Skip to main content
← Back to home

Privacy Policy

Last updated: February 28, 2026

1. Data Controller

MonoBox GmbH, Basel, Switzerland, is the data controller responsible for your personal data. This policy complies with the Swiss Federal Act on Data Protection (DSG/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: Name, email address, phone number, postal address.
  • Payment data: Processed by Stripe; we do not store card numbers.
  • Item data: Photos, descriptions, AI-generated identifications, estimated values.
  • Usage data: Pages visited, actions taken, browser type, IP address.
  • Communication data: Support messages and in-app notifications.

3. How We Use Your Data

  • To provide and improve our storage, rental, and marketplace services.
  • To process payments and manage subscriptions via Stripe.
  • To send transactional emails (shipping confirmations, payment receipts).
  • To identify and catalogue your items using AI (Google Vision, Anthropic Claude).
  • To comply with legal obligations (e.g., Swiss tax and accounting requirements).

4. Data Sharing

We share your data only with:

  • Supabase (US/EU): Database and authentication hosting.
  • Stripe (US): Payment processing.
  • Swiss Post: Shipping and delivery of stored items.
  • Google Cloud / Anthropic: AI item identification (image data only).
  • Resend: Transactional email delivery.

We do not sell your personal data. We do not share data for advertising purposes.

5. Data Retention

We retain your data for the duration of your account plus 5 years for legal and accounting purposes (Swiss Code of Obligations, Art. 958f). Item photos are deleted within 30 days of permanent item disposal. You may request earlier deletion subject to legal retention requirements.

6. Your Rights

Under Swiss data protection law, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate data.
  • Deletion: Request deletion of your data ("right to be forgotten").
  • Data portability: Receive your data in a machine-readable format.
  • Objection: Object to processing of your data.

To exercise these rights, email privacy@monobox.ch. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies. No cookie consent banner is required for strictly necessary cookies under Swiss law, but we inform you here for transparency.

8. Security

We implement industry-standard security measures including TLS encryption, secure headers (CSP, HSTS), and role-based access controls. Item photos are stored in private Supabase Storage buckets accessible only to the item owner and authorized MonoBox staff.

9. International Transfers

Some of our service providers (Supabase, Stripe, Google, Anthropic) process data in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) and the providers' certifications under the Swiss-U.S. Data Privacy Framework.

10. Contact & Supervisory Authority

For privacy inquiries: privacy@monobox.ch

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.