Privacy Policy
Version 1.0 — May 2026
1. Introduction
TidyBox is a service for smart QR storage labels. It helps people label boxes, containers, shelves and other storage spaces, then view and manage their contents through https://tidybox.eu.
This Privacy Policy explains how RMX Tek Ltd ("we", "us" and "our") collects, uses and protects personal data when you use TidyBox. We operate in the European Union and process personal data in accordance with the General Data Protection Regulation (GDPR).
2. Data We Collect
- Photos uploaded by users: Photos of boxes, shelves and stored items, stored on our servers in /www/tidyboxcdn/.
- Text content: Box names, item lists, descriptions, notes and related inventory information, stored in our MySQL database.
- IP address: Used for rate limiting, anti-vandalism controls and abuse prevention.
- Browser and device information: User agent data such as browser, operating system and device type.
- Session cookies: Used to keep you logged in and maintain your session state.
- Consent choice: Your cookie consent choice stored in the tidybox_consent cookie.
- Email address: Collected if you register an account or use email notifications.
- Telegram ID: Collected if you link Telegram for bot notifications.
3. How We Use Your Data
- To display box contents to authorised scanners and account owners.
- To run AI recognition of photos, as described in the Third-Party Processors section.
- To send notifications by email, push notification or Telegram when enabled by the user.
- To prevent abuse, reduce vandalism and enforce rate limits.
- To process payments for Pro and Business plans.
- To maintain the security, reliability and basic operation of the TidyBox service.
4. Third-Party Processors
We use selected third-party processors to provide specific parts of the service. These providers may process personal data only for the purposes listed below and under their respective privacy policies and data processing terms.
- Google Gemini Vision API (Google LLC, USA): AI photo recognition.
- Anthropic Claude API (Anthropic PBC, USA): AI photo recognition fallback.
- OpenAI Moderation API (OpenAI LLC, USA): Text content moderation.
- Stripe (Stripe Inc., USA/Ireland): Payment processing.
- Resend (Resend Inc., USA): Transactional email delivery.
- Telegram (Telegram FZ-LLC, UAE): Notifications via bot.
Photos submitted for AI recognition may be processed by the above providers under their respective privacy policies.
5. Cookies
We use a small number of cookies to operate the service, remember your choices and keep your account session working.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| tidybox_consent | Stores your consent choice | Essential | 12 months |
| tidybox_session / PHPSESSID | Maintains login session | Essential | Session |
| lang | Remembers your language preference | Functional | 12 months |
6. Data Retention
- Photos: Retained until deleted by the user or until the box is reset.
- Account data: Retained until account deletion is requested.
- IP logs and rate limit data: Retained for 24 hours.
- Consent audit log: Retained for 3 years where required as a legal obligation.
7. Your Rights (GDPR)
Under the GDPR, you have rights over your personal data. You can contact us at privacy@tidybox.eu to make a request.
- Right of access: You can ask for a copy of the personal data we hold about you.
- Right to erasure: You can ask us to delete your personal data, also known as the "right to be forgotten".
- Right to data portability: You can ask for your data in a structured, commonly used format.
- Right to withdraw consent: You can withdraw consent where processing is based on consent.
- Right to lodge a complaint: You can complain to a supervisory authority if you believe your data protection rights have been violated.
8. Open-Code Model Notice
Before a box is claimed by a registered user, any scanner can add or edit its contents. This is by design. Once claimed, access is controlled by the owner.
9. Analytics
We use self-hosted Umami analytics (no cookies, no cross-site tracking). No consent is required for analytics.
10. Changes to This Policy
We will notify registered users of material changes by email. The current version is indicated at the top of this page.
11. Contact
RMX Tek Ltd
privacy@tidybox.eu
Cookies
This site uses the following cookies:
| Cookie name | Purpose | Type | Duration |
|---|---|---|---|
| PHPSESSID | User authentication | Essential | Browser session |
| lang | Interface language | Essential | 1 year |
| tidybox_guest_id | Anonymous user identification in chat | Essential | 1 year |
| consent_choice | Stores your cookie consent choice | Essential | 1 year |