← Back to Home

Privacy Policy

Effective date: 2 September 2025

This Privacy Policy explains how Angry Boss ("we", "us", or "our") collects, uses, discloses, and protects personal data when you visit our marketing website and use our software-as-a-service platform (the "Service"). It also describes your rights and choices. We provide the Service globally; our primary data hosting location is in the European Union. All data is encrypted at rest and in transit.

If any translated version of this Policy conflicts with the English version, the English version controls.

1. Who we are and how to contact us

Data controller: Angry Boss

Email: d7@ukr.net

If we act as a processor on your behalf (see Section 12), your organization is the controller for those datasets.

2. Scope

This Policy covers: (a) our marketing site (including contact forms and newsletters), and (b) our web application where customers register, create projects, connect advertising/accounts, and receive notifications/analytics. Certain features may analyze advertising campaigns and business messaging you choose to connect, and send alerts via channels you configure (e.g., email or a messaging bot).

3. Personal data we collect

We collect the following categories of data, depending on how you interact with the Service:

A. Account & profile data

Identifiers (name, email, password hash), language and time zone, organization/company name, roles, and preferences.

B. Subscription & billing

Plan, status, invoices, tax country, and limited payment metadata. Card details are processed by our payment processor (WayForPay); we do not store full card numbers.

C. Service content you connect or submit

When you connect external platforms (e.g., business pages, ad accounts, or messaging channels), we process the data categories you authorize, such as page/account identifiers, campaign and ad metadata, performance metrics, creative assets (images/video frames), and conversation content/metadata. Access is limited to scopes you grant and can be revoked at any time in your connected platform settings.

D. Analytics inputs

Text and media content that you ask us to analyze with automated tools (e.g., AI-based classifiers). We store such inputs only as long as needed to generate analytics, then delete them, keeping only derived results and non-identifying aggregates. See Section 9.

E. Usage, device, and log data

IP address, device/browser information, pages viewed, timestamps, referring/exit URLs, diagnostic logs, and events for security and performance.

F. Cookies and similar technologies

We use cookies/pixels to remember settings and measure performance. See Section 10.

G. Communications

Your messages to us (support, feedback), and the channels you configure for alerts (e.g., email or messaging bots).

We do not intentionally collect special categories of data (e.g., health, religion) through the Service.

4. How we use personal data

We use personal data for the following purposes and on the following legal bases (EEA/UK):

  • Provide and secure the Service – create and manage accounts, authenticate users, operate features, provide customer support, prevent abuse, and ensure continuity (contract, legitimate interests, legal obligations).
  • Process connected-platform data on your behalf – ingest, analyze, and present metrics/alerts from data sources you connect (contract; we typically act as processor for this item; see Section 12).
  • AI-assisted insights – transform your authorized inputs into analytics and summaries; identify anomalies; surface notifications (contract, legitimate interests, or consent where required).
  • Billing and subscription management – process payments, detect fraud, and handle taxes (contract, legal obligations, legitimate interests).
  • Product analytics and improvement – understand feature usage, fix issues, and improve user experience (legitimate interests; we take steps to de-identify/aggregate wherever possible).
  • Marketing (limited) – measure campaign performance on our site and reach audiences in permitted regions (consent where required; opt-out options in Section 11 and Section 10).
  • Compliance – comply with applicable laws, requests from authorities, and enforce our terms (legal obligations, legitimate interests).

We do not make decisions that produce legal or similarly significant effects based solely on automated processing. Alerts and scores are for operational guidance and remain subject to human oversight.

5. Payment processing

Payments are processed by WayForPay. WayForPay acts as an independent controller for payment card data. We receive limited billing metadata (e.g., card brand/last four digits, transaction status) to manage your subscription. For details on how WayForPay processes personal data, please refer to WayForPay's privacy documentation.

6. Where your data is processed

Hosting: Primary storage is located in the European Union.

International transfers: Some service providers or support personnel may be located outside your country. Where we transfer personal data from the EEA/UK/Switzerland to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and additional safeguards.

7. How we share personal data

We share personal data only with:

  • Service providers (processors) that host our infrastructure, send communications, provide customer support, anti-abuse, and similar operational services. We require contracts imposing confidentiality, security, and data protection obligations.
  • Payment processor (WayForPay) for billing and fraud prevention.
  • Analytics & measurement tools on our marketing site and app (see Section 10) where permitted by law.
  • Third-party platforms you connect – we access and process data from those platforms based on your authorization and their terms; we're not affiliated with them.
  • Legal and compliance recipients – if required by law, court order, or to protect rights, safety, and integrity.
  • Business transfers – in connection with a merger, acquisition, financing, or sale of assets. We will continue to protect data consistent with this Policy and provide notice of any material changes.

