← Back to docs

Privacy & data

A plain-English overview of how Boketto handles data: what we collect, how long we keep it, where it lives, and who else touches it. For the formal version, see the Privacy Policy. For account-specific actions (export, delete) see Your account and your data.

What we collect

Only what we need to run the service:

  • Account: your email address (required), display name (optional), default currency.
  • Tab content: the tabs, expenses, payments, and members you create or are added to.
  • Sign-in: a record of when and from where you signed in (used for security and to expire stale sessions).
  • Billing: for paid tabs, a record of the purchase and the Stripe charge ID. We never see or store card details — Stripe handles those directly.
  • Support correspondence: any messages you send us through the support form.

What we don't collect

  • No passwords. Sign-in is by magic link — there's no password to leak.
  • No payment card details. Stripe sees the card; we see the result.
  • No third-party ad trackers. No Google Analytics, no Facebook Pixel, no advertising cookies.
  • No location data. Boketto does not request or store your device location.
  • No address book. When you invite someone to a tab, we use the email you typed — we don't read your contacts.

Where your data lives

Boketto's database and application servers are hosted in the United Kingdom. Your data does not leave UK/EU infrastructure as part of normal operation.

All data is encrypted in transit (TLS) and at rest.

How long we keep it

  • Active accounts: as long as you have an account.
  • Closed paid tabs: kept read-only so you can still see the history. Removed when the account is deleted.
  • Free tabs with no activity: archived after 3 months of inactivity (still visible to you, but not counted against your tab limit).
  • Sign-in logs: kept for 90 days for security purposes, then deleted.
  • Billing records: kept for the legally-required period (currently 6 years for UK tax records) even after account deletion.
  • Support emails: kept for as long as needed to resolve your request, then archived.

Who else processes your data

We use a small number of third-party services to run Boketto. Each of them sees only the data they need to do their job:

  • Stripe — payment processing for paid tabs. Sees the card details and the charge amount; doesn't see your tab data.
  • Resend — transactional email delivery (magic-link sign-in, billing receipts). Sees the email address and the email content.
  • Our hosting providers — run the database and application servers; see encrypted data at rest.

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

Cookies

Boketto uses one essential cookie — a session cookie that keeps you signed in. It contains a signed token, expires when your session ends, and is set with HttpOnly and SameSite protection so it can't be read by other sites or by JavaScript.

We don't use any other cookies. There are no analytics cookies, no advertising cookies, and no cookie consent banner — there's nothing to consent to beyond the strictly-necessary one.

Your rights

Under UK GDPR, you have the right to access your data, correct it, export it, delete it, and restrict its processing. Most of these are easiest via Your account and your data — or, for anything not self-serve, contact us from the email address on your account.

Related articles

Your account and your data

What we hold, how to export it, and how to delete your account.

Your profile

Display name, default currency, and free tab credits.

Signing in and out

How magic-link sign-in works and what to do on a shared device.