CryptoBox Privacy Policy

Last updated: April 3, 2026

Welcome to CryptoBox. We take your privacy and personal information seriously. This Policy applies whenever you access or use our services in any way.

For purposes of this Policy, “Services” means the mobile privacy-sandbox capabilities provided by CryptoBox, including without limitation encrypted app and media protection, screen-time insights, time- and location-based rules, stealth and gesture responses, and related features. “We” means the operator or service provider of CryptoBox. “You” means you as a user of the Services. By accepting this Privacy Policy, you agree that we may collect, store, use, and disclose your personal information as described here. We respect user privacy and will not disclose your information to third parties for unrelated purposes without a lawful basis and, where required, your consent.

Please read this Policy carefully and use the Services only after you fully understand and agree. If you or your guardian do not agree with any part of this Policy, you should stop using the Services immediately.

This Policy explains:

  • How we collect and use your personal information
  • How we share, transfer, and publicly disclose personal information
  • How we store and protect personal information
  • Your choices and rights
  • Third-party information sharing / SDK list
  • How we treat minors’ personal information
  • Updates to this Policy
  • How to contact us

We know personal information matters to you. Protecting it is fundamental to our product. We strive to keep your information secure and use it reasonably in line with applicable law and our commitments. We also work to implement industry-recognized safeguards for personal data.

I. How we collect and use personal information

We collect and use personal information for the purposes described in this Policy, including:

Device and environment information. To help the software and Services operate securely, reduce fraud, and protect accounts, we may collect device-related information such as manufacturer, model, device language, device name, OS and application versions and types, language settings, resolution, IP address, system platform and version, application package name and version, and device identifiers where available and permitted (for example, advertising identifiers on iOS, MAC address, IMEI, OpenUDID, or similar identifiers depending on platform and permissions). If you do not permit collection where such data is essential for security verification, certain features may be limited. Where permitted and needed for risk detection or aggregated statistics, we may also collect such device information when the App runs in the background; we apply de-identification, encryption, or similar measures where appropriate and limit collection frequency to a reasonable scope.

Local storage. During use, we may write data to local caches on your device so that preferences, vault-related data, usage records within the App, and similar information can persist and to reduce unnecessary network traffic. Much of this stays on your device unless otherwise stated.

Location information (if you enable it). If you use geo-fencing or location-based rules, we may process location-related data as needed to provide those features, in line with system permissions you grant.

Other uses. (1) When we display personal information, we may use masking, replacement, or anonymization where appropriate. (2) If we use personal information for purposes not described here, or use information collected for one purpose for another purpose, we will seek your consent where required. Services may evolve; if we introduce new features that require new types of data, we will explain the purpose, method, and scope (for example, through in-app notices or updated Policy) and obtain consent where required. If you do not agree, you may be unable to use that specific feature, but other features may remain available.

Exceptions where consent may not be required. Applicable law may allow collection or use without prior authorization in certain cases, such as: (1) matters related to national security or defense; (2) public safety, public health, or major public interests; (3) criminal investigation, prosecution, trial, or enforcement; (4) protection of life, property, or other major lawful interests where obtaining consent is impractical; (5) information you have made public yourself; (6) information collected from lawful public disclosures such as news or government releases; (7) information necessary to perform a contract with you; (8) information necessary to maintain safe and stable operation of the Services (for example, detecting or handling faults or abuse); or (9) other circumstances stipulated by laws and regulations.

II. How we share, transfer, and disclose personal information

Sharing. We do not share your personal information with unrelated companies, organizations, or individuals, except:

  1. With your explicit consent;
  2. Where required by laws, regulations, or compulsory requests from competent authorities;
  3. With our affiliates, only as necessary for stated purposes and subject to this Policy (affiliates must not change purposes without renewed consent where required);
  4. With authorized partners who help us provide specific functions (for example, analytics or crash reporting), only to the extent necessary and subject to agreements requiring them to comply with this Policy and appropriate security measures. Where a partner processes data based on its own legal basis (for example, with your separate consent), we will describe that in the SDK list or partner notice.

We require recipients who receive personal information under strict confidentiality and security obligations to process it only as instructed and as permitted by law.

