Privacy Policy

1. Who We Are

Boolean and Bean Pty Ltd ("we", "us", "our") operates Viral Tools, an AI-powered social media scheduling platform available at viraltools.app (the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Service.

Contact us: contact@viraltools.app

2. What We Collect

We collect the following categories of information.

Information you provide to us

• Account information: your name, email address, and authentication credentials.
• Connected social accounts: account identifiers, profile information, access tokens, and related metadata when you connect supported social platforms. We do not receive your social media passwords.
• Content and uploads: posts, captions, hashtags, prompts, drafts, images, videos, and other content you create, upload, or schedule through the Service.
• Support communications: messages, feedback, or other information you send to us when you contact support.
• Billing information: payment and subscription information processed through our payment provider. We do not receive or store your full card number.

Information collected automatically

• Usage information: information about how you use the Service, including pages viewed, features used, actions taken, and scheduling activity.
• Device and technical information: IP address, browser type, device type, operating system, approximate location derived from IP, and similar technical data.
• Cookies and similar technologies: information collected through cookies or similar technologies, as described in Section 8.

Information from third parties

• Connected platforms: profile information, account identifiers, and engagement or performance metrics made available by connected social platforms.
• Payment providers: limited billing, subscription, and transaction status information.
• Authentication providers: account data needed to sign you in when you choose a third-party sign-in option.

We do not intentionally collect sensitive personal information unless you choose to provide it to us.

3. How We Use Your Information

We use personal information to:

• provide, operate, and maintain the Service;
• create and manage your account;
• connect and manage your linked social media accounts;
• generate, improve, and deliver AI-assisted content features;
• schedule, publish, and manage social media posts on your behalf when you instruct us to do so;
• process subscriptions, payments, and related billing activities;
• communicate with you about your account, transactions, support requests, and service-related notices;
• improve the Service, troubleshoot issues, monitor performance, and develop new features;
• detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity; and
• comply with legal obligations, enforce our Terms, and protect our rights, users, and the public.

Where required by law, we will ask for your consent before using your information for specific purposes such as optional analytics cookies or marketing communications.

If you are in the EEA or UK, we may rely on one or more of the following legal bases where applicable: performance of a contract, legitimate interests, consent, and compliance with legal obligations.

4. How Our AI Features Work

We use third-party AI service providers to support features such as caption generation, hashtag suggestions, content rewriting, repurposing, and other writing assistance features. Our current AI provider is listed in Section 5.

When you use AI features, we may send:

• the text of your prompt;
• draft content or other text you choose to provide for rewriting, analysis, or improvement; and
• limited technical metadata needed to process and return the request.

We aim to minimise the personal information sent in AI requests. We do not intentionally include your payment information or social media passwords in AI requests. However, prompts and drafts you submit may contain personal information if you choose to include it.

AI-generated outputs are suggestions only. Nothing is published to your connected social media accounts unless you choose to publish immediately or schedule it for publishing.

We do not use your data to train our own AI models.

Our third-party AI providers may process prompts and outputs under their own terms, privacy policies, and data retention practices. Where available, we use contractual and technical controls to limit unnecessary data use and to protect your information. You should avoid including sensitive personal information in AI prompts unless it is necessary for your intended use.

Our AI features are assistive tools. They do not make decisions that have legal or similarly significant effects on you.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal information.

We share personal information only with service providers, integration partners, and platform partners that help us operate the Service. Depending on how you use Viral Tools, this may include providers for authentication, hosting, payments, analytics, email delivery, AI features, customer support, and social media publishing.

Our current service providers and integrations include:

We may also use additional service providers from time to time. If any such provider processes personal information on our behalf, we will update this policy as appropriate.

We may also disclose personal information:

• where required by law or legal process;
• to protect the rights, property, or safety of us, our users, or others;
• to investigate or prevent fraud, abuse, security incidents, or other harmful activity; or
• as part of a merger, acquisition, financing, reorganisation, or sale of all or part of our business.

6. International Transfers

We are based in Australia, but some of our service providers and integration partners are located in other countries. As a result, your personal information may be processed outside your country of residence, including in the United States and China, depending on the services you use.

When we disclose personal information overseas, we take steps appropriate to the circumstances to protect it. These steps may include:

• using service providers with security and privacy controls we consider appropriate;
• entering into data processing or similar contractual arrangements where available;
• for EEA/UK users, relying on transfer mechanisms such as Standard Contractual Clauses or adequacy decisions where applicable; and
• for Australian users, taking reasonable steps to ensure overseas recipients handle personal information consistently with the Australian Privacy Principles.

7. How We Protect Your Data

We use technical, organisational, and administrative safeguards designed to protect personal information, including measures such as:

• encryption in transit;
• secure storage practices;
• access controls and least-privilege principles;
• monitoring, logging, and security review processes; and
• vendor and infrastructure security controls where available.

We also maintain a data breach response process. If we experience a personal data breach, we will assess our notification obligations under applicable law and notify affected individuals and regulators where required.

No method of transmission or storage is completely secure, but we take commercially reasonable steps to protect personal information.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service.

Essential cookies

These are necessary to keep you logged in, maintain security, and provide core Service functionality.

Analytics cookies

These help us understand how people use the Service and improve performance. We use Google Analytics to collect anonymised usage data such as page views, sessions, and device information. Where required by law, we only use analytics cookies with your consent.

Advertising cookies

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. These cookies allow Google to identify when you complete an action on our Service (such as signing up or subscribing) after clicking on one of our ads. This data helps us understand which ads are effective and optimise our advertising spend. You can opt out of personalised advertising through your Google Ads Settings.

You can manage cookie preferences through our cookie banner where available or through your browser settings. We also honour browser privacy signals, including Global Privacy Control, where required by applicable law.

9. Data Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

In general:

• Account information: while your account is active and for a limited period after closure or deletion, unless a longer period is required for legal, tax, accounting, fraud prevention, or security purposes.
• Content and scheduled posts: while your account is active and for a limited period after account deletion, unless retention is required for legal or security reasons.
• AI-related logs: only for limited debugging, abuse prevention, or operational purposes where applicable.
• Billing and transaction records: as required by tax, accounting, and legal obligations.
• Analytics data: may be retained in aggregated or de-identified form for longer periods.

If you request deletion, we may retain certain information where necessary for legal compliance, security, fraud prevention, or dispute resolution.

10. Your Privacy Rights

Depending on where you live and the laws that apply, you may have the right to:

• access the personal information we hold about you;
• request correction of inaccurate or outdated information;
• request deletion of your account or personal information;
• receive a portable copy of certain information;
• withdraw consent for marketing communications or optional cookies where consent is the basis for processing;
• object to or restrict certain processing in some circumstances; and
• lodge a complaint with us or with a relevant privacy regulator.

You can also manage certain information directly within your account settings where those tools are available.

To exercise a privacy right, contact us at contact@viraltools.app. We will respond within the timeframe required by applicable law.

11. Marketing Communications

We may send you service-related communications such as account notifications, password reset emails, billing notices, security alerts, and scheduling confirmations.

Where permitted by law, we may also send you marketing communications about product updates, offers, or new features. You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us.

12. Children

The Service is not intended for children under 16, or a higher minimum age where required by local law. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to investigate and delete the information where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take appropriate steps to notify you, such as by email, in-app notice, or by updating the effective date above.

Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy, to the extent permitted by law.