Back to Home

Privacy Policy

Last updated: January 23, 2025

Introduction

BoxGalleria ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform for creating and managing before-and-after image galleries.

This policy complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us:

  • Account information (name, email address, password)
  • Business information (business name, type, contact details)
  • Payment information (processed securely through third-party payment processors)
  • Profile information (logo, branding preferences)
  • Communication data (support requests, feedback)

1.2 Content and Files

  • Images you upload (before/after photos)
  • Gallery settings and customizations
  • Templates and designs you create

1.3 Automatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies
  • Log data (access times, error logs)

2. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our platform
  • Account Management: To create and manage your account
  • Processing: To process your images and generate galleries
  • Billing: To process payments and manage subscriptions
  • Communication: To send service updates, newsletters, and support responses
  • Analytics: To understand usage patterns and improve our service
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Compliance: To comply with legal obligations and enforce our terms

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract Performance: Processing necessary to provide our services
  • Consent: Where you have given explicit consent
  • Legitimate Interests: For analytics, security, and service improvement
  • Legal Obligations: To comply with applicable laws

4. How We Share Your Information

We share your information only in the following circumstances:

  • Service Providers: Third-party vendors who help us operate (AWS S3, Clerk, Supabase, Replicate)
  • Payment Processors: To process subscription payments securely
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

We never sell your personal information to third parties.

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure cloud infrastructure (AWS S3, Supabase)
  • Regular security audits and monitoring
  • Access controls and authentication (Clerk)
  • Database row-level security policies

Your data is stored on secure servers located in [Your Region]. We retain your data for as long as your account is active or as needed to provide services.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (EEA Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

CCPA Rights (California Users)

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

To exercise these rights, contact us at privacy@boxgalleria.com

7. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage and performance
  • Provide personalized experiences

You can control cookies through your browser settings. However, disabling cookies may limit some functionality.

8. Data Retention

We retain your data for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you delete your account, we will delete or anonymize your data within 30 days, except where we are legally required to retain it.

9. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequate data protection frameworks
  • Your explicit consent where required

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a notice in our platform

Your continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

BoxGalleria

Email: privacy@boxgalleria.com

Support: support@boxgalleria.com

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.