Plain-language summary
This summary is for your convenience only. The full policy below is what legally applies.
- We store your inventory data locally on your device and, if you enable cloud backup, in Google Firebase.
- We do not sell your data. Third-party services (Google Firebase, Superwall) may process limited data as described below.
- Photos are automatically compressed to JPEG format before upload and are accessible only to your household members.
- You can delete your account and all associated cloud data at any time from Settings → Account.
Box•E ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Box•E mobile application and web application (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
a) Data You Provide
- Inventory data — item names, descriptions, photos, tags, locations, and other fields you enter. This data is stored locally on your device (SQLite) and, if you enable cloud backup or household sharing, synced to Firebase Cloud Firestore and Firebase Storage under your account.
- Account information — if you sign in, we receive your name and email address from your chosen authentication provider (Google, Apple, or email/password via Firebase Authentication). We do not store passwords directly.
- Photos — images you attach to items are stored on your device and optionally uploaded to Firebase Storage, accessible only to authenticated members of your household. Photos are automatically compressed and converted to JPEG format to reduce file size before upload.
b) Data Collected Automatically
- Usage data — Firebase may collect anonymized crash reports and usage analytics (e.g., Firebase Crashlytics, Google Analytics for Firebase) to help us improve reliability and performance.
- Device information — operating system, device type, and app version may be collected as part of crash reports.
- Bug reports — when you submit a report via Settings → About → Report a problem, we send the report text, the error/stack trace (if any), app version, platform, locale, and a randomly generated install identifier (UUID) to our Firebase backend, which forwards it to our maintainer mailbox by email. The install identifier is used for abuse prevention and to group related reports; it is not tied to your account or identity and is reset if you reinstall the app.
- Paywall and subscription data — when paywalls are displayed (for example, when you consider upgrading to a paid plan), our paywall provider Superwall (operated by Nest 22, Inc.) automatically collects information such as a randomly generated device alias, device attributes (OS, device model, locale, app version), paywall interaction events (impressions, taps, dismissals, transactions), and subscription status. This data is used to render paywalls, run experiments, and report subscription analytics. Superwall does not require us to share your name or email address.
c) Location
-
Box•E may request access to your device's location to auto-fill location fields (e.g., GPS coordinates or structured address of a storage location). Location data is stored locally on your device and, if cloud backup is enabled, synced to your private Firestore database. Location data is never sold or shared with third parties. You may deny location permission without affecting core app functionality.
d) NFC
-
Box•E may use your device's NFC hardware to read or write NFC tags that you have linked to inventory items. NFC tag identifiers (UIDs) are stored locally with the item and synced as part of your inventory backup. Box•E does not read NFC tags in the background and only accesses NFC when you explicitly initiate a scan within the app.
e) Bluetooth Tracker Links (Premium)
-
Premium subscribers may link third-party Bluetooth tracker identifiers (AirTag, Tile, Chipolo, Samsung SmartTag, Pebblebee) to inventory items. Box•E stores only the tracker ID label and brand that you manually enter; it does not directly access Bluetooth hardware or communicate with tracker networks. Tapping "Locate" opens the respective tracker manufacturer's app via a deep link.
f) Voice Assistant Integration (Premium)
-
Premium subscribers may enable Siri (iOS) and Google Assistant (Android) integration, which indexes item names and custom voice aliases with the platform voice system. Voice aliases are stored locally and synced as part of your inventory backup. Box•E does not record voice audio; all voice processing is handled by Apple or Google on-device systems.
2. How We Use Your Information
- To provide, operate, and maintain the Service.
- To sync your inventory across your devices (if cloud backup is enabled).
- To allow household members you invite to share access to inventory data.
- To improve and personalize your experience.
- To detect and address technical issues or fraud.
We do not sell your personal data to third parties.
3. Data Storage and Security
Your inventory data is stored primarily on your own device. If you enable cloud features, data is stored in Google Firebase (Firestore and Storage), which is governed by Google's Privacy Policy. Firebase data is encrypted in transit (TLS) and at rest.
Access to your cloud data is restricted to authenticated users. Household data is accessible only to members of that household. We implement reasonable technical and organisational measures to protect your information; however, no method of transmission over the internet is 100% secure.