Transfer. We do not transfer your personal information to third parties except with your explicit consent, or in mergers, acquisitions, or bankruptcy proceedings where we require successors to remain bound by this Policy or to obtain your consent again as required by law.

Public disclosure. We publicly disclose personal information only when we have your explicit consent, or when required by law, legal process, litigation, or competent authorities.

III. How we protect personal information

  1. We use security measures aligned with common industry practice to protect personal information against unauthorized access, disclosure, use, alteration, damage, or loss, including encryption in transit where appropriate (for example, HTTPS), encryption or protection for sensitive data at rest where applicable, access controls, and staff training on privacy and security.
  2. We aim not to collect information unrelated to the purposes in this Policy. We retain information only for as long as needed for those purposes unless a longer period is required or permitted by law.
  3. The Internet is not perfectly secure. Email, instant messaging, and similar channels may be unencrypted; avoid sending sensitive personal information through them. Use strong passwords and device protections to help secure your account.
  4. Despite reasonable safeguards, no system is immune to all risks. The networks and devices you use may be outside our full control.
  5. If a personal data breach occurs, we will notify you and regulators as required by applicable law, describing the incident, likely impact, measures taken or planned, and suggestions for self-protection, using email, message, push, announcement, or other reasonable means when individual notice is impracticable.

IV. Your choices and rights

Subject to applicable law, you may have rights regarding your personal information, including:

  1. Access. You may request access to certain personal information we hold about you by contacting us at the email below.
  2. Correction. If information is inaccurate or incomplete, you may request correction; we may verify your identity first for security.
  3. Deletion. You may request deletion where we have violated laws or our agreement with you in collecting, using, sharing, or disclosing data, or where we unlawfully or excessively disclosed data; we may require you to stop public disclosure or ask recipients to delete data as appropriate.
  4. Account cancellation. You may request to cancel your account (if applicable) via the contact email. Cancellation may prevent use of certain features; proceed with care. Where you signed in through a third party, you may also need to follow that third party’s account closure process.
  5. Response to requests. For security, we may ask you to prove your identity. We may refuse requests where required by law (for example, national security, criminal justice, bad-faith or abusive requests, disproportionate cost, serious harm to others’ rights, or trade secrets).

V. Third-party SDK and partner list

To keep the Services stable and to enable certain features, the App may embed SDKs or similar components from authorized partners. We assess such integrations for security and require partners to process data in line with this Policy and applicable agreements, except where they rely on a separate legal basis (for example, your separate consent).

We will list the name, purpose, types of personal information involved, and privacy policy link for each third-party component that collects personal information. As of the date above, if no such component is integrated in the current public release, the table may show “None” or remain empty; we will update this Policy, the official website, or in-app notices when integrations change.

Name Purpose Personal information types (if any) Privacy policy link
None as of this update (placeholder—update when SDKs are integrated).

VI. Minors

Our Services are intended primarily for adults. Children should not create their own accounts without parental or guardian consent. If we collect children’s information based on consent, we use or disclose it only as permitted by law, with verifiable parental consent, or when necessary to protect the child.

We treat anyone under 14 as a child for purposes of this section where applicable law so provides. If we learn we collected a child’s information without required consent, we will delete it as soon as practicable.

If you are a minor, please read this Policy with your guardian and use the Services only with their agreement. If your guardian does not agree, stop using the Services and contact us so we can take appropriate steps. Guardians who believe we collected a child’s data without consent may contact us to request deletion.

VII. Updates to this Policy

We may revise this Policy from time to time. For changes that materially reduce your rights, we will notify you in a prominent way within the Services, by in-app message, email, or other reasonable means before the change takes effect where required. If you do not agree, you should stop using the Services. Continued use after the effective date constitutes acceptance of the updated Policy.

Material changes may include: significant changes to processing purposes, categories of data, or methods; ownership or organizational changes affecting personal information; major changes to your rights or how to exercise them; changes to the security responsibility department or complaint channels; or high-risk findings from impact assessments.

VIII. Contact us

For questions, complaints, or requests regarding this Policy or your personal information, contact us at: support@crptosandbox.app.