Privacy Policy
Version 1.0 · Effective Date: April 17, 2026 · Last Updated: April 17, 2026
The short version
The BoothOffer customer-facing app is built to work without an account. We do not collect names, email addresses, phone numbers, or any other personal identifier from Customers. The only Customer data stored is an anonymous session ID (in a cookie), the photos of items and price tags you upload, the offers you submit, and the chat messages exchanged during negotiation.
Vendors (the businesses using BoothOffer to negotiate on their behalf) create accounts and provide standard business contact and billing information. This policy describes both sides in detail below.
1. Introduction & Data Controller
This Privacy Policy explains how Optera AI LLC collects, uses, and protects information in connection with BoothOffer (the “Service”). It is written to be consistent with the GDPR, UK GDPR, the CCPA/CPRA, other U.S. state privacy laws, and PIPEDA.
Data Controller
Optera AI LLC
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
Email: privacy@boothoffer.com
Scope
This policy covers information we control directly: Vendor account, billing, and usage data; and the anonymous Customer session data described in Section 2. Where a Vendor invites team members or organizes multiple booths, the Vendor is the controller of that operational data within its own account and Optera AI LLC acts as a processor.
2. Information We Collect
Vendors — information you provide
- Account registration: name, email address, password (stored as a hash).
- Optional profile information: phone number, business name, mall or location, booth numbers.
- Billing: plan selection and payment details, which you provide to Stripe. We receive a tokenized reference and transaction metadata; we do not store full card numbers.
- Negotiation settings: auto-accept threshold, hard floor, personality, category overrides, escalation preferences, and hold-window configuration.
- Support communications: messages you send us by email or in-app chat.
Vendors — information collected automatically
- IP address, browser type, operating system, and device type.
- Usage data: pages visited, features used, offer volume, AI escalation frequency, and time spent in the dashboard.
- Log data: access times, error logs, and referring URLs.
- Cookies used to maintain your login session and remember preferences (see Section 8).
Customers — what we do not collect
We do not collect any of the following from people who use the customer-facing negotiation app:
- Names, email addresses, or phone numbers.
- Dates of birth or demographic information.
- Account credentials or login identifiers of any kind.
- Device identifiers for advertising or cross-site tracking.
- Geolocation beyond what is implicit in the IP address log.
Customers — what we do process
- An anonymous session UUID stored in a browser cookie (with a localStorage fallback). This is a random identifier that is not linked to any personal information you have provided.
- Photos you upload of an item and its price tag. We re-encode these server-side on upload to strip embedded camera metadata (EXIF—including GPS coordinates, device model, and capture timestamps) before they are stored or sent to our AI provider.
- Offer amounts, counter-offers, and chat messages exchanged with the AI Agent.
- The ticket number and booth information read from the price tag photo.
- Incidental technical data from the web request itself: IP address and user-agent string for rate limiting and security logging. We do not combine this data with any personal identifier.
The session cookie persists for up to 30 days from your last activity so that if you close your browser or change devices during a single shopping trip, you can return to any active deals or negotiations. If you clear your cookies, you start a fresh session and prior offers become orphaned and expire.
Information from third parties
- Stripe provides transaction status and tokenized payment references for Vendor billing.
- Anthropic returns item descriptions, tag-reading results, and negotiation messages based on inputs we send.
- If we later add federated sign-in, we will receive basic profile information as described by the provider at the time of authorization.
3. How We Use Information
For Vendors
- Provide the Service: run your dashboard, generate QR codes, process offers, send notifications.
- Process transactions: manage subscriptions, issue invoices and receipts via Stripe.
- Operational communications: security alerts, billing notices, support replies, and required service updates.
- Improve the Service: analyze usage patterns, debug issues, and develop new features (aggregated or pseudonymized where possible).
- Detect and prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations and enforce our Terms of Service.
- Marketing communications: only with your consent, with an unsubscribe link in every message.
For Customers (anonymous session data)
- Run the negotiation: send photos to Anthropic for item description and tag reading; present the AI Agent's responses to you.
- Store the offer, chat transcript, and photos under the Vendor's booth so the Vendor can review, escalate, or approve.
- Maintain an active claim screen and server-authoritative hold timer until checkout or expiry.
- Reconnect you to in-flight negotiations if you return to the app on the same browser.
- Enforce rate limits and detect abuse by IP and session.
