Legal

Privacy.

Plain-language summary first; full policy below. We treat the policy as a commitment, not a shield — if any of this is unclear, write to legal@doosrabox.com.

Last updated: 2026-05-08.

The short version

  • We don't train AI on your code, prompts, or files.
  • Each workspace is private. Strong isolation between accounts — other customers can't read your files.
  • We share data with a short list of third-party services — AI, payments, email, CDN, infrastructure. The categories are listed below. Customers under NDA can request the named list.
  • You can export or delete your data any time. Email legal@doosrabox.com.

What we collect

Account

  • Email address, display name, hashed password.
  • Tenant membership, role, billing state.
  • IP address and user agent of each session (for security alerts and abuse handling).

Workspace

  • Files you create or upload to your workspace.
  • Chat history with Claude (stored per session for replay; you can delete a session anytime).
  • App screenshots when Claude explicitly requests them as part of a tool call.

Operational telemetry

  • Per-seat AI usage counts (so we can show you usage).
  • Container uptime, region, build version.
  • Error logs (sanitized — no file contents, no chat content).

What we don't collect

  • We do not train AI models on your data, ever.
  • We do not sell or rent any personal data.
  • We don't use third-party analytics that fingerprint visitors. The marketing site sets no third-party cookies; the app sets exactly one (your session cookie).

Where data lives

Our account infrastructure (sign-in, billing, account metadata) runs in Frankfurt, Germany. Your workspace's files, browser session, and chat history live in the region you picked at signup — Frankfurt or Mumbai. Enterprise customers can pin to dedicated infrastructure.

Subprocessors

We use a small number of third-party services to run Doosra Box. They're listed by category below; the named list is available to customers under NDA — email legal@doosrabox.com.

  • AI provider — receives the prompts you send to the workspace assistant so it can answer.
  • Payment processor — handles all card, UPI, and netbanking transactions; receives billing-related contact information.
  • Email service — delivers our transactional emails (sign-up verification, password reset, billing).
  • CDN provider — serves this marketing site at the edge.
  • Cloud infrastructure provider — runs the servers your workspace lives on.

We don't add new categories of subprocessors without notice. If a named provider in any category changes, we update the named list we maintain for NDA customers; the categories above are stable.

Your rights

You can export your data, correct it, or delete your account at any time. EU/UK customers have full GDPR rights; Indian customers have full DPDP Act rights. Email legal@doosrabox.com with the request and we'll respond within 30 days (usually within 5 business days).

Security

Passwords are hashed and never stored in plain text. Sign-in cookies are tightly scoped and only sent over HTTPS. Public traffic is encrypted in transit. Each account's workspace is isolated at the operating-system level so a bug in our app code can't expose one customer's files to another.

Changes

When we update this policy in a way that affects your rights, we email everyone with an active account at least 14 days before the change. Routine clarifications are noted at the top of this page with a new "last updated" date.

Contact

Email legal@doosrabox.com. For deletion or export requests specifically, mention "Data subject request" in the subject line and we'll route it to the right person.