Privacy Policy
Last updated: 13 June 2026
Pilot baseline; pending legal review.
Table of Contents
1. Introduction and Data Controller
This Privacy Policy explains how LokBox processes personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). LokBox is an offering of bubloo, Kubilé (sole proprietorship), owner Ernesta Kubilé. Data controller: bubloo, Kubilé, Lischenweg 7, 4915 St. Urban, Switzerland (UID: CHE-190.821.402). Email: info@lokbox.ch / privacy@lokbox.ch.
2. Data Categories
We process personal data generated during your use of our platform: (1) Account Data: email address, name (optional), bcrypt password hash, verification status. (2) Client Data (Dossiers): client data entered by fiduciaries (name, legal name, UID, address, canton, contacts, emails, phone numbers, and specific instructions). (3) Task Data & Prompts: workspace instructions, agent execution steps (clicks, navigation paths, errors), temporary screenshots and DOM snippets, and generated results. (4) Uploaded Documents: files provided by the user for task execution (e.g., PDF invoices, receipts). (5) Payment Data: transaction records via Stripe (amount, currency, status, billing address); credit card details are processed directly by Stripe and are never stored on LokBox infrastructure. (6) Usage & Log Data: IP addresses, session tokens, access times, server logs.
3. Purposes of Processing
Processing is carried out for contract performance (delivering the AI agent browser), billing, customer support, platform security, and compliance with legal retention obligations (e.g., Swiss Code of Obligations Art. 958f).
4. Legal Basis (GDPR)
Where GDPR applies, processing is based on: contract performance (Art. 6(1)(b) GDPR) for service delivery; legal obligation (Art. 6(1)(c) GDPR) for accounting retention; legitimate interest (Art. 6(1)(f) GDPR) for platform security and error monitoring; consent (Art. 6(1)(a) GDPR) for user-initiated OAuth integrations.
5. Subprocessors and Locations
We engage the following partners to deliver our infrastructure: Hetzner Online GmbH (Germany, EU) — frontend hosting and agent backend runtime infrastructure; all servers are located in Falkenstein, Germany. Supabase, Inc. (EU data center Frankfurt, Germany) — Postgres database, authentication, and secure object storage (recordings bucket). Amazon Web Services EMEA SARL (Luxemburg/EU) — Bedrock inference platform; executes Anthropic Claude Sonnet 4.6 model inference exclusively in EU data centers (eu-central-1, Frankfurt) using a fail-loud EU data residency guard; no data leaves the EU; no data retention by Anthropic. Google Cloud Vertex AI (Netherlands/EU) — resolver and answer synthesis (Gemini models) within the EU. Stripe Payments Europe, Ltd. (Ireland/EU) — payment processing. Resend, Inc. (EU region) — transactional email delivery. Sentry (Functional Software, Inc., EU region) — server-side application error monitoring (ingest.de.sentry.io).
6. International Transfers
Data storage and LLM inference are located exclusively in the European Union (Germany, Ireland, Netherlands). Google Workspace and Notion integrations transfer data to their respective platforms (including the US) to perform your initiated actions; Standard Contractual Clauses (SCCs) are used. We do not claim Swiss data residency; data lives in Germany/EU.
7. Data Security and Isolation
Workspace Isolation: each workspace is strictly isolated; dossiers and task histories are partitioned at the database level. Credential Protection: OAuth tokens and API keys are stored encrypted using AES-256-GCM; credentials/2FA codes entered via the live view are encrypted in transit and never stored permanently. Model Training: we never use your data to train third-party AI models. PII Redaction: a system for automatic redaction of personal data (PII redaction) is currently rolling out (in testing phase) and is not yet active by default.
8. Retention
Usage Data & Recordings: retained for 30 days by default. Billing Records: kept for 10 years (Swiss CO Art. 958f). Account Data: permanently deleted within 30 days of account deletion.
9. Your Rights and Complaint Body
You have the right to access, rectify, erase, restrict, and object to the processing of your data. Contact privacy@lokbox.ch. You may lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC), Bern; in the EU, the competent supervisory authority of your residence.