’ll notify you as soon as the product or feature is ready for early access. We’ll do so after your explicit consent during the waitlist registration, so in accordance to Article 6(1)(a) of the GDPR.

How Long We Keep Information

We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it.

For example, we keep web server logs that record information about a visitor to one of Borumi’s websites, like the visitor’s IP address, browser type, and operating system, for approximately 30 days. We retain the logs for this period of time in order to, among other things, analyze traffic to Borumi’s websites and investigate issues if something goes wrong on one of our websites.

Transferring Information

Because our Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, or third-party data processors. This is required for the purposes listed in the “How and Why We Use Information” above.

When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include entering into European Commission approved standard contractual arrangements with entities based in countries outside the EEA.

You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.

Cloudflare

We use Cloudflare as a CDN (Content Delivery Network) for our website and assets.

Address:

Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA

Please be aware that Cloudflare may process your data on servers located outside of the European Economic Area.

You can find Cloudflare’s Privacy Policy at: https://www.cloudflare.com/privacypolicy/

Sentry

To track and diagnose issues within the Application, we use an external service called sentry.io. If a user encounters an error while using our Application, the details are automatically uploaded in the background. This allows us to analyze the frequency, timing, and context of the errors, including what actions the user was performing when the error occurred. However, please note that we do not have access to user content such as videos, audio, or camera recordings; our sole intention is to improve our Application.

Sentry is provided by Functional Software, Inc. d/b/a Sentry.

Address:

Functional Software, Inc.

45 Fremont Street, 8th Floor

San Francisco, CA 94105

USA

Please be aware that Sentry may process your data on servers located in the United States, outside of the European Economic Area.

You can find Sentry’s Privacy Policy at: https://sentry.io/privacy

Google

We use Google Workspace to handle some of our business operations, including some email communications. When you communicate with us, Google could act as the service provider. We also use Google Workspace Forms to handle some of our waitlists and surveys.

Please be aware that Google may process your data on servers located in the United States, outside of the European Economic Area.

You can find Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en-US

Microsoft

We use Microsoft services to handle some of our business operations, including some email communications. When you communicate with us, Microsoft could act as the service provider.

Please be aware that Microsoft may process your data on servers located in the United States, outside of the European Economic Area.

You can find Microsoft’s Privacy Policy at: https://privacy.microsoft.com/en-gb/privacystatement

The conditions of data provision

Providing your data is optional; however, certain categories may be marked as required. If you do not provide the mandatory information, you may be unable to fully utilize our Services. Your personal data is either provided directly by you or collected through technologies when you connect to our website (e.g., IP address).

Security

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Services for potential vulnerabilities and attacks.

Children’s Privacy

Our Services are not intended for individuals under the age of 13. We do not intentionally collect personally identifiable information from children under 13. If we become aware that a child under 13 has shared personal information with us, we will promptly delete it from our servers. If you are a parent or guardian and you know that your child has provided us with personal information, please contact us so we can take the appropriate actions.

Your Rights

If you are located in certain parts of the world, including some US states and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.

Email choices

If you explicitly agreed to it, you might receive marketing emails from Borumi. You can always opt out of marketing emails by utilizing the “unsubscribe” link in the emails, or by contacting us at [email protected]

Note that you might still receive transactional emails (eg. password-reset emails), which are necessary to provide you with our Services.

If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:

Request access to your personal data;
Request correction or deletion of your personal data;
Object to our use and processing of your personal data;
Request that we limit our use and processing of your personal data; and
Request portability of your personal data.

You also have the right to make a complaint to a government supervisory authority.

US Privacy Laws

Laws in some US states require us to provide residents with additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it. You’ll find that information in this section (if you are a California resident, please note that this is the Notice at Collection we are required to provide you under California law).

In the last 12 months, we collected the following categories of personal information, depending on the Services used:

Identifiers (like your name, contact information, and device user agent);
Commercial information (your billing information and purchase history, for example);
Internet or other electronic network activity information (such as your usage of our Services);
Geolocation data (such as your location based on your IP address);
Audio, electronic, visual or similar information (such as your profile picture, if you uploaded one);

In some US states you have additional rights subject to any exemptions provided by your state’s respective law, including the right to:

Request a copy of the specific pieces of information we collect about you and, if you’re in California, to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, and the categories of third parties we share it with;
Request deletion of personal information we collect or maintain;
Request correction of personal information we collect or maintain;
Opt out of the sale or sharing of personal information;
Receive a copy of your information in a readily portable format; and
Not receive discriminatory treatment for exercising your rights.

When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user, we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.

Appeals Process for Rights Requests Denials

In some circumstances we may deny your request to exercise one of these rights. For example, if we cannot verify that you are the account owner we may deny your request to access the personal information associated with your account. As another example, if we are legally required to maintain a copy of your personal information we may deny your request to delete your personal information.

In the event that we deny your request, we will communicate this fact to you in writing. You may appeal our decision by responding in writing to our denial email and stating that you would like to appeal. All appeals will be reviewed by an internal expert. In the event that your appeal is also denied this information will be communicated to you in writing.

If your appeal is denied, in some US states you may refer the denied appeal to the state attorney general if you believe the denial is in conflict with your legal rights. The process for how to do this will be communicated to you in writing at the same time we send you our decision about your appeal.

Privacy Policy Changes

Although most changes are likely to be minor, we may change the Privacy Policy from time to time. We encourage visitors to frequently check this page for any changes to its Privacy Policy. If we make changes, we will notify you by revising the change log below, and, in some cases, we may provide additional notice (like adding a statement to our homepage or the Borumi Blog, or sending you a notification through email or your dashboard). Your further use of the Services after a change to our Privacy Policy will be subject to the updated policy.

CC-SA License

This policy was derived from the Automattic privacy policy, available under the CC-SA license here.