Privacy Policy

Last updated: January 2025

LOX Cold Backup Service ("We", "Us", "Our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our backup service.

Your backups are encrypted with AES-256

We cannot read your encrypted backup content

Data deleted automatically after retention

Contents

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Organization name (for business accounts)
  • Password (stored as a secure hash, never in plain text)
  • Billing information (processed by our payment provider)

1.2 Technical Information

We automatically collect:

  • IP addresses (for security and rate limiting)
  • Browser and device information
  • API usage logs (endpoints called, timestamps, response codes)
  • Login and authentication events

1.3 Backup Metadata

For each backup, we store metadata including:

  • Backup identifier (UUID)
  • File size
  • Checksum (for integrity verification)
  • Upload timestamp
  • Retention period and expiration date
  • Storage target locations
  • Malware scan results

1.4 Backup Content

The actual content of your backups is encrypted and stored. We do not access, analyze, or read the content of your encrypted backups except during the malware scanning process that occurs before encryption.

2. How We Use Your Information

We use your information to:

  • Provide the Service: Store, encrypt, and manage your backups
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Communication: Send service notifications, security alerts, and billing information
  • Improvement: Analyze usage patterns to improve the Service (aggregated, anonymized data only)
  • Legal Compliance: Comply with applicable laws and regulations
  • Support: Respond to your requests and provide customer support

We do not use your information for advertising, profiling, or sale to third parties.

3. Backup Data Processing

3.1 Your Role as Data Controller

For the personal data contained within your backups, You are the Data Controller. We act as a Data Processor, processing backup data solely on your behalf and according to your instructions (i.e., store, encrypt, replicate, and restore upon request).

3.2 Malware Scanning

Before encryption, uploaded files are scanned for malware using ClamAV. This scanning:

  • Is automated with no human review
  • Does not extract or store file contents
  • Only checks for malware signatures
  • Results are logged as metadata (clean/infected status only)

3.3 Encryption

After malware scanning, your backups are encrypted using AES-256 encryption before being written to storage. We maintain encryption keys separately from backup data. Even our staff cannot read the contents of your encrypted backups.

4. Data Storage and Security

4.1 Storage Locations

Backups are stored in cold storage infrastructure provided by:

  • Amazon Web Services (S3 Glacier) - various regions
  • Microsoft Azure (Cool/Archive Storage) - various regions
  • Local NAS systems (for specific configurations)

You can configure which storage targets are used for your backups based on your data residency requirements.

4.2 Security Measures

We implement:

  • AES-256 encryption for all backup data at rest
  • TLS 1.3 encryption for all data in transit
  • Multi-factor authentication options
  • API key scoping and rotation
  • Regular security audits and penetration testing
  • 24/7 infrastructure monitoring
  • Immutability controls preventing unauthorized deletion

5. Data Retention

5.1 Backup Data

Backups are retained for the duration of their configured Retention Period. Upon expiration, backups are automatically and permanently deleted from all storage targets. This deletion is irreversible.

Important: Due to our Immutability Policy, backups cannot be deleted before their Retention Period expires. See our Terms of Service for details.

5.2 Account Data

Account information is retained while your account is active and for a reasonable period thereafter for legal and business purposes. After all backups have expired and any outstanding payments are settled:

  • Account data is deleted within 90 days
  • Anonymized usage statistics may be retained indefinitely
  • Legal records may be retained as required by law

5.3 Logs and Metadata

API logs and backup metadata are retained for 12 months after the associated backup expires, for audit and troubleshooting purposes.

6. Your Rights

Under GDPR and similar regulations, you have the right to:

6.1 Access

Request a copy of the personal data we hold about you. This includes account information and backup metadata. Backup content can be accessed through the restore function.

6.2 Rectification

Update or correct your account information through the dashboard or by contacting us.

6.3 Erasure

Request deletion of your account data. Important limitations:

  • Account data: Can be deleted upon account closure (after all backups expire and payments are settled)
  • Backup data: Cannot be deleted before Retention Period expires due to our Immutability Policy. This is a security feature, not a limitation.

For personal data contained within your backups, the right to erasure should be exercised against your primary/production systems. Backups will be deleted automatically when they expire.

6.4 Portability

You can export your account data and backup metadata. Backup files can be downloaded through the restore function.

6.5 Objection

Object to processing of your data. Note that objecting to essential processing may require account termination.

6.6 Exercising Your Rights

To exercise these rights, contact us at privacy@lox.argentica.ai. We will respond within 30 days.

7. Third-Party Services

We use the following third-party services:

ServicePurposeData Shared
AWS S3 GlacierBackup storageEncrypted backup files
Azure Blob StorageBackup storageEncrypted backup files
Payment ProcessorBillingPayment details (not stored by us)
Email ProviderNotificationsEmail address, notification content

All third-party services are contractually bound to protect your data and process it only according to our instructions.

8. Cookies and Tracking

We use cookies for:

  • Essential cookies: Authentication and session management (required)
  • Preference cookies: Remember your settings (optional)

We do not use advertising cookies or third-party tracking. Analytics, if used, are privacy-focused and do not track individual users.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Transfers

Your data may be transferred to and stored in countries outside your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses for transfers outside the EU/EEA
  • Adequacy decisions where applicable
  • Encryption of all data in transit and at rest

You can configure storage targets to limit where your backup data is stored, based on your data residency requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Inquiries: privacy@lox.argentica.ai
Data Protection Officer: dpo@lox.argentica.ai
General Support: support@lox.argentica.ai

Back to Home|Terms of Service