This policy explains what personal data Blue Net Box IT collects, why we collect it, how we protect it, and the rights you have over it.
Blue Net Box Information Technology ("Blue Net Box IT", "we", "our" or "us") is committed to protecting your privacy. This Privacy Policy applies to bluenetbox.com, the Client Portal at my.bluenetbox.com, and all hosting, domain, email, AI, design and marketing services we provide. By using our website or services, you agree to the practices described here.
Blue Net Box Information Technology is the data controller responsible for your personal data. We are established in the United Arab Emirates. For any privacy matter — including requests to access, correct or delete your data — contact our data protection team at [email protected].
We collect the following categories of personal data:
We process your personal data on the following legal bases:
We do not sell your personal data, and we do not use the content you store on our services for advertising.
Where you use our AI agents (Hermes, OpenClaw, Paperclip), the data and documents you provide are processed solely to generate responses and perform the tasks you request. We do not use your business content to train shared or third-party AI models. Conversations are retained only as long as needed to provide continuity and may be deleted on request.
Your data is primarily hosted on infrastructure located in the European Union, which provides a strong, recognised standard of data protection. Where a sub-processor operates outside the EU, we ensure an adequate level of protection through contractual safeguards. Domain registration data may be transferred internationally as required by the relevant registry.
We apply industry-standard technical and organisational measures, including TLS/SSL encryption in transit, encryption of sensitive data at rest, role-based access controls, network firewalls, DDoS mitigation and regular security reviews. No system is perfectly secure, but we work continuously to protect your data and will notify you and the relevant authorities of any breach affecting your personal data as required by law.
We keep account and billing records for the duration of your relationship with us and for up to seven (7) years afterwards to meet UAE tax and commercial obligations. Support records are kept for three (3) years. Hosting and email content is deleted within 30 days of account termination unless you request an earlier export or a longer retention applies by law.
Subject to applicable UAE data protection law (and the EU/UK GDPR where it applies to you), you have the right to:
To exercise any right, email [email protected]. We respond within 30 days and will not charge you for a reasonable request.
Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
We may update this policy from time to time. We will post the revised version here with a new effective date and, for material changes, notify you by email or an in-account notice. Continued use of our services after changes take effect constitutes acceptance.