Privacy Policy
Last updated: 2026-05-04
What We Collect
We collect minimal data necessary to deliver our services: (1) Account identifier (username or post URL) — needed to target your order. (2) Email address — order confirmations and support communications. (3) Payment metadata (transaction ID, last 4 of card) — for payment verification, never full card numbers. (4) Order history — for refill processing and customer support context. We don't collect: passwords, browsing history outside our site, location data beyond country (for currency selection), or social graph information.
How We Use Your Data
Three purposes only: (1) Deliver your order to the account/post you specified. (2) Communicate about your order (confirmation, completion, issue notifications). (3) Process refills and refunds when applicable. We don't use your data for: targeted advertising, third-party marketing, social profile analysis, or any purpose unrelated to service delivery and customer support.
Data Sharing
We share data only with: (1) Payment processors (PCI-DSS compliant — Visa, Mastercard, MyFatoorah, Razorpay) — minimum necessary for transaction. (2) Email service provider for transactional emails (no marketing). (3) Legal authorities when compelled by valid court order. We don't share with: advertisers, data brokers, social platforms, or third-party analytics services beyond essential site operation.
Data Retention
Order data retained for 24 months after order completion (required for refill warranty and customer support). After 24 months, personal identifiers are anonymized — only aggregate metrics remain. Email addresses retained while account is active; deleted within 30 days of account deletion request.
GDPR & Data Rights
EU customers have rights under GDPR: (1) Right to access — request a copy of all data we have about you. (2) Right to deletion — request full data removal (we honor within 30 days). (3) Right to portability — receive your data in machine-readable format. (4) Right to rectification — correct inaccurate data. Submit requests via privacy@celebboost.com. We respond within 30 days as required by GDPR.
Cookies & Tracking
We use minimal cookies: session cookies (login state), preferences (currency, language), and basic analytics (page views — no individual tracking). No third-party advertising cookies. No cross-site tracking. No retargeting pixels. Privacy-first by default.
Security
PCI-DSS compliant payment processing. SOC 2 aligned data handling practices. Encryption at rest (AES-256) and in transit (TLS 1.3). Access controls limit data visibility to authorized personnel only. Regular security audits. Breach notification within 72 hours as required by GDPR.
Children's Privacy
Our services aren't intended for users under 18. We don't knowingly collect data from minors. If we discover we've received data from a minor, we delete it immediately. Parents can request data deletion via privacy@celebboost.com.
Frequently Asked Questions
Do you sell my data?
Never. We don't sell, rent, or share customer data with advertisers, data brokers, or third parties beyond minimum necessary for service delivery (payment processors, email service).
Can I request data deletion?
Yes — under GDPR or as standard policy. Email privacy@celebboost.com with deletion request. Full deletion within 30 days; confirmation email upon completion.
Are payments PCI-compliant?
Yes — all payment processing through PCI-DSS compliant gateways (Visa, Mastercard, MyFatoorah, Razorpay). We never store full card numbers; only transaction metadata for refund processing.
Do you track my behavior?
Minimal — page views for site analytics (no individual tracking), session cookies for login state, preference cookies for currency/language. No third-party tracking, no retargeting, no behavioral advertising data collection.