Privacy Policy

Last updated: 2026-05-06

This policy describes what data BOOSTRIDERS collects, why, and what your rights are. We follow GDPR principles and apply them to all users regardless of location.

1. What We Collect

  • Account data — display name, username, email, avatar, role (customer / booster / staff), and the language you've chosen.
  • Authentication data — when you log in via Google or Yandex, we receive your name, email, and profile picture from the provider.
  • Order & transaction data — orders you place or fulfil, escrow balances, payout method (last 4 digits of cards, crypto address), payment provider invoice IDs.
  • Chat & dispute data — messages between you and your counterparty, evidence files attached to disputes.
  • Technical data — IP address, browser, language, login attempts (used for brute-force protection).

2. Why We Use It

  • To run the marketplace — match you with counterparties, hold escrow, process payouts.
  • To resolve disputes and keep the platform safe (fraud detection, brute-force lockout).
  • To improve the product — anonymous usage analytics.
  • To meet legal obligations (e.g. AML when you withdraw to a new payout method).

3. Who We Share It With

We do not sell your data. We share with:

  • Payment processors and crypto-payment providers — to take and release funds.
  • Cloud hosting and database providers — to operate the Site.
  • Law-enforcement — if served with a valid request.

4. How Long We Keep It

Account data: until you delete the account. Order & transaction data: 6 years (legal accounting requirement). Chat logs: 2 years from the last message. Login attempts: 90 days. Crypto-address payouts: 6 years.

5. Your Rights

  • Access — request a copy of all data we hold about you.
  • Correction — change inaccurate data via your Settings.
  • Deletion — close your account from Settings → Danger zone.
  • Export — receive your data in a machine-readable format.
  • Withdraw consent — opt out of optional analytics in your browser cookie settings.

6. Security

All data is encrypted in transit (TLS 1.2+). Passwords are stored hashed. Sensitive data (payout secrets, payment-provider keys) is encrypted at rest. We run a brute-force lockout that blocks an IP for 24 hours after 3 failed login attempts.

7. Cookies

We use a small number of cookies — see our Cookie Policy.

8. Contact

For data-protection questions: /contact.

9. Data controller

The data controller for personal information collected through BooStRiders is Sole Proprietor (ИП) Dmitry V. Spiridonov, registered in the Russian Federation. ОГРНИП: 324762700012347. ИНН: 760806658219. Telegram: @deemkend. Phone: +7 (916) 793 88 45.

Privacy Policy · BOOSTRIDERS | BooStRiders