Effective Date: March 10, 2026
This Privacy Policy describes how SWYPE FZE (Dubai, UAE) and Digital Services LLC (Batumi, Georgia) (collectively, "Company", "we", "us") collect, use, share, and protect personal data when you use the Enbbox platform, website, APIs, and related services (the "Services").
1. Who We Are
Enbbox is a notification infrastructure platform operated by SWYPE FZE (Dubai, UAE) and Digital Services LLC (Batumi, Georgia). We act in two capacities:
| Role | When |
|---|---|
| Data Controller | When we collect your account data, usage analytics, and website visitor data |
| Data Processor | When we deliver notifications to your subscribers on your behalf |
Contact: [email protected]
2. Data We Collect as a Controller
2.1 Account Data
When you register, we collect:
- Name and email address
- Organization/company name (optional)
- Authentication credentials (OAuth tokens, hashed passwords)
- Billing information (processed by Stripe — we do not store full card numbers)
2.2 Usage Data
We automatically collect:
- Dashboard activity (pages visited, features used)
- API usage metrics (request counts, error rates)
- Device and browser information
- IP address and approximate geolocation
2.3 Website Visitor Data
When you visit enbbox.com, we collect:
- Pages viewed and referral source
- Browser type, device type, operating system
- Cookies and similar technologies (see Section 8)
3. Data We Process on Your Behalf (As Processor)
When you send notifications through Enbbox, we process your subscribers' data on your behalf. This may include:
- Subscriber identifiers (IDs, email addresses, phone numbers, device tokens)
- Notification content you define in workflows
- Delivery metadata (timestamps, channel, delivery status)
You are the data controller for this data. We process it solely to deliver your notifications and provide the Services, as described in our Data Processing Agreement.
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Services | Contract performance |
| Process payments and billing | Contract performance |
| Send service communications (outages, updates) | Legitimate interest |
| Improve the Platform and fix bugs | Legitimate interest |
| Respond to support requests | Contract performance |
| Comply with legal obligations | Legal obligation |
| Marketing communications (with consent) | Consent |
5. Sharing Your Data
We share personal data only with:
| Recipient | Purpose |
|---|---|
| Stripe | Payment processing |
| Cloud infrastructure providers | Hosting and data storage |
| Notification providers (SendGrid, Twilio, FCM, etc.) | Delivering notifications on your behalf |
| Analytics services | Platform usage analytics |
| Legal authorities | When required by applicable law |
We do not sell your personal data.
6. International Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. We use appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all sub-processors
- Encryption in transit (TLS 1.3) and at rest (AES-256)
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Usage/analytics data | 24 months |
| Notification delivery logs | Per your plan's retention policy (7–90 days) |
| Billing records | 7 years (legal requirement) |
| Support tickets | 3 years after resolution |
8. Cookies and Similar Technologies
We use cookies for:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management | Session |
| Functional | User preferences, locale | 1 year |
| Analytics | Usage statistics (Google Analytics) | 2 years |
You can manage cookie preferences through your browser settings.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data ("right to be forgotten")
- Port your data to another service
- Object to processing based on legitimate interest
- Restrict processing in certain circumstances
- Withdraw consent for marketing communications
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- API key hashing and secure credential storage
- Regular security reviews and dependency auditing
- Role-based access control within the Platform
For more details, see our Security page.
11. Children
The Services are not directed to individuals under 18. We do not knowingly collect data from children. If we learn that we have collected data from a child, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before they take effect.
13. Contact
For privacy-related inquiries:
SWYPE FZE — Dubai, UAE Digital Services LLC — Batumi, Georgia Email: [email protected]
For EU/EEA data protection matters, you may also lodge a complaint with your local data protection authority.