Legal
Privacy policy
This privacy policy explains the default categories of data processed by livexbox. Review it with counsel and adapt it to the service jurisdiction, processors, retention schedule, and customer support workflow.
Data processed
- Account data such as admin email, password hash, billing profile fields, plan state, invoices, payment metadata, and password reset tokens.
- Chat data such as messages, rendered message HTML, usernames, user roles, avatars, reactions, moderation state, bans, filters, archives, and exports.
- Service data such as IP-derived abuse signals, country lookup results, sessions, rate limit counters, client error pixels, webhook delivery metadata, realtime health metrics, and audit logs.
How data is used
- To deliver hosted chat widgets, enforce plan limits, route realtime traffic, process invoices, provide account recovery, detect abuse, and support customers.
- To send configured email such as password reset links, daily digests, and payment or support messages when SMTP is enabled.
- To secure the service through brute-force guards, webhook private-network protections, publish security tags, country restrictions, proxy detection, bans, and audit logs.
Controls and retention
- Admins can delete messages, export archives, manage users, rotate publish security tags, clear integration secrets, change account details, and delete their box account.
- Retention periods for logs, invoices, backups, and message archives should match legal and customer obligations.
- SSO launch tokens and password reset tokens are stored only as hashes and are designed for short-lived, one-time use.