BoxAIBack to home

Privacy Policy

Last updated: March 14, 2026

1. Introduction

BoxAI ("we", "us", or "our") operates the BoxAI platform at boxaiapp.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services, including the SaaS dashboard, AI chatbot, mobile app, and web widget.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and organization details. If you sign in via Google or GitHub OAuth, we receive your public profile information from those providers.

2.2 Business Data

We store data you provide to configure your chatbot, including product catalogs, business hours, delivery zones, payment settings, and customer information (end customers who interact with your chatbot).

2.3 Conversation Data

Messages exchanged between end customers and your AI chatbot are stored to enable conversation history, analytics, and service improvement. This includes messages sent via WhatsApp, Telegram, Instagram, and the web widget.

2.4 Payment Information

Subscription payments are processed by Stripe. We do not store your full credit card number. Stripe handles payment data in accordance with PCI-DSS standards. Order payments for end customers may be processed via Mercado Pago or Stripe.

2.5 Calendar Data

If you connect Google Calendar, we access your calendar events to enable appointment scheduling. OAuth tokens are stored encrypted and can be revoked at any time from your settings.

2.6 Usage & Analytics

We collect aggregated analytics such as message counts, order volumes, conversion rates, and feature usage to improve our service.

3. How We Use Your Information

  • Provide, maintain, and improve the BoxAI platform
  • Process transactions and send related information (receipts, confirmations)
  • Power AI chatbot conversations with your configured business context
  • Send service notifications (billing alerts, usage limits, security events)
  • Generate analytics and insights for your dashboard
  • Respond to support requests
  • Comply with legal obligations

4. AI & Third-Party Services

BoxAI uses Anthropic's Claude API to power AI chatbot conversations. Conversation messages are sent to Anthropic for processing. Anthropic's data usage policy applies to this processing. We do not use your conversation data to train AI models.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Stripe (payments), Anthropic (AI), WhatsApp/Meta (messaging), Google (calendar, OAuth), Cloudflare (infrastructure)
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or asset sale

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage of sensitive tokens, rate limiting, and access controls. Our infrastructure runs on Kubernetes with network policies and mTLS between services.

7. Data Retention

We retain your data for as long as your account is active. Conversation data is retained per your organization's settings. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

8. Your Rights (LGPD / GDPR)

Under the Brazilian General Data Protection Law (LGPD) and the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to automated decision-making

To exercise these rights, contact us at [email protected].

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or trackers.

10. Children's Privacy

BoxAI is not intended for children under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on our platform.

12. Contact

If you have questions about this Privacy Policy, contact us at: