Privacy policy.

Last Updated: November 2, 2025

This Privacy Policy describes how Less Boring ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website (https://lessboring.io/), including our Community Assessment Tool, or engage with our services. This policy is designed to comply with the strictest state privacy laws, including those of California (CCPA/CPRA), Colorado, Connecticut, Delaware, Maryland, Virginia, and others, as well as the requirements of the European Union's General Data Protection Regulation (GDPR).

1. Information We Collect

We may collect the following types of information:Personal Information

  • Name, email address, phone number, mailing address, and other contact or identification details

  • Business or company name

  • Professional role or title

Assessment Tool Data

When you complete our Community Assessment Tool, we collect:

  • Your responses to assessment questions, including business type, community goals, and strategic preferences

  • Diagnostic scores and personalized recommendation data

  • Timeline preferences and implementation priorities

  • Date and time of assessment completion

Usage Data

Information about your interactions with our website, including:

  • IP address

  • Browser type and version

  • Pages visited and time spent on pages

  • Device information (type, operating system)

  • Referring website

  • Session data stored in your browser's local storage

Communication Data

  • Any correspondence you send to us, including emails and messages submitted through our website or assessment tool

  • Feedback and survey responses

Sensitive Data

In limited circumstances, we may collect data such as government-issued identification numbers, health information, or similar sensitive data, but only as necessary and with appropriate consent.

2. How We Use Your Information

We use your information to:

  • Provide Services: Deliver personalized assessment reports and community-building recommendations

  • Communication: Respond to your inquiries and send you requested information

  • Service Improvement: Analyze website and tool usage to enhance user experience and develop better recommendations

  • Legal Compliance: Comply with legal obligations and protect our rights

  • Marketing: Personalize content and marketing communications (with your consent where required)

  • Research: Aggregate and anonymize data to improve our assessment methodology and services

3. How We Share Your Information

We do not sell your personal information.

We may share your information with the following categories of third parties:

Service Providers

Email Service Provider (Resend)

  • Purpose: To deliver your personalized assessment reports via email

  • Data Shared: Name, email address, assessment results, business information

  • Location: United States

  • Privacy Policy: https://resend.com/legal/privacy-policy

Cloud Infrastructure (Supabase/Lovable Cloud)

  • Purpose: Secure database storage, user authentication, and serverless functions

  • Data Shared: All assessment data, account information, usage logs

  • Location: United States

  • Security: SOC 2 Type II compliant infrastructure

  • Privacy Policy: https://supabase.com/privacy

Marketing and CRM Platforms

With your explicit consent, we may share your contact information with:

Kit (formerly ConvertKit)

  • Purpose: Email marketing

  • Data Shared: Name, email address, business name, consent timestamp

HoneyBook

  • Purpose: Client relationship management and follow-up communications

  • Data Shared: Name, email address, business name, phone number

Legal and Compliance

We may disclose your information when required by law or to:

  • Comply with legal process or government requests

  • Enforce our terms and conditions

  • Protect our rights, privacy, safety, or property

  • Protect against fraud or security threats

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Your Rights Under State and International Law

Depending on your location, you may have the following rights:

Universal Rights

  • Access: Request a copy of the personal information we hold about you

  • Correction: Request correction of inaccurate or incomplete information

  • Deletion: Request deletion of your personal information

  • Data Portability: Request a portable copy of your personal information in a structured, commonly used format

  • Withdraw Consent: Withdraw consent where processing is based on your consent

  • Non-Discrimination: Not be discriminated against for exercising your privacy rights

Additional Rights (State-Specific)

  • Opt-Out of Targeted Advertising: Opt out of the use of your personal information for targeted advertising (California, Colorado, Connecticut, Virginia)

  • Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information (we do not currently sell or share data)

  • Restriction and Objection: Request restriction or object to certain processing of your data (GDPR, Colorado, Connecticut)

  • Automated Decision-Making: Opt out of profiling or automated decision-making with legal effects (GDPR, Colorado, Connecticut, Virginia)

How to Exercise Your Rights

To exercise any of these rights:

  1. Email: Send a request to makeit@lessboring.io

  2. Contact Form: Use our website contact form with "Privacy Request" in the subject line

  3. Assessment Data: Specify if your request relates to assessment tool data

We will respond to your request within 30 days (extendable to 60 days with notice).

5. Sensitive Data and Special Protections

Sensitive Data

We will not process sensitive data (such as precise geolocation, health information, biometric data, or data revealing racial or ethnic origin, religious beliefs, or sexual orientation) without your explicit consent, unless required by law.

