Privacy & Data Protection

Privacy Policy

BestBoilerplates ("we," "us," or "our") operates a directory website that helps users discover, compare, and find SaaS boilerplates and starter kits. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

Last updated: December 14, 2025

1. Information We Collect

We collect minimal personal data necessary to operate our directory service and improve user experience:

  • Contact Information: When you contact us via our contact form, X (Twitter) direct message, or email, we collect your name, email address, and any message content you provide.
  • Technical Data: We automatically collect certain technical information including IP address, browser type, device information, and usage patterns through our analytics service (datafa.st). This data is aggregated and anonymized where possible.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user preferences. You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our directory service
  • To respond to your inquiries and provide customer support
  • To analyze website usage and improve our services
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms of service
  • To send you updates about our service (only with your consent)

3. Legal Basis for Processing (GDPR)

For users located in the European Economic Area (EEA), we process your personal data based on the following legal grounds under GDPR:

  • Consent: When you voluntarily provide information through our contact form or subscribe to communications, we process your data based on your consent. You can withdraw consent at any time.
  • Legitimate Interests: We process technical data and analytics to operate and improve our website, ensure security, and prevent fraud. These activities are necessary for our legitimate business interests.
  • Legal Obligation: We may process your data to comply with applicable laws, regulations, or legal processes.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share your data with:

  • Service Providers: We use third-party services for hosting, analytics (datafa.st), and form processing (Formspree). These providers act as data processors and are bound by contractual obligations to protect your data.
  • Affiliate Partners: When you click on links to boilerplate products, we may use affiliate tracking. See our Terms of Service for more information about affiliate links.
  • Legal Requirements: We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

5. Affiliate Links and Tracking

Our website contains affiliate links to various boilerplate products. When you click on these links and make a purchase, we may receive a commission at no additional cost to you. This helps us maintain and improve our directory service.

Affiliate partners may use cookies and tracking technologies to attribute purchases to our referrals. These cookies are subject to the affiliate partner's privacy policy. We do not control these third-party tracking technologies.

We only recommend products we believe provide value to our users. Your use of affiliate links is voluntary, and you are not obligated to purchase through our links.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

  • Contact form submissions: Retained for up to 2 years or until you request deletion
  • Analytics data: Aggregated and anonymized, retained for up to 12 months
  • Technical logs: Retained for up to 90 days for security purposes

You can request deletion of your personal data at any time by contacting us. We will delete your data unless we have a legal obligation to retain it.

7. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days.

8. Cookies and Analytics

We use cookies and similar technologies to:

  • Analyze website traffic and user behavior (via datafa.st analytics)
  • Remember your preferences and settings
  • Track affiliate link clicks and conversions
  • Ensure website security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. Our analytics service (datafa.st) is privacy-focused and does not share personally identifiable information with third parties for advertising purposes.

9. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete such information.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Information

If you have questions, concerns, or wish to exercise your data protection rights, please contact us through our contact page or via X (Twitter) at @CichyKrzysztof.

For privacy-related requests, please include "Privacy Request" in your message so we can prioritize your inquiry.

13. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at https://edpb.europa.eu.