Dynbox Privacy Policy
Last Updated: February 23, 2025 (96d ago)
1. Introduction
By using https://dynbox.co ("Service"), you consent to the data practices described below. This policy complies with GDPR (EU), CCPA (California), and other global privacy laws.
2. Data We Collect
2.1 Account Information
- Free/Pro Users: Email, username
- Pro Users: Stripe payment ID (no card numbers stored)
2.2 File Content
- Files uploaded to Cloudflare R2 storage
- Metadata (file names, sizes, types)
- AI-generated tags/categories (e.g., "Tax Documents")
2.3 Usage Data
- API request logs (IP, timestamp, action)
- Bandwidth consumption
- AI credit usage
2.4 Device/Browser
- OS version, browser type
- Geolocation (country-level) for anti-abuse
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| File synchronization/storage | Contractual necessity |
| AI sorting via Google Gemini | Explicit consent |
| Fraud prevention | Legitimate interest |
| Service improvement (anonymous analytics) | Consent |
| Purpose | Legal Basis |
|---|---|
| File synchronization/storage | jdiwaoj ioawj iodjiawjd ijawiod jawiojd iajwdio jwaiodj aiwojd ioawjdi jawiodj awoidj awoij Contractual necessity |
| AI sorting via Google Gemini | Explicit consent |
| Fraud prevention | Legitimate interest |
| Service improvement (anonymous analytics) | Consent |
AI Note: Gemini processes files temporarily (≤72h) but never retains or trains on your data.
4. Third-Party Data Sharing
| Recipient | Data Shared | Purpose |
|---|---|---|
| Cloudflare R2 | Encrypted files | Storage |
| Google Gemini | File content* | AI processing |
| Neon DB | User metadata | Service ops |
| Vercel | API logs | Hosting |
*Files deleted from Gemini within 72h.
5. Data Security
- Encryption: AES-256 (at rest), TLS 1.3 (in transit)
- Access Control: Role-based (RBAC) for Neon DB
- Audits: Quarterly penetration tests
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account info | Until deletion request |
| File content | 90d post-account closure |
| API logs | 30d |
*Pro users can manually purge files immediately.
7. Your Rights
- Access: Export data via Settings → "Request Archive"
- Correction: Edit profile/email in Account Dashboard
- Deletion: Permanent account removal (excluding legal holds)
- Opt-Out of AI: Disable in Settings → "AI Preferences" (limits sorting features)
*CCPA/GDPR requests: Email privacy@dynbox.co ≤48h response time.
8. International Transfers
- EU data processed under Standard Contractual Clauses (SCCs)
- US/other regions: Cloudflare's Privacy Shield certification
9. Children’s Privacy
Users must be 16+ (13+ with parental consent under COPPA).
10. Policy Updates
We’ll notify changes via:
- Dashboard banner (7d pre-effective)
- Email to account holders
- Updated "Last Updated" date
Contact:
Data Protection Officer: privacy@dynbox.co
SIREN: 924 127 186