Privacy Policy
FastBox is built on a simple principle: your data stays on the device. Your watchlist, taste profile, alert history, and price-history cache are stored locally and never leave the hardware you own. This policy explains exactly what stays local, what leaves, and why.
01Introduction & Scope
This Privacy Policy applies to the FastBox hardware device, its agent runtime and source-recipe library, the FastBox website at fastbox.prizmox.com, any companion applications, and optional cloud services we may offer. It is operated by Prizmox Labs LLC ("we," "us," "our").
02Information We Collect
We collect information in the following categories:
- Account Data: Email address, name, and shipping address when you reserve a device or place an order, plus payment information at the time of purchase.
- Device Telemetry: Hardware health metrics (temperature, uptime, storage usage), firmware version, and error logs. This is opt-in and can be disabled entirely from the device dashboard.
- Usage Analytics: Aggregate statistics on feature usage (e.g., number of source recipes enabled, alert categories used) to improve the product. No watchlist content, taste-profile prompts, or alert payloads are included.
- Payment Data: Processed by our payment provider (Stripe). We do not store credit card numbers.
- Website Analytics: Standard pixel and cookie data from the FastBox website (page views, referrer, UTM parameters, dwell time) to measure marketing effectiveness. We use the Meta Pixel for conversion measurement; you may block it via standard browser controls or your ad-blocker of choice.
03On-Device vs. External Processing
This is the most important section of this policy.
What stays on your device (always):
- Your watchlist, target prices, taste profile, and source-recipe configuration
- The full alert history, including model reasoning text and your accept/dismiss feedback
- The local price-history cache and any imported reference photos or saved-list data
- Your BYOK AI provider key, encrypted on the device's local SSD
- Your push-notification routing preferences and quiet-hours configuration
- Any user-authored source recipes and customizations to the recipe library
What is sent outside the device (only in these specific cases):
- Public source polls: The device fetches publicly accessible web pages from the storefronts and feeds you have enabled (e.g., Amazon, Best Buy, SSENSE, Mr Porter, JJJJound, Yahoo Auctions JP, Going.com). These requests originate from your home IP and travel directly to each source — we do not intermediate them.
- BYOK AI provider calls: When a new item needs to be scored against your taste, the device calls your configured AI provider (Anthropic, OpenAI, Google, or your self-hosted Ollama instance) directly with your key. We do not proxy, log, or observe this traffic.
- Push notifications: Alert metadata is delivered via Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM). Payloads contain only the alert summary needed to render the notification — no taste-profile contents, no watchlist text.
- Firmware and recipe-library updates: The device periodically checks for updates. Only version numbers and hardware identifiers are transmitted — no watchlist or alert data.
What is never sent anywhere:
- Your watchlist text, taste-profile prompt, or saved reference photos
- Your alert history, price-history cache, or accept/dismiss feedback
- Your BYOK provider key or any retailer-account credentials
04AI Data Processing & Model Training
We do not use your data to train AI models. Your watchlist, taste profile, alert history, and feedback are yours. They are stored locally on your FastBox device and are not accessible to us.
FastBox uses a bring-your-own-key model: you provide an API key for Anthropic, OpenAI, Google, or another supported provider, or you point at a self-hosted Ollama instance. Calls go directly from your device to the provider; their data policies govern that traffic. We select integrations whose API terms state they do not train on API inputs by default. You can review each provider's data policy in your device dashboard before enabling it.
05How We Use Your Information
We use the limited data we collect to:
- Process reservations, orders, account management, and customer support
- Deliver firmware and recipe-library updates over the air, plus security patches
- Improve product performance based on aggregate, anonymized telemetry (if you opt in)
- Send product updates and security notifications (you can opt out of non-critical communications)
- Comply with legal obligations
06How We Share Your Information
We do not sell your personal data. We never have and never will.
We share data only with:
- Payment processors: To process reservations and purchases (Stripe)
- Shipping and fulfillment partners: Name and shipping address only, for device delivery
- BYOK AI providers (your direct relationship): Only when you have configured a key and only the specific scoring payload, sent directly from the device to the provider you've chosen
- Push notification carriers: Apple (APNs) and Google (FCM) for the delivery of push notifications to your devices
- Hosting and infrastructure: For the FastBox website and account management (not device data)
- Marketing analytics: Meta (for conversion measurement on the FastBox website only — not on the device)
- Legal compliance: If required by law, subpoena, or court order
07Data Retention & Deletion
On-device data: Stored indefinitely on your device until you delete it. You have full control. Factory reset erases everything.
Account data: Retained while your account is active. Upon account deletion, we remove your data within 30 days, except where legal retention is required (tax, warranty records).
Telemetry data: Anonymized and aggregated. Individual device telemetry is not retained beyond 90 days.
08Data Security
Your FastBox device encrypts stored data at rest. All network communications use TLS 1.3. The device is on your network, behind your firewall, under your physical control. We cannot remotely access your device or its contents — not for support, not for diagnostics, not for any reason.
Should we ever wind down the company, the agent core remains open source under MIT and the device continues to operate without any required cloud check-in.
09Children's Privacy
FastBox is a personal-purchase tool not directed at children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
10Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data
- Export your data in a portable format
- Opt out of telemetry collection
- Withdraw consent for non-essential data processing
- Lodge a complaint with your local data protection authority
11U.S. State Privacy Rights
If you are a California resident (CCPA/CPRA), you have additional rights including the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data. For requests, email privacy@prizmox.com.
12EEA / UK Rights (GDPR)
If you are in the EEA or UK, our legal bases for processing are: contract performance (order fulfillment), legitimate interest (product improvement via anonymized telemetry), and consent (marketing communications). You may contact our Data Protection Officer at privacy@prizmox.com.
13International Data Transfers
Your device data stays on your device — no international transfer. Account and website data may be processed in the United States. We use Standard Contractual Clauses where required for cross-border transfers.
14Changes to This Policy
We will notify you of material changes via email and a prominent notice on our website at least 30 days before they take effect.
15Contact
All inquiries: hello@prizmox.com
Privacy & data-protection requests: privacy@prizmox.com