Nobox

Privacy Policy

Effective date: 11 Aug 2025

This Privacy Policy explains how Nobox Labs Limited ("Nobox", "we", "us") collects, uses, and shares information when you visit or use Nobox Cloud, our backend-as-a-service platform available at https://nobox.cloud, including the website, console, SDKs, APIs, and related services (collectively, the "Services").

1) Who we are

Controller: Nobox Labs Limited. If you use Nobox to store or process your end users' data, you are the controller of that data and Nobox acts as your processor. This policy covers our role as controller of your account and usage information. Our data processing addendum (DPA) governs processor activities for customer-provided data and is available on request.

2) Scope

This policy applies to personal data we collect about visitors, account holders, and users of the Services. It does not apply to content, records, or datasets you store in Nobox on behalf of your end users ("Customer Data")—we process Customer Data solely per your instructions under the DPA.

3) Information we collect

  • Account information: name, email, password hash, organization details, role.
  • Billing information: payment method, billing address, tax IDs (for paid plans).
  • Usage and logs: API requests, IP address, timestamps, identifiers, performance metrics, device and browser information.
  • Diagnostic data: crash/error reports, telemetry, and quality signals.
  • Communications: support requests, feedback, and survey responses.
  • Cookies and similar tech: session cookies, analytics, and preference cookies. See “Cookies” below.
  • Integrations: data we receive from third-party services you connect (e.g., identity, logging, payments), governed by their policies.
  • Customer Data: data you store in Nobox on behalf of your end users. We process as a processor; you determine the nature and purpose of processing.

4) How we use information

  • Provide, operate, secure, and maintain the Services.
  • Authenticate users, prevent fraud/abuse, and enforce policies.
  • Bill for paid features and manage subscriptions.
  • Monitor performance, fix issues, and improve features.
  • Communicate important updates, security notices, and support responses.
  • Comply with legal obligations and defend legal claims.
  • Create aggregated or de-identified insights that cannot reasonably identify you.

5) Legal bases (EEA/UK)

Where applicable, we rely on:

  • Contract: to provide the Services you requested.
  • Legitimate interests: improve security and performance, prevent abuse, and enhance the Services.
  • Consent: for optional cookies/marketing where required.
  • Legal obligation: to comply with applicable laws and regulations.

6) Cookies and analytics

We use cookies and similar technologies to keep you signed in, remember preferences, and measure usage. You can control cookies through your browser settings. If required by law, we will request consent for non-essential cookies.

7) How we share information

  • Service providers/subprocessors: infrastructure, storage, email, payments, analytics—bound by contractual confidentiality and security obligations.
  • Legal and safety: to comply with law, protect rights, safety, and prevent fraud/abuse.
  • Business transfers: in relation to a merger, acquisition, or asset sale.
  • With your direction: when you integrate third parties or request data sharing.
  • We do not sell personal information.

8) International transfers

We may transfer personal data to countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses and technical/organizational measures.

9) Security

We implement administrative, technical, and physical measures designed to protect personal data. No system is 100% secure, and you share responsibility for securing your account, API keys, and Customer Data (e.g., access controls, encryption, backups).

10) Data retention

We retain personal data for as long as necessary to provide the Services and comply with legal obligations. Logs and backups are kept for limited periods aligned with operational and security needs. You can request deletion of your account data; Customer Data retention is controlled by you as the controller.

11) Your rights

Subject to applicable law, you may have rights to:

  • Access, correct, or delete your personal data.
  • Object to or restrict processing, or request portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

You can exercise these rights by contacting us using the details below.

12) Children

The Services are not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from such children.

13) Customer Data and DPA

For Customer Data you store or process via Nobox, you are the controller and Nobox is your processor. We process Customer Data only per your instructions and our DPA. For a copy of our DPA, contact us.

14) Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the "Effective date" above. Material changes will be communicated through the Service.

15) Contact

Nobox Labs Limited

Website: https://nobox.cloud

Email: nobox.hq@gmail.com