What we do not do
- We do not sell or share personal information for cross-context behavioral advertising.
- We do not use your Customer Data or Vendor Data to train AI models.
- We do not share data with advertisers or ad networks.
- We do not attempt to re-identify Customers from the anonymous session data.
4. Legal Bases for Processing (GDPR)
When we process information about EU/EEA or UK residents, we rely on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the Service to Vendors | Performance of contract (Art. 6(1)(b)) |
| Processing payments | Performance of contract (Art. 6(1)(b)) |
| Security, fraud prevention, abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Analytics and product improvement | Legitimate interest (Art. 6(1)(f)) |
| Marketing to Vendors | Consent (Art. 6(1)(a)) |
| Legal compliance and enforcement | Legal obligation (Art. 6(1)(c)) |
| Customer anonymous session data | Legitimate interest (Art. 6(1)(f)) — running the on-site negotiation tool you have chosen to use, with minimal data and no personal identifiers |
Where we rely on legitimate interest, we have considered your rights and interests. You can object to processing based on legitimate interest; we will consider any such objection in accordance with applicable law.
6. Subprocessors & Third Parties
We rely on the following providers to operate the Service. Each is bound by contractual obligations consistent with this policy.
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Application hosting | Vercel Inc. | Hosts the web application and API routes | vercel.com |
| Database, auth, storage, realtime | Supabase Inc. | Stores Vendor accounts, booths, offers, messages, and uploaded photos | supabase.com |
| AI processing | Anthropic PBC (Claude API) | Reads item and tag photos; generates negotiation messages | anthropic.com |
| Payment processing | Stripe, Inc. | Processes Vendor subscription payments | stripe.com |
| Rate limiting | Upstash, Inc. | Redis-based rate limiting to prevent abuse | upstash.com |
| Transactional email | Resend, Inc. | Sends Vendor emails (security, billing, escalations) | resend.com |
Push notifications to Vendors are delivered using the open Web Push standard through the push service built into your browser (for example, Apple Push Notification Service, Google's FCM, or Mozilla autopush). We do not store browser push endpoints beyond what is needed to deliver the notifications you have subscribed to.
We will update this list as subprocessors change. Vendors with a data-processing agreement will receive at least 30 days' notice of material changes.
7. AI & Automated Processing
How AI is used
We use Anthropic's Claude API to (a) generate a description of the item you photograph, (b) read the sticker price and other details from the price tag photo, and (c) negotiate with you on the Vendor's behalf within the parameters the Vendor has configured.
What is sent to Anthropic
- The two photos you upload (item and price tag).
- Instructions for what to extract from the photos.
- The chat transcript so far and the Vendor's negotiation rules translated into a system prompt.
Retention by the AI provider
Anthropic processes API inputs to return results and does not retain them for model training. For details, refer to Anthropic's API data-handling commitments.
Accuracy
AI-generated outputs may contain errors. The customer-facing app allows you to review and correct AI-extracted information (for example, if the AI misread the sticker price) before submitting an offer.
Automated decision-making
The AI Agent is an assistive tool that negotiates within Vendor-configured parameters. It does not make autonomous decisions that produce legal or similarly significant effects on you; an accepted offer is an agreement in principle that becomes binding only at the point of sale at the mall's register. If you believe an AI response is inaccurate or inappropriate, you may contact the Vendor through the in-app chat or escalation flow.
9. Data Retention
| Data category | Retention | Reason |
|---|---|---|
| Vendor account | Duration of account + 30 days | Service provision |
| Vendor billing records | 7 years after transaction | Tax and legal requirements |
| Vendor Data (booths, deals, settings) | Duration of account + 30 days export window, then deleted within 30 additional days | Service provision and export |
| Backups containing deleted data | Purged within 90 days of deletion | Disaster recovery |
| Customer session UUID | 30 days from last activity, then cleaned up | Session continuity |
| Customer item/tag photos | Retained with the associated offer; deleted within 30 days after the offer is completed, cancelled, or expired | Vendor review and dispute handling |
| Negotiation messages | Retained with the associated offer on the same schedule as photos | Vendor review and dispute handling |
| Server and rate-limit logs | 90 days | Security and debugging |
| Support tickets | 3 years | Quality and legal |
After the retention period expires, data is deleted or irreversibly anonymized. Vendors may request earlier deletion of Vendor Data, subject to legal retention obligations.
