Boq is owned and operated by Dunko LLC ("we", "our", or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information in compliance with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

1. Information We Collect

We collect the following categories of personal information:

Personal identifiers (e.g., name, email address)
Commercial information (e.g., records of purchases or subscriptions)
Internet or network activity (e.g., app usage data)
Fitness data (e.g., workout history, equipment, exercises performed)
Inferences drawn from personal information (e.g., preferences for workout routines)

2. How We Use Your Information

We use the personal information we collect for the following purposes:

To provide and improve our services, including personalized workout routines.
To process transactions and manage subscriptions.
To communicate with you regarding updates, promotions, and customer service.
To analyze usage patterns and optimize the app's features.

3. Sharing Your Information

We may share your personal information with the following third parties:

Amazon Web Services (AWS) for secure cloud hosting and data storage.
RevenueCat for subscription management and payment processing.
Amazon Associates for affiliate link tracking and commission processing.

4. Your Rights Under CCPA

As a California resident, you have the following rights:

The right to know what personal information we collect and how it's used.
The right to access your personal information.
The right to request deletion of your personal information (subject to certain exceptions).
The right to opt-out of the sale of your personal information (we do not sell your personal data).
The right to correct any inaccuracies in your personal information.

5. How to Exercise Your Rights

To exercise your rights under CCPA or GDPR, please contact us at support@boqbands.com. We will respond to your request within the timeframes required by law.

6. Your Rights Under GDPR (EEA Users)

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation:

Legal Basis for Processing: We process your data based on: (a) your consent, (b) performance of a contract with you, (c) compliance with legal obligations, or (d) our legitimate interests in operating and improving the App.
Right to Access: You have the right to request a copy of your personal data.
Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
Right to Erasure: You have the right to request deletion of your personal data, subject to certain exceptions.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data.
Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

7. International Data Transfers

Boq is operated from the United States. If you are accessing our services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States.

For users in the EEA, we ensure that international data transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. Our service providers, including Amazon Web Services (AWS) and RevenueCat, maintain these safeguards as part of their data processing agreements.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

9. Security of Your Information

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, or disclosure.

10. Children's Privacy

Boq does not knowingly collect personal information from children. In the United States, the Children's Online Privacy Protection Act (COPPA) applies to children under 13. In the European Economic Area, the GDPR applies to children under 16 by default (though some member states have lowered this to 13). We do not knowingly collect personal information from children under these applicable age thresholds. If we learn that we have inadvertently collected personal information from a child, we will take steps to delete such information as soon as possible.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or how your personal information is handled, please contact us at support@boqbands.com.