Legal
Privacy Policy
Last updated: May 28, 2025
1. Who we are
boring.tools is operated by Lars Hampe (registered business in Germany, tax ID: tbd) (hereinafter "we", "us", or "boring.tools"). You can reach us at privacy@boring.tools.
2. What data we collect
We collect the following categories of personal data:
- Account data — email address, organization name
- Usage data — pages visited, features used, timestamps
- Technical data — IP address, browser type, operating system
- Content data — SBOMs and dependency manifests you upload or generate
3. How we use your data
We use your data to:
- Provide and operate the boring.tools service
- Send transactional emails (magic link sign-in, invitations)
- Improve and debug the service
- Comply with legal obligations
We do not sell your data to third parties.
4. Legal basis (GDPR)
For users in the European Economic Area, we process your data on the following legal bases:
- Contract (Art. 6(1)(b) GDPR) — to provide the service you signed up for
- Legitimate interests (Art. 6(1)(f) GDPR) — service improvement and security
- Legal obligation (Art. 6(1)(c) GDPR) — where required by law
5. Data retention
We retain your data for as long as your account is active. After account deletion, we delete personal data within 30 days unless longer retention is required by law.
6. Third-party services
We use the following sub-processors to operate the service:
- Self-hosted — infrastructure and storage
- Self-hosted — transactional email delivery
7. Your rights
Under applicable data protection law you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing
- Data portability
- Lodge a complaint with your local supervisory authority
To exercise any of these rights, contact us at privacy@boring.tools.
8. Cookies
boring.tools uses only strictly necessary cookies (session token). We do not use advertising or tracking cookies.
9. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice in the application. The date at the top of this page reflects the most recent revision.