10. Data Security
Technical measures
- Encryption in transit (TLS 1.2+) for all API and web traffic.
- Encryption at rest for databases and object storage, provided by Supabase and Vercel.
- Password hashing with industry-standard algorithms.
- Row-level access controls in the database to separate Vendor data.
- Regular security updates and dependency patching.
Organizational measures
- Access to personal data limited to personnel who need it to operate the Service.
- Security-awareness practices and incident response procedures.
Breach notification
If a breach poses a risk to the rights of affected individuals, we will notify the relevant supervisory authority within 72 hours (GDPR) and affected individuals without undue delay, as required by applicable law. Because the customer-facing app does not collect personal identifiers, we generally have no way to contact Customers individually. In such a case, we will publish a notice on the Service.
No system is 100% secure. We use commercially reasonable measures but cannot guarantee absolute security.
11. International Data Transfers
Data is primarily stored and processed in the United States on infrastructure provided by Vercel, Supabase, Upstash, Resend, and Stripe, and processed by Anthropic in the United States. If you use the Service from outside the United States, your data will be transferred to the United States.
For EU/EEA users, transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary measures where appropriate. For UK users, transfers rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.
12. Your Privacy Rights
Vendors (and other identified individuals)
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your personal information (subject to legal retention obligations).
- Portability: receive your data in a machine-readable format.
- Object to processing based on legitimate interest.
- Restrict processing in certain circumstances (GDPR).
- Withdraw consent where processing is based on consent. Withdrawal does not affect processing carried out before withdrawal.
- Lodge a complaint with a supervisory authority (see Section 17).
Customers
The customer-facing app does not associate your session data with any identifier that you have provided. We therefore have no reliable way to tie a data-subject request back to your specific session data without additional information from you.
You can achieve the practical effect of deletion at any time:
- Clear the BoothOffer cookie and localStorage in your browser. This disconnects you from your anonymous session; the underlying session data expires on the schedule in Section 9.
- Use the “Changed my mind” button on the claim screen to cancel an individual deal. The associated item becomes available again and the deal is marked cancelled.
- Contact privacy@boothoffer.com with the session identifier if you know it, and we will delete the associated session.
California residents (CCPA/CPRA)
- Right to know the categories and specific pieces of personal information we collect about you.
- Right to delete personal information we hold about you.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising. If this ever changes, we will add a “Do Not Sell or Share My Personal Information” link.
- Right to limit use of sensitive personal information, where applicable.
- Non-discrimination: we will not discriminate against you for exercising your rights.
- Response time: within 45 days, extendable by an additional 45 days.
- You may designate an authorized agent to make requests on your behalf.
Other U.S. state privacy laws
Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have rights to know, access, delete, correct, and opt out of targeted advertising; to appeal denied requests; and to receive a response within the timeline set by applicable law.
Canadian residents (PIPEDA)
You may access and correct your personal information and withdraw consent (subject to legal or contractual restrictions). You may file a complaint with the Office of the Privacy Commissioner of Canada.
How to exercise your rights
Email privacy@boothoffer.com or use any in-app option we provide. We may need information sufficient to verify your identity (typically the Vendor account email, or a specific session UUID for Customer sessions). We do not charge a fee for exercising your rights except where a request is manifestly unfounded or excessive.
13. Children's Privacy
BoothOffer is a retail negotiation tool intended for adults. The vendor dashboard is available only to individuals 18 or older. The customer-facing app is not directed to children under 13 (or under 16 in the EU/EEA), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact privacy@boothoffer.com and we will delete it.
14. Marketing Communications
- Transactional emails (account confirmations, security alerts, billing notices, escalation notifications): sent as needed to provide the Service. You cannot opt out of these while your account is active.
- Marketing emails to Vendors (product updates, newsletters, promotions): sent only with consent where required. Every marketing email includes a one-click unsubscribe link, and we honor requests within 10 business days (CAN-SPAM).
- The customer-facing app does not send marketing messages because we do not collect contact information from Customers.
15. Changes to This Policy
We may update this Policy from time to time. For material changes we will provide at least 30 days' notice by email and/or in-app notification before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent revision. Prior versions are archived and available on request.
16. Contact
Optera AI LLC
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
Privacy: privacy@boothoffer.com
Legal: legal@boothoffer.com
Support: support@boothoffer.com
BoothOffer is a product of Optera AI LLC. See our Terms of Service for the vendor subscription terms.