Privacy Policy

Summary Roles Information Collected Processing Automated Decisions Legal Bases Sharing International Transfers Cookies Retention Security Support Access Legal Requests Minors Your Rights Do Not Track California US State Privacy (CPRA) Updates Data Protection Officer Contact

Last updated: October 20, 2025

This privacy policy describes how ByteLogic LLC collects, uses, and protects your personal information when you use our BoxToPlay services.

If you do not agree with our policies and practices, please do not use our services. If you still have questions or concerns, please contact us via our support tickets: https://www.boxtoplay.com/tickets

Summary of Key Points

  • What personal information do we process? We only collect the minimum needed to create your account: first name, last name, and email address.
  • Do we process sensitive information? No, we do not process any sensitive personal information.
  • Do we receive information from third parties? No, we do not receive any information from third parties.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
  • What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

Our Roles: Controller and Processor

Depending on the context, we act either as a data controller or as a data processor.

  • Controller for your account and billing data (when you use our website and services).
  • Processor for customer-hosted or uploaded data that you store with us (processed only on your instructions).
  • Processor for player/server telemetry that flows through your infrastructure when relevant features are enabled.

If you need a Data Processing Agreement (DPA), please contact our support team to obtain it.

1. What Information Do We Collect?

Personal Information You Disclose to Us

We only collect your first name, last name, and email address when you create an account. No other personal data is required.

Information Provided by You
  • Names
  • Email addresses

All personal information you provide to us must be true, complete, and accurate. You must notify us of any changes.

Sensitive Information

We do not process sensitive information.

Technical and Network Data We Collect

As a hosting provider, we process limited technical data to operate and secure the service.

  • Connection metadata such as IP addresses, timestamps, and service/port used (rotating logs).
  • Traffic and resource metrics (CPU, RAM, disk, bandwidth) for service operation and abuse prevention.
  • DDoS mitigation telemetry and threat indicators from our protection partners.
  • Server console and process logs that you choose to enable from your panel.
  • Technical credentials you create (e.g., FTP, databases), stored hashed or encrypted where applicable.

2. How Do We Process Your Information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

Processing Purposes

  • Account Management: To facilitate account creation and authentication and manage user accounts.
  • Security and Fraud Prevention: To protect your information and prevent fraudulent activities.
  • Legal Compliance: To comply with applicable legal obligations.

Automated Decision-Making and Profiling

We do not make decisions with legal or similarly significant effects solely based on automated processing. Some automated rules may temporarily restrict traffic to protect against abuse (e.g., DDoS mitigation).

3. What Legal Bases Do We Rely On?

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information.

  • Consent : We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract : We may process your information when necessary to fulfill our contractual obligations to you, including providing our services and managing your account.
  • Legal Obligations : We may process your information where we believe it is necessary for compliance with our legal obligations.
  • Legitimate Interests : We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your information for security purposes, to prevent fraud, or to improve our services.
  • Vital Interests : We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

4. When and With Whom Do We Share Your Information?

We may share information in specific situations and with specific categories of third parties.

Vendors and Service Providers

We share only what is strictly necessary with a few service providers (e.g., transactional email) to deliver the service. We do not sell your personal data.

  • Google Analytics (anonymous usage metrics)
  • Transactional email delivery providers
  • Payment processors and anti-fraud services
  • DDoS protection and network security providers

International transfers

Your information may be transferred to, stored, and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA), where data protection laws may differ. When we transfer personal data outside the EEA, we implement appropriate safeguards to ensure your data remains protected in accordance with this privacy notice and applicable data protection laws. These safeguards include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers and partners.
  • Transfers to countries recognized by the European Commission as providing an adequate level of data protection (adequacy decisions).
  • Data Processing Agreements (DPAs) with all vendors that process personal data on our behalf.
  • Additional technical and organizational security measures to protect data during international transfers.

5. Do We Use Cookies and Other Tracking Technologies?

We may use cookies and similar tracking technologies to access or store information.

Specific information about how we use such technologies is set out in our Cookie Notice.

You can manage your cookie preferences from your browser settings or by using the cookie controls displayed on our site.

6. How Long Do We Keep Your Information?

We keep your personal information only for as long as necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law.

