Boston Systems Consulting

Privacy Policy

Last updated: April 6, 2026

1. Introduction

Boston Systems Consulting ("BSC," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share your personal information when you use our website, platform, and services.

2. Information We Collect

We collect minimal personal data directly. The information we collect includes:

  • Account information: name, email address, phone number
  • Shipping address for order fulfillment
  • Order history
  • KYC verification status (pass/fail only -- we do not store the underlying identity documents)

3. Information We Do NOT Store

We are intentional about minimizing the sensitive data we hold. The following information is handled entirely by our third-party partners and is never stored on our systems:

  • Bank account numbers and financial credentials -- handled by Plaid and Dwolla
  • Identity documents, Social Security numbers, and dates of birth -- handled by Plaid Identity Verification
  • Passwords and authentication credentials -- handled by AWS Cognito

4. Third-Party Services

We use the following third-party services to operate our platform. Each service receives only the data necessary to perform its function:

  • Plaid -- bank account linking and identity verification. See the Plaid Privacy Policy.
  • Dwolla -- payment processing and fund transfers. See the Dwolla Privacy Policy.
  • Cloud infrastructure providers -- authentication, transactional email, and hosting
  • Security and fraud prevention providers -- used solely for security monitoring and fraud detection (see Section 5)

5. Analytics, Fraud Detection, and Security

We collect certain technical data for the purposes of fraud detection and security monitoring. This includes IP address, browser type and version, device information, and interaction patterns.

This data is primarily used for security and fraud prevention purposes. If we use analytics for any other purpose, we will update this policy accordingly.

6. Cookies

Our use of cookies is limited to authentication and session management. We use session tokens to keep you logged in and to maintain the security of your session.

We do not use advertising cookies, marketing tracking cookies, or third-party tracking pixels of any kind.

7. Data Sharing and Selling

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

We share personal information only with the third-party service providers listed in Section 4, and only to the extent necessary for them to provide their services. We may also disclose information when required by law, regulation, or legal process.

8. Data Retention

We retain personal data for a minimum of seven (7) years to comply with legal, regulatory, tax, and financial reporting obligations. Transaction records, order history, and related financial data must be retained for this period regardless of account status.

You may request deletion of your personal data by contacting us at info@bostonsystemsconsulting.com. However, we are required to retain transaction records and associated data for the full retention period. Deletion requests will be fulfilled to the extent permitted by our legal and regulatory obligations.

9. Communications

We do not send marketing or promotional emails. All emails from BSC are transactional in nature, including order confirmations, shipping notifications, account security alerts, and other service-related communications. These transactional communications cannot be opted out of, as they are necessary for the operation and security of your account.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

11. Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including encryption in transit (TLS 1.2+), encryption at rest, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with applicable federal and state laws, without regard to conflict of law provisions.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at info@bostonsystemsconsulting.com.