Legal

Privacy Policy

This policy explains what personal data Blue Net Box IT collects, why we collect it, how we protect it, and the rights you have over it.

Effective: July 1, 2026 · Version 2.0

Blue Net Box Information Technology ("Blue Net Box IT", "we", "our" or "us") is committed to protecting your privacy. This Privacy Policy applies to bluenetbox.com, the Client Portal at my.bluenetbox.com, and all hosting, domain, email, AI, design and marketing services we provide. By using our website or services, you agree to the practices described here.

1. Data controller

Blue Net Box Information Technology is the data controller responsible for your personal data. We are established in the United Arab Emirates. For any privacy matter — including requests to access, correct or delete your data — contact our data protection team at [email protected].

2. Information we collect

We collect the following categories of personal data:

Account & identity — name, email address, phone number, company name and billing address you provide when you register or purchase.
Billing — invoicing details and partial card data. Full card numbers are processed by PCI-DSS-compliant payment providers and are never stored on our servers.
Technical — IP address, browser type, device information, pages visited and timestamps, collected automatically via cookies and server logs.
Service content — data you store on our hosting and email services, and content you submit to our AI agents. We process this only to deliver the service.
Support & communications — records of your tickets, chats, calls and emails with our team.

3. How and why we use your data

We process your personal data on the following legal bases:

  • Performance of a contract — to provide, manage and renew the services you purchase, process payments and issue invoices.
  • Legitimate interests — to secure our infrastructure, prevent fraud and abuse, and improve our website and services.
  • Legal obligation — to comply with UAE commercial, tax and telecommunications law.
  • Consent — to send marketing communications and set non-essential cookies, where you have opted in. You may withdraw consent at any time.

We do not sell your personal data, and we do not use the content you store on our services for advertising.

4. AI services & your data

Where you use our AI agents (Hermes, OpenClaw, Paperclip), the data and documents you provide are processed solely to generate responses and perform the tasks you request. We do not use your business content to train shared or third-party AI models. Conversations are retained only as long as needed to provide continuity and may be deleted on request.

5. Sharing & sub-processors

We share data only with trusted parties necessary to deliver our services, each bound by a data processing agreement:

  • Payment processors (e.g. Stripe, PayPal) for billing.
  • Domain registries and registrars for domain registration, as required by ICANN.
  • Infrastructure and email-delivery providers operating our platform.
  • Professional advisers and authorities where required by UAE law.

Our main sub-processors and their privacy policies:

Stripe — paymentsPrivacy Policy
PayPal — paymentsPrivacy Policy
Google — analytics, Ads & WorkspacePrivacy Policy
Meta — ads & analyticsPrivacy Policy
Microsoft — Microsoft 365Privacy Policy
N-able — SpamExperts email filteringPrivacy Policy
OpenProvider — domain registrarPrivacy Policy
ResellerClub — domain registrarPrivacy Policy
Cloudflare — CDN, DNS & securityPrivacy Policy
Wasabi — backup storagePrivacy Policy
Backblaze — backup storagePrivacy Policy

This list may change as we add or replace providers; the current version is always published here.

6. Where your data is stored

Your data is primarily hosted on infrastructure located in the European Union, which provides a strong, recognised standard of data protection. Where a sub-processor operates outside the EU, we ensure an adequate level of protection through contractual safeguards. Domain registration data may be transferred internationally as required by the relevant registry.

7. Security

We apply industry-standard technical and organisational measures, including TLS/SSL encryption in transit, encryption of sensitive data at rest, role-based access controls, network firewalls, DDoS mitigation and regular security reviews. No system is perfectly secure, but we work continuously to protect your data and will notify you and the relevant authorities of any breach affecting your personal data as required by law.

8. Data retention

We keep account and billing records for the duration of your relationship with us and for up to seven (7) years afterwards to meet UAE tax and commercial obligations. Support records are kept for three (3) years. Hosting and email content is deleted within 30 days of account termination unless you request an earlier export or a longer retention applies by law.

9. Your rights

Subject to applicable UAE data protection law (and the EU/UK GDPR where it applies to you), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data, subject to legal retention requirements.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent for marketing or non-essential cookies at any time.

To exercise any right, email [email protected]. We respond within 30 days and will not charge you for a reasonable request.

10. Cookies

We use essential, analytics, preference and (with consent) marketing cookies. You can manage your preferences through your browser. For full details, see our Cookie Policy.

11. Children's privacy

Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will post the revised version here with a new effective date and, for material changes, notify you by email or an in-account notice. Continued use of our services after changes take effect constitutes acceptance.