Privacy Policy

Last updated: May 11, 2026

Boon Town ("we," "us") helps small nonprofits prepare and submit grant proposals. This policy explains what information we collect about you and your organization, how we use it, and the choices you have. This is a v0 policy that we will refine over time; if anything here is unclear or you want to know more about a specific practice, contact us at operator@boon.town.

Information we collect

  • Account information: name, email address, and the organization you belong to.
  • Organization documents: NOFOs, prior proposals, budgets, board rosters, and other materials you upload to help the agent prepare your application. Stored encrypted at rest.
  • Generated drafts and edits: AI-generated proposal sections, your edits, and the citation trail back to your source documents.
  • Operational telemetry: page views, feature usage, and error reports so we can debug and improve the product.
  • Email engagement:when we send you a lifecycle email (welcome, nudge, weekly digest), we record delivery, opens, clicks, bounces, and any unsubscribe action — see "Email tracking" below.

How we use information

  • To run the product: generate drafts, manage your projects, authenticate sessions, and provide support.
  • To deliver lifecycle emails that help you complete onboarding and move through the proposal pipeline. These are operational messages, not marketing — see "Email tracking" for the tracking we apply and how to opt out.
  • To debug, monitor reliability, and improve the product through aggregated analytics.

We do not sell your information or your organization's documents. We do not use your data to train third-party generative models outside the providers listed below.

Email tracking (lifecycle emails)

Lifecycle emails we send through Resend, our email delivery provider, include the following tracking instrumentation. We disclose this as a legitimate-interest basis under the EU GDPR (Article 6(1)(f)) and as operational use under analogous frameworks such as the California Consumer Privacy Act (CCPA).

  • Open tracking via a 1x1 transparent pixel embedded in the email body. Loading the pixel tells us the email was opened in a client that loads remote images.
  • Click tracking via URL rewriting. Links in the email body route through Resend before arriving at the destination, which records the click event. The final destination URL is the one shown when you hover the link.
  • Delivery, bounce, and complaint signals reported by the receiving mail provider. We use bounce signals to suppress further emails to addresses that hard-bounce, and complaint signals to immediately hard-unsubscribe addresses that mark our mail as spam.

Unsubscribe handling and source-IP logging

Every lifecycle email carries an unsubscribe link and a List-Unsubscribe header that supports the RFC 8058 one-click unsubscribe standard. You can unsubscribe at any time by clicking either, with no account login required.

On every unsubscribe request — whether triggered by your click or by an email-provider scanner pre-fetching links on your behalf — we log the requesting source IP address, the User-Agent string of the requesting client, and a timestamp. This log serves two purposes:

  • Suppressing scanner false-positive unsubscribes. Corporate email-security products such as Mimecast, Microsoft Defender for Office 365, and Proofpoint often pre-fetch links in delivered mail. RFC 8058 specifies that one-click unsubscribe endpoints process the request immediately, which would silently unsubscribe users whose mail providers run such scanners. We mitigate this with a known-scanner User-Agent denylist; requests matching that list are recorded but do not unsubscribe.
  • Investigating anomalous unsubscribe traffic. The log lets us detect and respond to abuse (e.g., a malicious actor attempting to unsubscribe other users) without retaining broader request data.

This source-IP and User-Agent log is retained for 90 days and is not used for any other purpose. To request deletion of your unsubscribe log entry sooner, email operator@boon.town.

Third-party services

We share information with the following service providers to operate the product. Each operates under a data-processing agreement consistent with our obligations to you.

  • Neon — managed PostgreSQL hosting for our database.
  • Cloudflare R2 — object storage for uploaded documents.
  • Resend— transactional email delivery and engagement tracking (see "Email tracking" above).
  • Anthropic and OpenAI, via OpenRouter — large language models that power the agent. We send the minimum context needed for the requested generation and configure providers to not retain or train on our data where their APIs support that flag.
  • PostHog — product analytics, including the lifecycle email funnel and feature usage metrics.
  • Stripe — payment processing for submission fees.
  • Inngest — background job orchestration.
  • Better Auth with Upstash Redis — authentication and rate limiting.
  • Railway and Vercel — application hosting and edge delivery.

Your choices

  • Unsubscribe from lifecycle emails via the link in any email or by emailing operator@boon.town. Account and billing notices are operational and unaffected.
  • Pause stall-nudge emails only using the dedicated pause link in any stall email; you will still receive the welcome and milestone emails.
  • Access, correct, or delete your data. Email operator@boon.town from the address tied to your account. We respond within 30 days. EU residents have the rights described in GDPR Articles 15–22; California residents have the rights described in CCPA §§1798.100–1798.130.
  • Export your project data by request.

Retention

We keep account data and project documents for as long as your account is active. After account deletion, we retain operational logs for up to 90 days for security and debugging, then delete them. Backups containing user data are retained for up to 30 days and then overwritten. Email engagement events (opens, clicks, bounces) are retained for 12 months for deliverability analysis.

Security

We use TLS in transit, encryption at rest, row-level security to isolate organizations from each other inside the database, and short-lived signed URLs for document downloads. No system is perfectly secure; if you believe you have found a vulnerability, email operator@boon.town with details and we will respond promptly.

Children

The product is intended for nonprofit staff; we do not knowingly collect personal information from children under 13.

Changes to this policy

We will update the "Last updated" date at the top of this page when we make material changes. For any change that expands the categories of data we collect or the third parties we share with, we will email account owners before the change takes effect.

Contact

Privacy questions, data-rights requests, and unsubscribe assistance: operator@boon.town.

Return to Boon Town