CollectorBox
Features Collections
Log in

Privacy Policy

This Privacy Policy explains how we collect, use, and protect your information when you use CollectorBox (the “Service”). We host data in the European Union and work only with service providers selected for their security and reputation. We never sell your data.

Controller & Contact

Controller: CollectorBox
Contact: privacy@collectorbox.co

Data We Collect

  • Account data: your email address (required for account creation and security).
  • Service data: your collections, items, related metadata, and images that you upload. This content is the purpose of the Service.
  • Technical data: essential logs and cookies strictly necessary to provide and secure the Service (see Cookies).

Photo Privacy & Usage

We never share or display photos marked as private. If you choose to mark a photo as public, you grant us a non-exclusive license to host, use, and display that photo solely to operate and promote the Service on our website and apps. You can change a photo’s visibility at any time, which will remove it from public display prospectively.

Purposes & Legal Bases

  • Provide and maintain the Service (performance of a contract).
  • Account authentication, security, and fraud prevention (legitimate interests and legal obligations).
  • Customer support and communications (performance of a contract/legitimate interests).

Sharing

We do not sell your data. We may share information with strictly necessary service providers (“processors”) that help us run the Service (e.g., cloud hosting, email delivery). We select processors for their security and reputation and require appropriate data protection commitments.

Data Location

Data is hosted in the European Union. If in the future we rely on processors outside the EU/EEA, we will implement appropriate safeguards such as the EU Standard Contractual Clauses.

Retention

We retain your account and Service data for as long as your account is active. You may delete items, images, or your account; we will then delete or anonymize related data within a reasonable period unless retention is required by law or for legitimate business purposes (e.g., security logs for limited periods).

Security

We employ technical and organizational measures appropriate to the risk, including encrypted transport, access controls, and least-privilege practices. No system can be 100% secure, but we aim to follow industry best practices.

Your Rights (GDPR)

You have the right to access, rectify, erase, or port your personal data; restrict or object to processing; and withdraw consent where processing is based on consent. To exercise your rights, contact us at the email above. You also have the right to lodge a complaint with your local supervisory authority.

Children’s Privacy

The Service is not intended for children under the age of 13 (or the equivalent age of digital consent in your country). We do not knowingly collect personal data from children.

Changes

We may update this policy to reflect changes to our practices or for legal reasons. We will post the updated version with a new “Effective Date”.

Effective Date: 2025-09-01