Boxative Logo

Privacy Policy

Last updated: February 15, 2026

This privacy policy explains how Boxative collects, uses, and protects your personal data in accordance with GDPR.

Data Controller

The data controller responsible for processing your personal data is:

Boxative
Daniel Chiriac
Karlstr. 81, 78054 Villingen-Schwenningen
Germany

Email: support@boxative.app

What Information We Collect

Contact Form Data

  • Data collected: Name, email address, message content
  • Legal basis: Your consent and our legitimate interest in responding to inquiries
  • Purpose: To communicate with you and respond to your inquiry
  • Retention: Contact form data is deleted after your inquiry is resolved, or after 12 months if no response is received.

Technical Data & Website Usage

  • Data collected: IP address, browser type, device type, pages visited, time and date of visit
  • Legal basis: Legitimate interest in ensuring website security and functionality
  • Purpose: Security, troubleshooting, and improving website performance
  • Retention: Server logs are deleted after 7 days.

reCAPTCHA (Google)

  • Service: Google reCAPTCHA v3 to prevent spam submissions
  • Data collected: IP address, browser data, user behavior signals
  • Legal basis: Legitimate interest in protecting our contact form from abuse
  • Data transfer: Data is transferred to Google LLC (USA). Google is certified under the EU-US Data Privacy Framework.
  • More info: Google Privacy Policy

Email Service Provider (Resend)

  • Service: We use Resend to send and receive emails from our contact form
  • Data processed: Your email address, name, message content, and metadata (timestamp, IP address)
  • Legal basis: Contract performance and legitimate interest in reliable email delivery
  • Data location: Resend processes data within the EU/EEA or in compliance with GDPR requirements
  • More info: Resend Privacy Policy

Project & Client Data

  • Data collected: Project requirements, business information, communication history, files you provide
  • Legal basis: Contract performance and legitimate interest in delivering services
  • Purpose: To deliver design and development services
  • Retention: Project data is retained for the duration of the project and up to 10 years after completion for legal and warranty purposes

Cookies & Tracking

This website currently uses minimal cookies:

  • Essential cookies: Required for website functionality (e.g., session management). No consent required as they are technically necessary.
  • reCAPTCHA cookies: Set by Google to verify form submissions. These are considered technically necessary for spam prevention.

Vercel Analytics

  • Service: We use Vercel Analytics to understand website performance and visitor behavior
  • Data collected: Page views, referrer information, device type, browser, geographic location (country/city level), and performance metrics
  • Privacy-focused: Vercel Analytics does not use cookies and does not track visitors across websites. It collects anonymized data only
  • Legal basis: Legitimate interest in improving website performance and user experience
  • More info: Vercel Analytics Privacy Policy

How We Protect Your Data

  • All data transmission is encrypted using HTTPS/TLS protocols
  • Access to personal data is restricted to authorized personnel only
  • We use secure, reputable hosting and email service providers
  • Regular security updates and monitoring
  • No data sales: We never sell, rent, or trade your personal information to third parties

Your GDPR Rights

Under GDPR and German data protection law, you have the following rights:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect past processing)

To exercise your rights, contact us at support@boxative.app. We will respond within 30 days.

Data Retention

Your personal data is stored only as long as needed to fulfill the purposes described in this policy. Retention periods are determined by the nature of the data, our contractual obligations, legal requirements (such as tax and commercial law), and our legitimate business interests in maintaining records for dispute resolution and service delivery.

The retention period varies depending on the type of data and the purpose for which it was collected:

  • Contact inquiries: We retain contact form data until your inquiry is resolved and for a reasonable period thereafter to maintain a record of our communication
  • Project-related data: Client project information is retained for the duration of the project and for a period after completion as required by warranty obligations and legal requirements under German commercial law
  • Financial records: Invoices, contracts, and payment records are retained for the period required by German tax law (typically 10 years)
  • Technical data: Server logs and usage data are generally retained for a shorter period, except when this data is used to strengthen security, improve functionality of our services, or when we are legally obligated to retain this data for longer periods

When your personal data is no longer necessary for the purposes for which it was collected, or when you request deletion (and we are not legally required to retain it), we will securely delete or anonymize it.

International Data Transfers

Some services we use may transfer data outside the EU/EEA:

  • Google reCAPTCHA: Data may be transferred to Google LLC in the USA, which participates in the EU-US Data Privacy Framework
  • Resend (Email Service): Email data is processed in compliance with GDPR. Resend operates within the EU/EEA infrastructure or uses appropriate safeguards for data protection.
  • Hosting: Our website is hosted within the EU/EEA

All international transfers comply with GDPR requirements through adequate safeguards (adequacy decisions, standard contractual clauses, or similar mechanisms).

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority or with the German data protection authority responsible for our location.

Data Protection for Children

Our services are not intended for use by children under the age of 18 ("Child" or "Children").

  • We do not knowingly collect personal information from anyone under 18 years of age
  • Our services are designed for business clients and adult users only
  • If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible
  • If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@boxative.app

Changes to This Policy

We may update this privacy policy to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top shows when changes were made. Material changes will be communicated via email to active clients or through a notice on our website.

Contact & Questions

For privacy-related questions, to exercise your rights, or to request information about your data, contact us at: support@boxative.app