We do not sell personal information, and we do not share it for cross-context behavioral advertising where prohibited by law. Where applicable (e.g., in certain U.S. states), you may opt out of "sharing" via the controls described in Section 11 and your cookie preferences in Section 10.

8. Security

We use administrative, technical, and organizational measures designed to protect personal data, including:

  • Encryption in transit (TLS) and at rest; secrets management; network isolation.
  • Access controls (least privilege, MFA for internal staff, logging/monitoring).
  • Data minimization and separation of environments.
  • Vulnerability management and risk assessments.

No system is 100% secure; if we learn of a breach, we will inform affected users and regulators as required by law.

9. Data retention and deletion

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Analytics inputs (e.g., content you submit for analysis and intermediate artifacts such as extracted frames or parsed text) are kept only as long as needed to produce analytics results and quality checks, after which they are deleted, while retaining derived results, scores, and aggregates that no longer identify you or your customers.

System logs and backups are kept for limited periods consistent with security and continuity needs and then deleted or anonymized.

Account deletion: You can delete your account and associated data anytime in Profile → Settings → Delete account. Deletion will remove active copies of your personal data from production systems; residual copies may remain in backups for a limited period and will be purged according to our backup schedule. We may retain certain information where required by law (e.g., invoices/tax records).

10. Cookies, pixels, and analytics

We use cookies and similar technologies to run the Service and measure performance. On our sites and (where applicable) in the app, we use:

  • Google Analytics for audience measurement and performance;
  • Meta Pixel and TikTok Pixel for advertising measurement/attribution (in permitted regions);
  • Microsoft Clarity for session analytics and diagnostics.

Where required by law, we obtain your consent before setting non-essential cookies. You can manage preferences via the Cookie Settings link on our site and through your browser settings (e.g., blocking third-party cookies or using Global Privacy Control, where supported). Disabling certain cookies may impact functionality.

11. Your rights and choices

Your rights depend on your location but may include:

EEA/UK/Switzerland (under GDPR/UK GDPR): the rights to access, rectify, erase, restrict, object, and data portability; and to withdraw consent at any time (without affecting prior lawful processing). You may also lodge a complaint with your supervisory authority.

Certain U.S. states (e.g., California/CPRA): the rights to know/access, delete, correct, and to opt out of sale/sharing (including cross-context behavioral advertising). We do not sell your personal information. To exercise rights or opt out, use the in-product controls, your cookie preferences (Section 10), or email d7@ukr.net. We do not discriminate against you for exercising your rights.

Brazil (LGPD) and other jurisdictions: similar rights may apply. Contact us to exercise them.

To make a request, contact d7@ukr.net from the email associated with your account. We may ask for information to verify your identity and respond within the time limits set by law.

12. Roles and responsibilities (Controller vs. Processor)

For account, billing, product telemetry, and our own marketing data, we act as a data controller.

For data ingested from third-party platforms you connect (e.g., business pages, ad accounts, messaging data) and customer content you submit for analysis, we generally act as a data processor and process such data solely on your documented instructions, to provide the Service.

A Data Processing Addendum (DPA) incorporating the applicable Standard Contractual Clauses is available upon request. If you require a signed DPA, contact d7@ukr.net.

13. Third-party services and links

The Service may integrate with third-party platforms at your request. Your use of those platforms is governed by their own terms and privacy policies. We are not responsible for their practices. You can revoke our access to those platforms at any time in their settings or in our app.

14. Children

Our Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact d7@ukr.net and we will take appropriate steps to delete it.

15. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, if changes are material, notify you via the Service or by email. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

16. How to delete your account

At any time, go to Profile → Settings → Delete account to permanently delete your account and associated data from active systems. You may also email d7@ukr.net for assistance.

17. Contact

If you have questions about this Policy or our data practices, contact d7@ukr.net.

Summary of key points (non-contractual)

  • Global service, EU hosting, encryption at rest and in transit.
  • WayForPay for payments; we don't store full card numbers.
  • GA, Meta Pixel, TikTok Pixel, Microsoft Clarity for analytics/measurement.
  • Delete your account and data at any time in settings.
  • Analytics inputs stored only as long as necessary; we keep only aggregated/derived results thereafter.