We collect information you provide directly: name, email address, password (hashed with bcrypt), payment information (processed by Stripe, not stored by us), and files you upload.
We automatically collect: IP address (for security), browser User-Agent, usage logs, and session identifiers.
We use collected information to: provide and improve the LegionBox service, process payments, send transactional emails, prevent fraud and abuse, and comply with legal obligations.
Your data is stored on Cloudflare's global edge network (D1 database, KV storage, R2 object storage). Files are encrypted at rest. We do not sell your data to third parties.
Virtual Desktop and Virtual Phone sessions run in ephemeral E2B sandboxes. Session data is destroyed after each session ends. We log session metadata (start/end times, sandbox IDs) for 90 days for abuse prevention.
Account data is retained as long as your account is active. You may request deletion by emailing privacy@legionbox.io. Phone audit logs are retained for 90 days. Screenshots are auto-deleted 30 days after session end.
EU/EEA residents have rights to: access, rectify, erase, restrict processing, data portability, and object. Contact privacy@legionbox.io for requests.
Privacy questions: privacy@legionbox.io