Legal
Privacy Policy
1. Data Controller
BoxOS is operated by H & F Online SRL, Belgium ("we", "us").
We act as data controller for customer account and usage data.
Contact: privacy@getboxos.com
2. Data We Process
Customer-provided data
- Name, email address
- Company name
- Account configuration
- Content you create in BoxOS (boxes, tasks, metadata)
Automatically collected data
- IP address
- Device, browser, logs
- Usage and performance data
Payment data
- Billing identity and subscription status
- Payment card data is processed exclusively by Stripe and never stored by BoxOS
3. How Data Is Used
Data is processed strictly to:
- Provide and operate the BoxOS service
- Authenticate users and enforce access control
- Secure the platform and prevent abuse
- Process subscriptions and invoices
- Comply with legal and accounting obligations
4. Legal Basis (GDPR – Article 6)
| Basis | Purpose |
|---|---|
| Contract performance | Service delivery |
| Legitimate interest | Security, fraud prevention, reliability |
| Legal obligation | Accounting, tax, compliance |
5. Subprocessors
We rely on the following categories of subprocessors:
Infrastructure and hosting
- Microsoft Azure (compute, storage, networking, monitoring)
Authentication
- Microsoft Entra ID / identity services (if enabled)
Payments
- Stripe Payments Europe, Ltd.
These providers act as data processors under GDPR and process data only under contractual instructions. All provide GDPR-compliant Data Processing Agreements.
6. Data Location & Transfers
- Data is hosted in Microsoft Azure EU regions
- No intentional transfer outside the EEA
- If a transfer occurs, it is protected by Standard Contractual Clauses (SCCs)
7. Security Measures
Aligned with Azure and Stripe standards:
- Encryption in transit (TLS)
- Logical access control
- Least-privilege access
- Platform logging and monitoring
8. Data Retention
- Active accounts: retained for contract duration
- Deleted accounts: data deleted or anonymized within a reasonable period, unless legal retention applies
9. Your Rights
You may request:
- Access
- Rectification
- Deletion
- Restriction or objection
- Data portability
Requests: privacy@getboxos.com
10. Cookies
- Strictly necessary cookies only (authentication, security)
- No analytics cookies
- No advertising cookies
11. Changes
Updates are published on getboxos.com.
Material changes are notified in-app or by email.