How your conversations with Boxy are handled
This page covers how Boxy handles your data. For information about how Boxy works and what it can do, see About Boxy.
To monitor the quality and accuracy of Boxy’s responses, and to identify and correct errors, Runbox logs both sides of each conversation — your messages and Boxy’s replies. This allows Runbox to review interactions where Boxy may have given incorrect or incomplete information and to improve Boxy accordingly.
Runbox logs these conversations on the basis of legitimate interests: maintaining the accuracy and reliability of a support tool is a reasonable purpose, and the privacy impact is low. Conversations with Boxy concern Runbox product questions rather than sensitive personal data, and logs are accessible only to a small number of authorised Runbox staff.
Before being written to the log, your messages are automatically sanitised: email address local parts (the part before the @) are replaced with [redacted], values following password-related keywords are redacted, and long numeric strings that resemble payment card numbers are redacted. You should still avoid sharing passwords, payment details, or sensitive personal information in the chat — there is no need to do so, and doing so offers no benefit.
Conversation logs are stored on Runbox’s own servers in Norway and are retained for 10 days, consistent with Runbox’s log retention policy for other services. They are accessible only to authorised Runbox support staff. They are not shared with any third party beyond the AI providers listed below, who process your messages transiently as described.
Cloudflare, which handles network routing for Boxy traffic, receives only anonymised request metadata — response times, token counts, and country codes. Cloudflare does not receive the content of your messages or Boxy’s replies.
Your messages are processed by two AI providers acting as data processors on behalf of Runbox. Mistral AI processes each message to retrieve relevant knowledge base content and to screen for harmful content; Anthropic then generates Boxy’s response. Both providers are GDPR-compliant and neither uses your messages to train their AI models.
| Provider | Location | GDPR transfer basis | Trains on data |
|---|---|---|---|
| Anthropic | San Francisco, USA | EU-approved Standard Contractual Clauses | No |
| Mistral AI | Paris, France | EU-based company — no transfer required | No |
A European-only version of Boxy is available if you require it, in which all AI processing is handled exclusively by Mistral AI in France. Responses may vary in style and detail compared to the standard version.
When you use the send to support feature, your conversation is transmitted via Cloudflare’s infrastructure to Runbox’s server in Norway, where it is emailed to the support team. Your email address, which you provide when sending, is used only to allow the team to respond to your enquiry and is not used for any other purpose.
As a Runbox customer, your data rights under GDPR are set out in Runbox’s Privacy Policy at runbox.com/about/privacy-policy/. These rights include access to, rectification of, and erasure of your personal data.
Country detection uses IP geolocation data provided by IPLocate.io, processed locally on Runbox’s servers. No IP addresses are sent to IPLocate.io.
For more detail on how each provider handles data, see Anthropic’s Privacy Policy and Mistral’s Privacy Policy. For questions specifically about how Boxy processes your data, contact Runbox’s Data Protection Officer at dataprotectionofficer@runbox.com.
← Back to Boxy