BoonRisk

Privacy Policy

Last updated: January 2026

This Privacy Policy explains how BoonRisk, operated by Boon Band ("we," "us," or "our"), collects, uses, and protects information when you use our WordPress security posture assessment platform. We are committed to transparency and protecting your privacy.

1. Information We Collect

1.1 Local Assessment (Free Plugin)

When you use BoonRisk in local mode (the free WordPress plugin without cloud features):

No data leaves your server. The assessment runs entirely within your WordPress installation and stores results locally in your WordPress database. We have zero visibility into your local assessments.

1.2 Cloud Features (Optional)

When you voluntarily connect to cloud features by creating an account and explicitly sending data to our platform, we collect the following technical information about your WordPress installation:

  • WordPress version and core update status
  • PHP version and server configuration
  • Plugin names, versions, and update status
  • Theme names, versions, and update status
  • Site URL and domain name
  • Security configuration flags (debug mode, file editor status, etc.)
  • Server environment details (OS, web server type)
  • Security check results and control evaluation status

1.3 Account Information

When you create a free account to access cloud features, we collect:

  • Email address (for authentication and notifications)
  • Full name (optional, for personalization)
  • Company name (optional)

1.4 Website Usage Data

When you visit boonrisk.com or use our web dashboard, we automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring website

We use this data to analyze usage patterns, improve our service, and ensure platform security.

2. What We Never Collect

We are committed to privacy-first security assessment. We explicitly do not collect:

  • WordPress user passwords, credentials, or authentication tokens
  • Site content (posts, pages, comments, media files)
  • Database contents or custom post type data
  • Customer, subscriber, or visitor personal information
  • E-commerce data, orders, or payment information
  • Form submissions or user-generated content
  • Analytics or tracking data from your site's visitors
  • Files from your WordPress uploads directory

3. How We Use Your Information

We use collected information for the following purposes:

  • Security Assessment: To evaluate your WordPress site's security posture and generate reports
  • Monitoring: To track security posture changes over time (cloud features only)
  • Notifications: To alert you about critical security issues or important updates
  • Service Improvement: To analyze usage patterns and improve BoonRisk features
  • Customer Support: To respond to your questions and provide technical assistance
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Storage and Security

We take data security seriously:

  • All cloud data is stored on secure servers with industry-standard encryption
  • Data in transit is encrypted using TLS/SSL protocols
  • Access to your data is restricted to authorized personnel only
  • We regularly audit our security practices and infrastructure
  • We implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, or loss

5. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Assessment Data: Retained for historical tracking purposes, but can be deleted on request
  • Website Usage Data: Aggregated and anonymized after 12 months

6. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of the data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your assessment data in machine-readable format
  • Opt-out: Unsubscribe from marketing emails (you'll still receive critical service notifications)
  • Object: Object to processing of your data for specific purposes

To exercise these rights, contact us at [email protected]

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform (e.g., hosting, analytics). These providers are contractually obligated to protect your data.
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, with advance notice to you
  • With Your Consent: When you explicitly authorize us to share specific data

8. Third-Party Services

BoonRisk may integrate with third-party services for enhanced functionality. When you choose to connect these services (e.g., Cloudflare, vulnerability scanners), you are subject to their respective privacy policies.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before connecting them to BoonRisk.

9. Cookies and Tracking

BoonRisk uses cookies and similar technologies for:

  • Authentication and session management
  • Remembering your preferences
  • Analytics and performance monitoring

You can control cookies through your browser settings, but disabling cookies may affect service functionality.

10. Children's Privacy

BoonRisk is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete it promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on our website or dashboard

Your continued use of BoonRisk after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Boon Band
Lviv, Ukraine