Privacy Policy

Effective Date: 2025-01-15

1. Overview

AskBox ("we", "our", "us") respects your privacy and complies with the EU General Data Protection Regulation (GDPR). This Policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

  • Account Data: email address, password (hashed), subscription tier.
  • Content & Usage: uploaded files, manual text input, chat messages, metadata (timestamps, sizes).
  • Billing: handled by Creem.io; we do not store payment card details.
  • Technical Logs: IP address, device/browser info, request metrics, for security and analytics.

3. Purposes of Processing

  • Provide, operate, and maintain the Service.
  • Process subscriptions and payments via Creem.io, our payment processor.
  • Improve features, performance, and security.
  • Provide customer support and respond to inquiries.
  • Comply with legal obligations and prevent fraud.

4. Legal Bases

We process personal data under GDPR legal bases including: performance of a contract, legitimate interests, and consent where applicable.

5. Third‑Party Processing

To deliver the Service, we may transmit data to third-party processors: Vercel (hosting), Supabase (database), Groq and Hugging Face (AI/embeddings), OCR.Space (OCR), and Creem.io (payment processing). These processors are selected for GDPR compliance and data protection standards.

6. Data Retention

We retain data only as long as necessary for the purposes described, and as required by law. You may request deletion at any time.

7. Your Rights

  • Access and obtain a copy of your personal data.
  • Rectify inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.

8. International Transfers

We host primarily in the EU. If data is transferred outside the EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.

9. Security

We apply industry-standard security controls: encryption in transit, access control, logging and monitoring.

10. Contact & Data Controller

Data Controller: Kim Khanh Luu
Address: Neckarstraße 14, 64283 Darmstadt
Email: info@askbox.app info@askbox.app

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority in the EU. In Germany, this is typically the state (Länder) authority responsible for your residence.