We retain your personal information for as long as you maintain an active account with us. We do not automatically delete inactive accounts unless you explicitly request deletion.

When you request account deletion, we immediately delete all your personal information, except where retention is required by law (e.g., for tax or legal compliance purposes).

Backups and Snapshots

We perform regular backups or snapshots to help recover from incidents. Backup retention windows are limited and roll over automatically; when retention expires, backups are deleted or overwritten.

7. How Do We Keep Your Information Safe?

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process.

Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by applicable data protection laws. We will provide you with information about the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address the breach.

Support Access to Your Services

Our support staff may access your service configuration strictly to troubleshoot issues you request.

  • Access is limited to the minimum necessary scope and duration.
  • Access is governed by internal controls, least-privilege, and is logged.
  • Administrative actions taken by staff are logged for audit and security.

Handling of Legal Requests

We review all law enforcement and legal requests. We only disclose data when legally required and after verifying the request’s validity.

8. Do We Collect Information From Minors?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18.

If you become aware of any data collected from children under age 18, please contact us via our support tickets: https://www.boxtoplay.com/tickets

9. What Are Your Privacy Rights?

Your GDPR Rights

  • Request access to your personal information and obtain a copy
  • Request rectification or erasure of your information
  • Restrict processing of your data in certain circumstances
  • Receive your data in a structured, commonly used format
  • Object to the processing of your personal information

Response Time

We will respond to your request within one month of receipt. If your request is particularly complex or you have made multiple requests, we may extend this period by a further two months, in which case we will notify you and explain the reason for the delay.

Withdrawing Consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time.

Unsubscribe from Marketing

You can unsubscribe from our marketing communications at any time by clicking the unsubscribe link in the emails we send.

Account Information

You may at any time review or change the information in your account or terminate your account.

File a Complaint

If you are located in the EEA or UK and you believe we are unlawfully processing your information, you have the right to complain to your local data protection supervisory authority.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track feature. Currently, we do not respond to Do-Not-Track browser signals.

11. Do California Residents Have Specific Privacy Rights?

Californias Shine The Light law permits our users who are California residents to request and obtain, once a year and free of charge, information about categories of personal information disclosed to third parties.

If you are under 18 years of age, reside in California, and have a registered account, you have the right to request removal of unwanted data that you publicly post.

12. US State Privacy Rights (including California CPRA)

Depending on your state of residence in the United States (e.g., California, Virginia, Colorado, Connecticut, Utah), you may have specific privacy rights. This section explains those rights and how to exercise them with us.

Notice at Collection

We collect only the minimum personal information needed to provide our services (first name, last name, email), plus technical data strictly necessary for security and service operation (e.g., IP logs, telemetry for DDoS mitigation). See sections above for details.

Your US State Privacy Rights

  • Right to know/access the categories and specific pieces of personal information we have collected about you.
  • Right to delete personal information, subject to certain exceptions (e.g., security, legal compliance).
  • Right to correct inaccurate personal information.
  • Right to data portability (receive a copy of your personal information in a portable format).
  • Right to opt out of the sale or sharing of personal information and of certain targeted advertising.
  • Right to non-discrimination for exercising your privacy rights.

How to exercise your rights

To submit a request (access, deletion, correction, portability, or opt-out), open a support ticket: https://www.boxtoplay.com/tickets. We will verify your request as required by applicable law. Authorized agent requests are accepted with proper proof.

Global Privacy Control (GPC)

If your browser or extension sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of sale/sharing where applicable.

We do not sell or share personal information as defined by applicable US state laws.

13. Do We Make Updates to This Notice?

We may update this privacy notice from time to time. The updated version will be indicated by an updated Revised date.

Data Protection Officer

You can contact our Data Protection Officer via our support tickets. Please include "DPO" in the subject: https://www.boxtoplay.com/tickets

14. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, please open a support ticket.

Support tickets: https://www.boxtoplay.com/tickets

ByteLogic LLC
Compass Building, Al Shohada Road, AL Hamra Industrial, Ras Al Khaimah, United Arab Emirates

Last updated: October 20, 2025 - ByteLogic LLC - All Rights Reserved

🍪