1. Who We Are
This Privacy Policy explains how Onbox SAS (“we”, “us”, “our”) collects, uses, and protects personal data when you visit onbox.ing (the “Site”) or join our waitlist. We comply with the EU General Data Protection Regulation (GDPR) and other applicable laws.
2. What Data We Collect
| Category | Examples | Source |
|---|---|---|
| Contact Data | Email address | Provided by you via the waitlist form |
| Technical Logs | IP address, browser type, operating system, timestamps | Captured by Vercel’s basic monitoring |
No cookies or third-party analytics.
We do not set cookies, use Google Analytics, or run similar trackers.
3. Why We Process Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Add you to the waitlist and send product updates | Consent (Art. 6 (1)(a)) |
| Let you unsubscribe at any time via a link in every email | Consent withdrawal |
| Monitor uptime, error rates, and basic traffic to keep the Site reliable and secure | Legitimate interest (Art. 6 (1)(f)) |
4. Who Has Access to Your Data
| Sub-processor | Role | Safeguards |
|---|---|---|
| Vercel Inc. (EU region) | Hosting & basic monitoring | Standard Contractual Clauses (SCCs) where applicable |
| Email delivery provider (e.g., Postmark or Mailgun) | Sending transactional emails | SCCs / EU data-center option |
All providers act under written agreements requiring them to process data solely on our behalf.
5. International Transfers
If personal data leaves the European Economic Area, we rely on SCCs or another lawful transfer mechanism to protect it.
6. Retention
| Data | Typical retention |
|---|---|
| Waitlist emails | Until you unsubscribe or 12 months after product launch (whichever comes first) |
| Technical logs | Up to 30 days, unless required longer for security investigations |
7. Security
We employ industry-standard safeguards such as TLS encryption in transit, least-privilege access controls, and regular vulnerability management.
8. Your Rights
You may, at no cost:
- Access the personal data we hold about you
- Request rectification or deletion
- Withdraw consent (unsubscribe) at any time
- Lodge a complaint with a supervisory authority
Send requests to privacy@onbox.ing. We may ask you to verify your identity.
9. Children
Our Site is not directed to children under 16. We do not knowingly collect data from them.
10. Changes to This Policy
If we materially change this Policy, we will update the “Last updated” date above and, where appropriate, notify you by email.
11. Contact
Onbox SAS
(Address currently being incorporated)
Email: privacy@onbox.ing