This privacy notice for OpenBox AI LLC ("Company," "we," "us," "our") describes how and why we might collect, store, use, and share your information when you use our services ("Services"), including when you visit openbox.ai, use our platform or SDK, or engage with us in other related ways.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. Contact us at contact@openbox.ai.

TABLE OF CONTENTS

1. What Information Do We Collect?

2. How Do We Process Agent Data?

3. How Do We Process Your Information?

4. When and With Whom Do We Share Your Personal Information?

5. How Long Do We Keep Your Information?

6. How Do We Keep Your Information Safe?

7. Do We Collect Information from Minors?

8. What Are Your Privacy Rights?

9. Controls for Do-Not-Track Features

10. Do We Make Updates to This Notice?

11. How Can You Contact Us About This Notice?

12. How Can You Review, Update, or Delete the Data We Collect From You?

1. WHAT INFORMATION DO WE COLLECT?

We collect personal information that you voluntarily provide to us when you register for an account, express interest in our Services, or contact us. This includes your name, email address, organization name, and any other information you choose to provide.

We also automatically collect certain technical information when you use the Services, including IP address, browser type, device information, and usage data such as pages visited and features used. This technical data does not include the content of Agent Data processed through the governance layer, which is addressed separately in Section 2.

We do not process sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, or health data.

2. HOW DO WE PROCESS AGENT DATA?

When you deploy the OpenBox SDK to govern your AI agents, the OpenBox governance layer processes data generated by or transmitted through your agents ("Agent Data"), including prompts, agent outputs, API calls, decisions, and execution metadata. This is fundamental to how the Services work — the governance layer must observe agent execution in order to enforce policies and generate Attestation Records.

We process Agent Data solely to provide the Services to you. We do not use Agent Data to train machine learning models, to develop competing products, or to provide services to other customers. Agent Data is your data and remains under your control.

You are responsible for ensuring that any personal data present in your agent workflows has an appropriate legal basis for processing under applicable law, and that your deployment of the OpenBox SDK complies with your own data obligations and any applicable third-party agreements.

3. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for the following purposes:

• To facilitate account creation and authentication and otherwise manage user accounts.

• To deliver and facilitate delivery of the Services to you.

• To respond to your enquiries and provide support.

• To send administrative information such as updates to our Terms or this policy.

• To protect the Services, including fraud monitoring and security.

• To comply with our legal obligations.

• To evaluate and improve our Services and your experience.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We do not sell, rent, or trade your personal information to third parties. We may share information in specific situations:

• Service providers: We share information with third-party providers who perform services on our behalf, including Amazon Web Services (cloud hosting) and email communication providers. All providers are contractually obligated to protect your information.

• Business transfers: If OpenBox is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

• Legal requirements: We may disclose information where required by law, court order, or governmental authority.

Our Services are hosted on Amazon Web Services (AWS) infrastructure in the us-east-1 region (Northern Virginia, United States).

If you are located outside the United States, your information will be transferred to and processed in the United States. If you are based in the EU or EEA and require a Data Processing Agreement (DPA) or information about our data transfer mechanisms, please contact contact@openbox.ai.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your personal information for as long as necessary to fulfil the purposes set out in this notice, unless a longer period is required by law. In practice: account data is retained for the duration of your account plus 30 days; Attestation Records are retained for the duration of your account plus 30 days to allow export; usage and technical data is retained for up to 12 months; and support communications are retained for up to 3 years. When we no longer need your information, we delete or anonymize it.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process, including encryption in transit and at rest, access controls, and API key authentication. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise absolute security.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. If we learn that personal information from users under 18 has been collected, we will take reasonable measures to promptly delete such data.

8. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, or delete data we hold about you.

If you are located in the EU or EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection supervisory authority. Contact contact@openbox.ai to exercise any of these rights.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA) including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of its sale. We do not sell personal information. To exercise your California rights, contact contact@openbox.ai with "California Privacy Request" in the subject line.

Residents of other US states with applicable privacy laws (including Colorado, Connecticut, Virginia, Utah, and Texas) may have similar rights. Contact us at contact@openbox.ai to make a request.

You may also review, change, or terminate your account at any time by contacting us.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature. As there is no uniform standard for recognizing DNT signals, we do not currently respond to them. If a standard is adopted in the future, we will update this notice accordingly.

10. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we will notify you either by posting a notice on our website or by sending you an email.

11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, please contact us at:

OpenBox AI LLC

8 The Green, Ste R, Dover, DE 19901

United States

contact@openbox.ai

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us directly at contact@openbox.ai.