Privacy Policy
Last Updated: June 1, 2025
Introduction
This Privacy Policy outlines the type of information that Boon Business Solutions, Inc. d/b/a Aboon (“Aboon”) collects through Aboon's websites, currently located at aboon.com including any and all subdomains (“Website”), products and services, and other interactions you may have with Aboon, such as calls, emails, surveys, and customer success (collectively, the “Platform”).
Depending on where you live, you may have specific rights with respect to your personal information. Our Privacy Policy sets out the rights which may apply to you in the “Your Rights” section below.
Please read this Privacy Policy carefully. By accessing or using this Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see “Changes to This Privacy Policy”). Your continued use of the Website after we make changes is deemed acceptance of those changes.
Depending on where you live, you may have specific rights with respect to your personal information. Our Privacy Policy sets out the rights which may apply to you in the “Your Rights” section below.
Please read this Privacy Policy carefully. By accessing or using this Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see “Changes to This Privacy Policy”). Your continued use of the Website after we make changes is deemed acceptance of those changes.
Information We Collect
Information You Provide Directly
We collect information you provide to us, including:
- Contact information (name, email address, phone number)
- Account credentials
- Demographic and role information
- Business information
- Payroll information
- Industry profile
- Other information you directly provide through the Platform, forms, surveys, emails, or uploads
- Contact information (name, email address, phone number)
- Account credentials
- Demographic and role information
- Business information
- Payroll information
- Industry profile
- Other information you directly provide through the Platform, forms, surveys, emails, or uploads
Information From Integrations and Third Parties
- Information from API, webhook, or credentialed access to your HRIS or Payroll provider
- Information from other sources, including your website, news, or public sources
- Third-party data that may be combined with other information to enhance our services
- Information from other sources, including your website, news, or public sources
- Third-party data that may be combined with other information to enhance our services
Information Collected Automatically
When you visit our Website, we automatically collect:
- Device information (type, operating system, browser)
- Usage information (pages viewed, interactions, time spent)
- Location information
- IP address
- Access dates and times
- Device information (type, operating system, browser)
- Usage information (pages viewed, interactions, time spent)
- Location information
- IP address
- Access dates and times
Cookies and Similar Technologies
- Cookies: Small files placed on your device to personalize experience, keep you logged in, remember preferences, and identify you and your device. You may refuse cookies by adjusting your browser settings.
- Web Beacons/Pixels: Small electronic files that help us count users, verify system integrity, and analyze website statistics.
- Web Beacons/Pixels: Small electronic files that help us count users, verify system integrity, and analyze website statistics.
How We Use Your Information
We use your information to:
- Operate, maintain, and improve the Platform
- Send communications including account invites, confirmations, technical notices, security alerts, and system updates
- Respond to questions and provide customer support
- Aggregate or combine user information with other data
- Provide and deliver products and services
- Protect against fraudulent, unauthorized, or illegal activity
- Operate, maintain, and improve the Platform
- Send communications including account invites, confirmations, technical notices, security alerts, and system updates
- Respond to questions and provide customer support
- Aggregate or combine user information with other data
- Provide and deliver products and services
- Protect against fraudulent, unauthorized, or illegal activity
Legal Bases for Processing
For privacy laws applicable in certain jurisdictions, we process your information based on:
- Legitimate interests when providing our services and communicating about them
- Legitimate interests when providing technical support and customer services
- Compliance with legal obligations when preventing fraudulent or illegal activities
- Legitimate interests when providing our services and communicating about them
- Legitimate interests when providing technical support and customer services
- Compliance with legal obligations when preventing fraudulent or illegal activities
When We Share Your Information
We may share your information:
- To comply with applicable laws, regulations, or regulatory requests
- To protect the rights and property of Aboon, our employees, agents, customers, and others
- To fulfill explicit customer instructions
- For legal, security, and safety purposes
- When customer administrators need access to information on their accountWith those who need it to do work for Aboon
- To comply with applicable laws, regulations, or regulatory requests
- To protect the rights and property of Aboon, our employees, agents, customers, and others
- To fulfill explicit customer instructions
- For legal, security, and safety purposes
- When customer administrators need access to information on their accountWith those who need it to do work for Aboon
Aggregated and Anonymized Data
We may share aggregated or anonymized data for benchmarking, reporting, analytics, marketing, and content purposes.
Definition of Aggregated/Anonymized Data: Data that has been processed to remove all direct and indirect identifiers such that it cannot reasonably be used to identify any individual or organization. This includes removing names, contact information, unique identifiers, and applying additional techniques such as data generalization and statistical noise.
ERISA-Regulated Data
As a Third Party Administrator (TPA) for retirement plans, we handle data subject to ERISA regulations. For such data, we:
- Maintain records in accordance with ERISA record retention requirements (generally 7 years)
- Implement security measures appropriate for retirement plan data
- Limit access to ERISA-regulated data to authorized personnel only
- Provide necessary data to plan sponsors, participants, and regulators as required by law
- Maintain records in accordance with ERISA record retention requirements (generally 7 years)
- Implement security measures appropriate for retirement plan data
- Limit access to ERISA-regulated data to authorized personnel only
- Provide necessary data to plan sponsors, participants, and regulators as required by law
Business Transactions
If we engage in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction, subject to confidentiality restrictions.
Service Providers and Professional Advisors
We may share information with:
- Third-party service providers who process information to support our Platform
- Professional advisers, insurers, and auditors to meet business requirements and regulations
- Third-party service providers who process information to support our Platform
- Professional advisers, insurers, and auditors to meet business requirements and regulations
Data Security
Access Controls
Aboon limits access to customer data as follows:
- All data is encrypted at rest
- Secure logins and passwords are enforced
- Customer data access is audited and limited to employees on a “least privilege” basis
- Access to production environments is limited based on business need
- Employees receive training on data protection
- All access is immediately revoked upon employee termination
- All data is encrypted at rest
- Secure logins and passwords are enforced
- Customer data access is audited and limited to employees on a “least privilege” basis
- Access to production environments is limited based on business need
- Employees receive training on data protection
- All access is immediately revoked upon employee termination
Technical Safeguards
- All customer data is stored within Amazon Web Services (AWS) infrastructure
- Customer data is segregated to prevent exposure to other customers
- SSL/TLS security on all web requests
- AWS cloud security through Fargate in a designated VPC
- Secure traffic management via CloudFlare
- Sensitive documents stored in private S3 buckets with authentication requirements
- No plain text storage of passwords, API keys, or credentials
- Customer data is segregated to prevent exposure to other customers
- SSL/TLS security on all web requests
- AWS cloud security through Fargate in a designated VPC
- Secure traffic management via CloudFlare
- Sensitive documents stored in private S3 buckets with authentication requirements
- No plain text storage of passwords, API keys, or credentials
Security Assessments
- Code review before implementation, including third-party tools
- Real-time error logging, system monitoring, and security alerts
- Annual vulnerability and security audits by independent third parties
- Real-time error logging, system monitoring, and security alerts
- Annual vulnerability and security audits by independent third parties
Your Rights
General Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Be informed about how we use your personal information
- Access your personal information
- Request correction of inaccurate information
- Request erasure of your personal information
- Data portability (moving your data to another organization)
- Object to certain processing of your information
- Be informed about how we use your personal information
- Access your personal information
- Request correction of inaccurate information
- Request erasure of your personal information
- Data portability (moving your data to another organization)
- Object to certain processing of your information
California Privacy Rights
If you are a California resident:
- You may request information about our disclosure of personal information to third parties for direct marketing purposes (“Shine the Light” law)
- You have rights under the California Consumer Privacy Act (CCPA) - see our CCPA Notice at aboon.com/ccpa
- You have rights under the California Consumer Privacy Act (CCPA) - see our CCPA Notice at aboon.com/ccpa
Data Retention and Deletion
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law, including regulatory requirements applicable to retirement plan administration.
Standard Retention Period: We retain customer data for one year after the relationship has been terminated.
Early Deletion Requests: If you wish to request deletion of your personal information earlier, please contact us at privacy@aboon.com. We will process your request unless retention is required by law or for legitimate business purposes.
Data Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected customers without undue delay, typically within 72 hours of discovery
- Notification will include the nature of the breach, categories of data affected, potential consequences, and measures taken
- We will cooperate with regulatory authorities as required by applicable law
- We maintain an incident response plan that is regularly tested and updated
- We will notify affected customers without undue delay, typically within 72 hours of discovery
- Notification will include the nature of the breach, categories of data affected, potential consequences, and measures taken
- We will cooperate with regulatory authorities as required by applicable law
- We maintain an incident response plan that is regularly tested and updated
Marketing Communications
Opt-In: When creating an account or providing your email to sign up for a demo or join the waitlist, you are opting into our marketing communications.
Opt-Out: All marketing communications include an unsubscribe option. You may opt out at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Emailing privacy@aboon.com with "UNSUBSCRIBE" in the subject line
- Updating your communication preferences in your account settings
- Emailing privacy@aboon.com with "UNSUBSCRIBE" in the subject line
- Updating your communication preferences in your account settings
Transactional Communications: Even if you opt out of marketing communications, we may still send you transactional communications about your account and our business dealings that are necessary for fulfilling our obligations to you.
Changes to This Privacy Policy
We may modify this Privacy Policy over time. Any changes will be reflected on this page and will become effective immediately upon posting. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your personal information.
Contact Information
Please contact us at privacy@aboon.com with any questions regarding this Privacy Policy.
