Privacy Policy

Last Updated: January 15, 2025

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Request a demo or consultation
• Fill out contact forms on our website
• Subscribe to our newsletter or communications
• Engage our services for fraud detection, DRM, casino AI, or bespoke software development
• Communicate with us via email or phone

Personal information may include:

• Name and contact information (email address, phone number)
• Company name and job title
• Business requirements and project details
• Billing and payment information (processed securely through third-party payment processors)
• Communication preferences

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• IP address and geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Date and time of visits

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze website traffic, and understand user behavior. You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide credit card fraud detection, DRM services, casino AI design, and bespoke software development
• Communication: To respond to inquiries, provide customer support, and send service updates
• Contract Management: To process agreements, invoices, and manage client relationships
• Website Improvement: To analyze usage patterns and improve our website functionality
• Marketing: To send relevant information about our services (with your consent)
• Legal Compliance: To comply with applicable laws and regulations in Costa Rica and internationally
• Security: To protect against fraud, security breaches, and malicious activity

3. Data Processing for Specialized Services

3.1 Credit Card Fraud Detection Services

When providing fraud detection services, we process transaction data, behavioral analytics, and risk indicators solely for the purpose of identifying fraudulent activities. All data is processed in accordance with PCI DSS standards and applicable data protection regulations. We implement strict access controls and encryption to protect sensitive financial information.

3.2 DRM Services

For DRM implementations (Widevine, FairPlay, PlayReady), we process content encryption keys, license information, and device identifiers. All cryptographic materials are handled with enterprise-grade security measures and are never stored in plain text.

3.3 Casino AI Design

Our casino AI systems process player behavior data, gaming analytics, and operational metrics. We ensure compliance with gaming regulations and implement responsible gaming protections. All data is anonymized where possible and processed in accordance with industry best practices.

3.4 Bespoke Software Development

During custom software development projects, we may process client business data, technical specifications, and proprietary information under strict non-disclosure agreements (NDAs). All client data is segregated and protected with appropriate security measures.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our business (hosting, payment processing, analytics)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our clients
• With Consent: When you have given explicit consent for specific disclosures

5. International Data Transfers

Boondon is based in San José, Costa Rica. If you are accessing our services from outside Costa Rica, please be aware that your information may be transferred to, stored, and processed in Costa Rica or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses and compliance with applicable data protection frameworks.

6. Data Security

We implement comprehensive security measures to protect your information:

• Industry-standard encryption (TLS/SSL) for data transmission
• Encrypted storage for sensitive data at rest
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection and security practices
• Incident response procedures and breach notification protocols
• Compliance with PCI DSS for payment card data
• ISO 27001 information security management practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When information is no longer needed, we securely delete or anonymize it. Retention periods vary based on the type of data and applicable legal requirements (e.g., financial records, contract documents, audit trails).

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing activities, including marketing communications
• Restriction: Request restriction of processing in certain circumstances
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at [email protected] or [email protected]. We will respond to your request within 30 days.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

11. GDPR Compliance (for EU Clients)

For clients in the European Union, we comply with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently. Our legal bases for processing include: contract performance, legal obligations, legitimate interests, and consent. You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, please contact us using the information below.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Governing Law

This Privacy Policy is governed by the laws of Costa Rica. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of San José, Costa Rica, except where required otherwise by applicable data protection laws.