Privacy Policy

Last updated: April 2, 2026

Introduction

Abox (referred to as “we” or “us”) delivers tools and services through a multi‑product architecture; we respect and protect your privacy. This Privacy Policy applies to current and future products and services listed on abox.co (including, without limitation, aNote and the urlB browser extension). It explains how we collect, use, store, share and protect your personal information, and how you can manage it.

Different products may process different types and amounts of data: for example, a note app focuses on account and content data; a browser extension focuses on device permissions and local storage, plus server‑side data when you use sharing or similar network features. Beyond the general principles below, we call out typical scenarios.

1. Information we collect

1.1 Information you provide

  • Account details: When you register or use sign‑in features, we may collect items such as phone number or email, username and password (exact fields depend on each product’s flow).
  • Profile: Nickname, avatar and similar fields you choose to provide where a product offers them.
  • Contact: Phone, email or other details you give when you contact us or subscribe to notices.
  • Payments: If we offer paid plans, payment details are handled by qualified third‑party processors; we generally do not store full card numbers or other sensitive payment data.

1.2 Content‑related data that may not always be “personal information”

  • aNote: Note bodies, attachments and note‑related settings you create.
  • urlB: URLs you save, page titles, group and item metadata (such as notes and stars), staging and trash items. Much of this stays locally in your browser by default. We process and store data on our servers only when you use share links, sync (if offered) or other features that clearly require a server, using encrypted transmission where appropriate to deliver that feature.

1.3 Information collected automatically

We may automatically collect the following; what we actually collect depends on the product and features you use:

  • Device and environment: Device model, OS version, browser type and version, language settings, etc.
  • Logs and diagnostics: IP address, access time, request logs, crash logs and similar diagnostics for security and stability.
  • Usage: Feature usage, session length, clicks or paths—used to improve the product (we aim to aggregate or de‑identify where reasonable).

1.4 Information collected only in specific situations

  • Location: We may collect approximate location (for example from IP or region settings) only if a product or feature asks separately and you clearly authorize it. Most Abox productivity tools do not rely on precise location.
  • Third‑party sign‑in: If you sign in with a third party, we receive identifiers and profile elements allowed by that provider.
  • Advertising or attribution identifiers: We may access device ad IDs only if a specific product or build includes advertising, attribution or similar features; not all products include this.

2. How we use information

We use collected information to:

  • Provide, maintain and improve core features (accounts, content storage, share pages, extension and web coordination).
  • Secure services and accounts and prevent fraud or abuse.
  • Send important service notices (security, terms or policy updates).
  • Analyze and improve products where the law allows.
  • Other purposes permitted by law or with your consent.

3. Sharing and disclosure

3.1 What we do not do

We do not sell your personal information.

3.2 When we may share information

  • Service providers: With vendors that host infrastructure, send email, provide support or analytics, under confidentiality and security obligations.
  • Legal requests: When required by law, litigation or competent authorities.
  • Business transactions: In a merger, acquisition or asset sale, we require successors to honor this Policy where the law allows.
  • Protection of rights: When we reasonably believe disclosure is necessary to protect us, our users or the public.

4. Data storage and security

4.1 Where data is stored and legal context

Abox serves users around the world; our products are general‑purpose productivity tools and are not aimed at specially regulated sensitive processing scenarios (for example, scenarios that require a special license for certain categories of sensitive personal data). For performance, availability and resilience, your data may be stored in data centers operated by our chosen cloud providers globally or by region (data may sit in multiple jurisdictions or regions and across nodes due to routing and architecture; deployment may change with product updates and vendor choices—actual processing at the time governs). We apply reasonable technical and organizational measures when storing or processing data in any region.

Because data may be transferred or stored across borders or regions, we follow requirements in relevant jurisdictions on cross‑border transfers, standard contractual clauses, consent and similar mechanisms (including, where applicable, rules in the place of export, place of operation or place of processing on security assessments, standard terms or consent), and we limit processing to what is necessary for the stated purposes.

Applicable law and your own compliance: Except where this Policy or the Terms say otherwise, you agree that, within what applicable law allows, we must follow mandatory rules in the places where we operate and where services are deployed; you must on your own follow the laws that apply where you live, where you access or use the services, and where your data is stored or routed. If jurisdictions differ, mandatory rules that bind you and protect data subjects control; we cannot give you legal advice on every country—please consult a qualified professional if needed.

We take compliance seriously and meet mandatory legal requirements that apply to us in the places where we operate, where we provide services and where we process data, including rules on personal information and network security, within each relevant jurisdiction.

4.2 Retention

  • Accounts: While your account is active, we usually keep related information for as long as needed for the processing purposes.
  • Local data (e.g. urlB): Mostly on your device; when you use sharing, we delete or anonymize share snapshots within a reasonable period after the share expires, you cancel sharing or we clean up under our rules, subject to the feature and legal requirements.
  • Deletion: When you delete your account, we erase or anonymize associated data from production systems within a reasonable time under applicable law and our internal rules, except where the law requires longer retention.

4.3 Security measures

We use reasonable measures such as encryption in transit, access controls, role separation and security reviews to reduce unauthorized access, disclosure, alteration or loss.

5. Your rights

Where applicable law gives you rights, you may typically:

  • Access, copy, correct or delete your personal information.
  • Withdraw consent you gave earlier (some features may stop working).
  • Close your account (use each product’s own flow).
  • Complain or report issues using the contact methods at the end of this Policy.

6. Children’s privacy

Our services are aimed at adults. We do not knowingly collect personal information from children under 14 in ways that target children. If we learn we have collected such data, we will delete it. Parents or guardians who notice this should contact us using the details below.

7. Changes to this Policy

We may update this Policy and notify you by website notice, in‑app message or email, as appropriate. Material changes will be highlighted more prominently. Continued use after the update may constitute acceptance, except where the law requires otherwise.

8. Contact us

For privacy questions, please contact us via: