← Back to LegionBox

Privacy Policy

Last updated: June 1, 2026

1. Information We Collect

We collect information you provide directly: name, email address, password (hashed with bcrypt), payment information (processed by our payment processor, not stored by us), and files you upload.

We automatically collect: IP address (for security), browser User-Agent, usage logs, and session identifiers.

2. How We Use Your Information

We use collected information to: provide and improve the LegionBox service, process payments, send transactional emails, prevent fraud and abuse, and comply with legal obligations.

3. Data Storage

Your data is stored on Cloudflare's global edge network (D1 database, KV storage, R2 object storage). Files are encrypted at rest. We do not sell your data to third parties.

4. Compute Sandbox Sessions

Virtual Desktop and Virtual Phone sessions run in ephemeral real compute sandboxes. Session data is destroyed after each session ends. We log session metadata (start/end times, sandbox IDs) for 90 days for abuse prevention.

5. Data Retention

Account data is retained as long as your account is active. You may request deletion by emailing privacy@legionbox.io. Phone audit logs are retained for 90 days. Screenshots are auto-deleted 30 days after session end.

6. Your Rights (GDPR)

EU/EEA residents have rights to: access, rectify, erase, restrict processing, data portability, and object. Contact privacy@legionbox.io for requests.

7. Contact

Privacy questions: privacy@legionbox.io