Privacy Policy

Please read how your data is processed. These terms were last updated on January 1st, 2025.

Introduction

This Privacy Policy outlines how Biobox ("Company" or "we") manages your personal data, including collection, usage, sharing, and processing practices, as well as your rights concerning your personal data. Our website, https://bio.box ("Service"), is designed for your use, and this policy applies whenever you interact with us, such as through the Service or communication channels like email. "Personal data" refers to information that identifies or relates to you, like your name, birth date, or email. By using the Service, you consent to the terms of this Privacy Policy.

Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

  • Consent: When you provide consent for specific purposes, such as receiving marketing emails via Resend.
  • Contractual Necessity: To fulfill our contract with you, such as managing your account and providing our Service.
  • Legitimate Interests: To improve our Service, provide analytics, and ensure security, provided such interests do not override your fundamental rights.
  • Compliance with Legal Obligations: When processing is necessary to comply with our legal obligations.

Information We May Collect

  • Information You Provide: This includes profile details (name, username, avatar, etc.), contact information, financial details for transactions, and any content you provide within the Service.
  • Information from Third Parties: We might receive details about you from other users, third-party services (such as Sign in with Google, Sign in with Apple, Sign in with Ethereum via WalletConnect), and public sources like social media platforms.
  • Automatically Collected Information: We gather data like browser and device specifics, usage patterns, and analytics through technologies like cookies, web beacons, Supabase, and Vercel Analytics.

Third-Party Authentication and Analytics

When you use Sign in with Google, Sign in with Apple, or Sign in with Ethereum via WalletConnect, we only use the data to facilitate secure account creation or login. No additional data is stored or used for marketing purposes.

We use Supabase as our primary databasing platform. It securely stores information such as email addresses to facilitate login and account management.

Vercel Analytics is used to understand usage trends at a high level, such as top users and general geographic information. This data is anonymized and is not used to track individual users.

Advertising

We use Google Ads and Meta Ads solely to acquire new users for the Service. These platforms may collect general data about ad interactions and link clicks, which are governed by their respective privacy policies. No sensitive or identifiable user data is shared with these platforms.

Analytics Platform for End-Users

Our analytics platform is available for end-users of our Service to gain insights into the performance of their content. This platform is designed to prioritize user privacy by limiting identifiable information. It allows users to identify popular links and their sources while safeguarding sensitive data.

Email Marketing

We use Resend to send marketing emails. You will only receive marketing or promotional emails if you manually opt into our mailing list. You can manage your preferences at any time in the Settings section of the Service or by clicking the "Unsubscribe" link in any marketing email. We ensure compliance with all applicable laws regarding email communication.

Requesting Your Data

You have the right to request access to your personal data, correct inaccuracies, or delete your data. You can also request a copy of your data in a machine-readable format. Please email [email protected] to submit a data request. We will respond within 30 days in accordance with GDPR.

Third-Party Services We Use

  • Google Ads (Advertising)
  • Meta Ads (Advertising)
  • Google (Sign in with Google)
  • Apple (Sign in with Apple)
  • WalletConnect (Sign in with Ethereum)
  • Supabase (Databasing and account management)
  • Vercel Analytics (Usage analytics)
  • Resend (Email marketing)

Account Deletion

If you choose to delete your account, all your personal data will be permanently and irreversibly removed from our platform. This process ensures that no residual data remains stored in our systems.

Your Rights

International users have the right to access, correct, or delete their personal data, opt-out of marketing communications, and more. Specific provisions are in place for California residents regarding data access and non-discrimination for exercising privacy rights.

Data Security

We've implemented measures to protect your data from unauthorized access or misuse. However, complete security cannot be guaranteed. Data collected through services like Google, Apple, WalletConnect, Supabase, Vercel Analytics, and Resend is protected per their respective privacy policies.

International Data Transfers

Your information may be stored and processed in the United States or other countries, subject to different data protection laws.

Children's Privacy

The Service is intended for users over 18. We do not knowingly collect data from children under 13.

Changes to the Privacy Policy

We may update this policy periodically. Significant changes will be communicated to you, and continued use of the Service after updates indicates your acceptance.

Contact

For questions or concerns about your data or this Privacy Policy, please reach out to us at [email protected] .