4. Data Sharing and Disclosure
- Household members — if you create or join a shared household, other members of that household can view and edit the shared inventory.
- Service providers — we use Google Firebase as our backend infrastructure, and Superwall (Nest 22, Inc.) to configure and present paywalls and to track subscription analytics. These providers process limited data as data processors on our behalf, subject to their own privacy policies.
- App stores — purchases of paid plans are processed by Apple App Store or Google Play. Payment details are handled by the relevant store and are not received or stored by Box•E.
- Legal requirements — we may disclose your information if required by law or in response to valid legal process.
- We do not share your data with advertisers or unaffiliated third parties.
5. Children's Privacy
Box•E is not directed to children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children.
6. Your Rights
Depending on your location, you may have the right to access, correct, or delete your personal data, object to or restrict its processing, and request data portability.
To exercise these rights, delete your account from within the app (Settings → Account → Delete Account). This permanently removes all your personal data, items, photos, PDFs, and cloud backups. Box•E does not support partial data deletion — account deletion is all-or-nothing.
For questions about your data or to make a privacy request, email us at support@boxeapp.com.
7. Data Retention
a) Local data
Local inventory data remains on your device until you uninstall the app or manually delete it via Settings → Account → Reset local data.
b) Cloud data — active accounts
Cloud data is retained as long as your account exists. If you delete your account (via Settings → Account → Delete account & data or the account deletion page), your cloud data is permanently deleted within 30 days.
c) Cloud data — lapsed Premium accounts
If your Premium subscription expires, your data is not deleted immediately. Box•E applies the following grace-period lifecycle:
| Days after subscription expires | What happens |
|---|---|
| Day 0–59 | No change. Your cloud data is fully intact. You can re-subscribe at any time to restore full access. |
| Day 60 | A warning notification is sent and an in-app banner appears in Settings. |
| Day 80 | A second, more urgent warning is sent. |
| Day 90 | Soft delete. Your household inventory data is archived to a private staging area. You can still recover it by re-subscribing. |
| Day 180 | Hard delete. All archived Firestore documents and Firebase Storage objects associated with your account are permanently and irrecoverably deleted. |
Re-subscribing before Day 180 restores your data from the staging area and resets the retention clock. After Day 180, data cannot be recovered.
Local data on your device is never affected by the Premium lapse lifecycle — only cloud/synced data is subject to these windows.
d) Photo storage
Photos uploaded to Firebase Storage are compressed (max 1 280 px, JPEG quality 80, EXIF metadata removed) before upload. Photos are counted against your plan's storage quota (5 GB for Premium; 50 GB for Premium+). When you leave a household, your local copies of that household's photos are deleted after a 7-day grace period. Cloud copies remain until the household owner deletes them or the account is closed.
e) Bandwidth logs
Box•E's Cloud Functions may record aggregate bandwidth counters (bytes read/written) per user and per household in Firestore for the purpose of enforcing storage and transfer quotas. These counters do not contain the content of your files and are retained indefinitely for billing and abuse-prevention purposes.
8. Third-Party Services
The Service integrates with the following third-party services, each governed by their own privacy policies:
- Google Firebase (authentication, database, storage)
- Google Sign-In
- Superwall (paywall presentation, subscription analytics, and A/B testing of upgrade offers). Superwall assigns a random device alias and collects device attributes and paywall interaction events. See also Superwall's GDPR and DPA documentation.
- Apple App Store and Google Play (in-app purchases and subscription billing), each governed by Apple's and Google's privacy policies respectively.
9. Website Cookies and Analytics Choices
Our marketing website and web app may use Google Analytics 4 to measure page visits, session activity, and feature usage trends. For visitors in the EU/EEA/UK, analytics is enabled only after consent through our cookie banner. In other regions, analytics may be enabled by default where local law permits.
- Purpose — understand website traffic and improve content/performance.
- Provider — Google Analytics (Google LLC).
- Data points — pages visited, approximate location, browser/device metadata, and on-site interactions.
- Retention — governed by your Google Analytics property retention settings.
- Control — you can accept or reject analytics cookies, and change your choice at any time using the control below.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date above. Continued use of the Service after changes constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
Box•E Support
Email: support@boxeapp.com