Children's Data

Our services, including the Community Assessment Tool, are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest

  • Access Controls: Role-based access controls limiting data access to authorized personnel only

  • Authentication: Secure authentication required for admin access to assessment data

  • Regular Audits: Security assessments and vulnerability testing

  • Incident Response: Documented procedures for data breach response

Admin Access

Authorized Less Boring administrators can access assessment submissions through a secure admin dashboard. Access is:

  • Limited to specific personnel with legitimate business needs

  • Protected by multi-factor authentication

  • Logged and monitored for security purposes

  • Subject to confidentiality obligations

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Assessment Data

  • Assessment Responses: Retained indefinitely to improve our services, provide ongoing support, and generate aggregated insights

  • You May Request Deletion: Contact us at any time to request deletion of your assessment data

General Data

  • Account Information: Retained while your account is active or as needed to provide services

  • Marketing Data: Retained until you unsubscribe or request deletion

  • Legal Records: Retained as required by applicable law (typically 3-7 years)

8. Cookies and Tracking Technologies

We use the following technologies:

Essential Cookies

  • Session Management: To maintain your session as you navigate the assessment tool

  • Authentication: To keep you logged in (if account features are added)

Analytics

  • Usage Tracking: To understand how users interact with our website and assessment tool

  • Performance Monitoring: To identify and fix technical issues

Local Storage

Our assessment tool may store temporary data in your browser's local storage to:

  • Save your progress during the assessment

  • Remember your preferences

  • Improve user experience

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the assessment tool.

9. International Data Transfers (GDPR Compliance)

If you are located in the European Union, United Kingdom, or other jurisdictions with similar data protection laws, your personal information may be transferred to and processed in the United States or other countries where our service providers operate.

We ensure your data is protected through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms

  • Adequacy Decisions: Transfers to countries with adequate data protection

  • Supplementary Measures: Additional security safeguards where required

Your rights under GDPR remain enforceable regardless of where your data is processed.

10. California Privacy Rights (CCPA/CPRA)Categories of Personal Information Collected

In the last 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, phone, IP address)

  • Commercial information (assessment responses, business type)

  • Internet activity (website usage, assessment interactions)

  • Professional information (business name, role)

Purposes of Collection

See Section 2 "How We Use Your Information"

Categories of Third Parties

See Section 3 "How We Share Your Information"

Your Rights

  • Right to know what personal information we collect

  • Right to delete personal information

  • Right to correct inaccurate information

  • Right to opt out of sale/sharing (we do not sell or share)

  • Right to limit use of sensitive personal information (we do not collect for most purposes)

  • Right to non-discrimination

Shine the Light Law

California residents may request information about disclosure of personal information to third parties for direct marketing purposes (we do not disclose for this purpose).

11. Additional State-Specific Rights

Colorado, Connecticut, Virginia

  • Right to opt out of targeted advertising

  • Right to opt out of profiling for significant decisions

  • Right to appeal denial of privacy requests

Maryland

  • We conduct data protection impact assessments for high-risk processing

  • We do not collect biometric or genetic data without explicit consent

Delaware

  • Right to opt out of the processing of personal data for targeted advertising

12. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our website does not currently respond to DNT signals, but you can exercise your opt-out rights as described in this policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices

  • Changes in applicable law

  • New features or services

We will notify you of significant changes by:

  • Posting the updated policy on our website with a new "Last Updated" date

  • Sending email notification (where we have your email address and the change is material)

  • Providing notice through our assessment tool or website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have privacy concerns, please contact us:

Privacy Contact

Email: makeit@lessboring.io
Contact Form: https://lessboring.io/contact (specify "Privacy Request" in subject)

Response Time

We will respond to your inquiry within 30-45 days, depending on the complexity and applicable law requirements.

Additional Compliance Notices

Notice to European Union Users

Less Boring is the data controller for your personal information. You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal information in accordance with GDPR.Notice to California Residents

The categories and purposes listed above serve as our CCPA notice at collection. We do not sell personal information and have not done so in the preceding 12 months.Notice to Nevada Residents

We do not sell personal information as defined under Nevada law. If you have questions, please contact us using the information above.Accessibility

We are committed to ensuring this Privacy Policy is accessible. If you have difficulty accessing this policy or need it in an alternative format, please contact us.

Effective Date: November 2, 2025

This Privacy Policy is effective as of the date listed above and applies to all information collected on or after this date.