1. What we collect
We collect only what is necessary to run the Service: registration email, password hash (never plaintext), interface language, email language, daily-email opt-in, trial/subscription status, login session token and access logs (IP, timestamp, User-Agent).
2. How we use it
Strictly for: (a) authentication and security; (b) sending verification codes, daily picks emails, trial reminders, and important service notices; (c) showing your account information consistent with your subscription state; (d) abuse prevention, anti-scraping and legal compliance.
3. What we never do
We do not sell, rent, or trade your personal information. We do not allow third-party ad-tech or marketing scripts to load on the site. We do not collect biometric data or precise geolocation.
4. Sub-processors
To operate, we use: (1) Cloudflare for edge compute, CDN and storage; (2) Resend for transactional email; (3) Cloudflare Turnstile for human verification. They receive only the minimum data needed to handle each request and are bound by their own privacy policies. We do not use Google Analytics or similar trackers.
5. Cookies
A single HttpOnly + Secure session cookie identifies your logged-in state. It expires on logout or session expiry. We do not use tracking cookies or cross-site cookies.
6. Retention & deletion
Account data is retained until you delete it. Deleting your account marks the record as "deleted" and locks the email from re-registration to prevent trial abuse. Access logs are retained for 90 days; email-push records for 180 days.
7. Your rights
You can view, edit, export, or delete your personal data at any time from Account, or by emailing support@boxbreakout.top.
8. Minors
The Service is not directed at minors under 18. If a minor account is discovered, it will be deleted after email verification.
9. Changes
Changes to this policy are announced at least 14 days before they take effect.
10. Contact
Privacy questions: support@boxbreakout.top