BoxQR
Terms Legal Sign In

Privacy Policy

Last updated: April 25, 2026

1. Introduction

This Privacy Policy explains how BoxQR ("BoxQR", "we", "our", or "us") collects, uses, discloses, and safeguards information when you use the BoxQR website, iOS mobile application, and related services (collectively, the "Service"). BoxQR is operated by Bowman Ventures LLC, a Georgia limited liability company.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account information such as your name and email address when you create an account
  • Authentication information when you sign in using Sign in with Apple or Sign in with Google, including your name and email address. When you use Sign in with Apple, Apple may provide a private relay email address (an anonymized address Apple generates) if you choose to hide your real email.
  • Subscription and billing information. Payments may be processed by Stripe (for web purchases) or Apple's In-App Purchase system (for iOS App Store purchases). We do not store full payment card details. For App Store purchases, Apple processes payment and we receive only subscription status information.
  • Content you create or upload, such as box names, descriptions, locations, item lists, notes, and photos
  • Photos you choose to submit for AI item detection (see Section 6 below)
  • Communications you send to us, including support requests

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

  • Device and browser information (for example, browser type, operating system, device identifiers)
  • IP address and approximate location derived from IP
  • Usage data (for example, pages visited, actions taken, and feature usage)
  • Log and diagnostic information to help maintain security and performance

2.3 Sign in with Apple and Google

If you choose to authenticate using Sign in with Apple or Sign in with Google, we receive limited information from those providers:

  • Sign in with Apple: We receive your name (on first sign-in only) and an email address. Apple may supply a private relay address — an anonymized email Apple generates on your behalf — if you select "Hide My Email" during sign-in. We use this information only to create and manage your BoxQR account. We do not use your Apple-provided email for marketing without your consent and do not share it with third parties beyond what is necessary to operate the Service. BoxQR is an independent app and is not affiliated with, endorsed by, or sponsored by Apple Inc.
  • Sign in with Google: We receive your name and email address via Google's OAuth service. We use this information only to create and authenticate your BoxQR account. Your use of Google Sign-In is also subject to Google's Privacy Policy.

We do not receive or store your Apple ID password, Google account password, or any other credentials beyond what is necessary for authentication. You may disconnect third-party sign-in methods or manage connected accounts in your BoxQR account settings.

2.4 Mobile App Permissions

The BoxQR iOS app may request the following device permissions:

  • Camera: Used to scan QR codes and capture photos of your box contents. Camera access is only activated when you choose to scan a code or take a photo.
  • Photo Library: Used to let you select existing photos from your device to attach to boxes. Photo library access is only used when you choose to attach a photo.

You may grant or revoke these permissions at any time in your iOS device settings (Settings → BoxQR). Revoking a permission disables the related feature but does not otherwise affect your account or data.

3. How We Use Your Information

We use information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage accounts, authenticate users, and enable features
  • Process subscriptions and payments and send transaction-related messages
  • Respond to support requests and communicate with you about the Service
  • Improve the Service, develop new features, and understand usage trends
  • Protect the security and integrity of the Service, including fraud and abuse prevention
  • Comply with legal obligations and enforce our terms and policies

4. Public Boxes and Shared Links

The Service may allow you to mark a box as public or share access through a link or QR code. If you make a box public or share access:

  • Anyone with the link or QR code may be able to view the information you have chosen to share
  • Shared content may be copied, saved, or re-shared by others outside of BoxQR
  • We cannot control or monitor how third parties use shared content once accessed

You are responsible for the information you include in any public or shared box. Do not include sensitive personal data, confidential information, or anything you do not want disclosed.

5. How We Share Information

We do not sell your personal information. We may share information in the following situations:

  • Service Providers: With third parties that help us operate the Service (for example, payment processing, hosting, storage, email delivery, and analytics)
  • AI Providers: When you choose to use AI item detection, resized copies of the photos you submit are sent to the selected third-party AI provider (see Section 6 below)
  • Legal and Safety: When required by law or if we believe disclosure is necessary to protect rights, safety, or prevent fraud and abuse
  • Business Transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets (information may be transferred as part of that transaction)

6. AI Image Recognition

The Service includes an optional AI item detection feature that can identify objects in photos of your box contents. This feature is not automatic. It is only activated when you explicitly choose to use it by clicking the "Scan with AI" button.

6.1 How It Works

  • When you click "Scan with AI," resized copies of the photos you selected are sent to a third-party AI provider for analysis
  • The AI provider processes the images and returns a list of detected item names
  • We store the detected item names and an image hash (a unique fingerprint of the photo used for caching) in your account
  • You can review, edit, or delete any AI-suggested items before or after saving

6.2 Third-Party AI Providers

Depending on configuration, photos may be processed by one of the following third-party AI providers: OpenAI, Google (Gemini), or Anthropic (Claude). Each provider has its own privacy policy and data handling practices. We send only the resized image data needed for item detection. We do not send your name, email, account details, or other personal information to AI providers.

6.3 What We Do Not Do

  • We do not automatically scan your photos. You must initiate each scan.
  • We do not use your photos or AI results to train AI models. Processing is performed via standard API calls to third-party providers.
  • We do not share AI scan results with other users or third parties beyond the AI provider performing the detection.

7. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain information for as long as necessary to provide the Service and for legitimate business purposes, including to comply with legal obligations, resolve disputes, and enforce agreements. Where available, deleted items may remain recoverable for a limited period before being permanently removed.

9. Your Choices and Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information
  • Export certain data
  • Opt out of non-essential communications

You can manage account information and preferences through your account settings.

9.1 Account Deletion

You may delete your account at any time from within your account settings. Account deletion permanently removes your profile, boxes, items, photos, and associated data from our systems. Some data may be retained for a brief period for legal compliance, fraud prevention, or dispute resolution purposes before being permanently purged. If you signed in using Sign in with Apple or Google Sign-In and delete your BoxQR account, we will no longer retain any information received from those providers.

For assistance with account deletion or to submit a data request, contact us at hello@boxqr.io.

10. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service (for example, to keep you signed in), remember your preferences, and improve performance. You can control cookies through your browser settings, but some features may not function properly if cookies are disabled.

11. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us and we will take appropriate steps.

12. International Users

Your information may be processed and stored in countries other than your country of residence. By using the Service, you understand that information may be transferred and processed outside your jurisdiction.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, contact us at:
Email: hello@boxqr.io