Privacy Policy

Last updated: May 31, 2026

ObjectBox ("we", "us") respects your privacy. This policy explains what data we collect, why, and how we protect it when you use objectbox.online ("Service").

1. Data We Collect

Account information: email address, display name, and hashed password when you register.

Usage data: IP address, browser type, pages visited, timestamps, and feature interactions — collected via first-party analytics only. We do not use any third-party tracking services.

Files: content you upload is stored encrypted. With end-to-end encryption enabled, we have zero knowledge of file contents.

Payment data: processed by our PCI-DSS compliant payment provider. We never store full card numbers on our servers.

2. How We Use Your Data

• To provide, maintain, and improve the Service.
• To authenticate your identity and secure your account.
• To communicate important service updates and security alerts.
• To generate aggregated, anonymized analytics for product improvement.
• To comply with legal obligations and enforce our Terms of Service.

3. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

• Infrastructure providers (cloud hosting, CDN) under strict data processing agreements that meet GDPR standards.
• Payment processors for billing purposes, under PCI-DSS compliance.
• Law enforcement when required by valid legal process, and only to the minimum extent necessary. We publish a transparency report annually.

4. Data Storage & Security

Your data is stored in SOC 2 Type II certified data centers located in Finland and the EU. We employ AES-256 encryption at rest, TLS 1.3 in transit, and conduct regular third-party penetration testing. Access to production systems is restricted to authorized personnel using hardware security keys.

5. Your Rights

Under GDPR and the Finnish Data Protection Act (Tietosuojalaki 1050/2018), you have the right to:

• Access — request a copy of all personal data we hold about you.
• Rectification — correct any inaccurate personal data.
• Erasure — request permanent deletion of your data.
• Portability — export your data in a machine-readable format (JSON or CSV).
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for any optional processing, at any time.
• Complaint — lodge a complaint with your local data protection authority.

To exercise any right, email privacy@objectbox.online. We respond within 30 days.

6. Cookies

We use only essential cookies required for authentication and session management. No third-party tracking cookies, advertising pixels, or fingerprinting technologies are used. You can manage cookie preferences in your browser settings.

7. Data Retention

Account data is retained while your account is active. After account deletion, personal data is purged from all systems within 30 days. Backups containing deleted data are overwritten within 90 days. Anonymized, aggregated analytics data may be retained indefinitely.

8. International Transfers

Your data is stored within Finland and the EU. If any processing occurs outside the EEA, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a minor has created an account, contact us immediately and we will delete the account.

10. Changes to This Policy

We will notify you of material changes via email at least 14 days in advance. Minor clarifications may be made without notice. The "Last updated" date above reflects the most recent revision.

11. Data Protection Officer

Our Data Protection Officer can be reached at:

ObjectBox DPO
dpo@objectbox.online
Helsinki, Finland

General privacy questions? Reach us at privacy@objectbox.online