Policy version: 1.4 Last modified: July 1, 2026 Effective date: July 1, 2026
Our role and how to read this policy
Data controller. BOXMEX, LLC, a Texas limited liability company ("BOXMEX," "we," "us," or "our"), is generally responsible for personal information processed through the Services described below.
What this policy covers. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our websites, applications, and related shipping and logistics offerings (collectively, the "Services"), including https://boxmex.ai.
Related terms. Our Terms of Service govern use of the Services (for example, English or Spanish, depending on the locale you select). They are incorporated by reference only as needed to explain account obligations. If anything in this policy conflicts with a separate written agreement you enter into with us, that agreement controls to the extent of the conflict.
Agreement. By accessing or using the Services, you acknowledge this Privacy Policy. If you do not agree, please do not use the Services.
"Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with you or your household, directly or indirectly, depending on applicable law. It does not include information that is aggregated or de-identified in line with applicable law.
1) Scope
This Privacy Policy applies to personal information we process in connection with:
- account creation, sign-in, authentication, and account security;
- quote, checkout, payment, shipping, tracking, delivery, and claims workflows;
- customer support, service messages, text messages, email, WhatsApp or similar messaging channels, and other communications;
- marketing communications where permitted by law and your choices;
- fraud prevention, safety, legal compliance, and operational records.
This Privacy Policy does not apply to third-party websites, carriers, payment processors, messaging platforms, or other services that have their own privacy policies, even if you reach them through links or integrations we provide.
2) Information we collect
Depending on how you use the Services, we may collect:
A. Account and identity data
- name and profile data;
- email address;
- account identifiers and role or access metadata;
- preferred language or locale;
- sign-in, authentication, and verification status.
B. Contact and shipping data
- sender and recipient name;
- phone number;
- email address;
- address information (street, city, state, postal code, country);
- shipment details needed to quote rates, generate labels, process delivery, and provide tracking updates.
C. Order and transaction data
- quote selections, order number, order status, shipment lifecycle data, and tracking information;
- payment transaction metadata, such as processor transaction IDs, payment channel, payment status, refund status, and accounting records;
- claim, refund, dispute, and support ticket records;
- customer service notes and related communications.
D. Communications, messaging, and consent data
- communication preferences for email, SMS/text messages, WhatsApp or similar messaging channels, and support channels;
3) Sources of information
We collect information:
- directly from you, for example when you create an account, request a quote, place an order, verify a phone number, contact support, or manage communication preferences;
- from senders, recipients, or other people involved in a shipment when they provide contact or delivery information;
- from service providers and partners you authorize or interact with through the Services, such as payment, shipping, messaging, email, authentication, support, fraud-prevention, and logistics providers;
- automatically from your use of the Services and system events; and
- from compliance, security, and public sources used to support lawful operations.
If you choose not to provide information that is necessary for a shipment, payment, communication, account, or security feature, we may be unable to complete that transaction or provide that feature.
4) How we use information
We use personal information to:
- provide, operate, maintain, and improve the Services;
- authenticate users, verify phone numbers or email addresses, and maintain account and session security;
- create, manage, rate, fulfill, track, and support shipments;
- process payments, refunds, related accounting records, and dispute records;
- provide tracking, delivery, claims, support, and customer service;
- send transactional and service communications, including order confirmations, shipment updates, payment reminders, delivery updates, account alerts, security messages, verification codes, support responses, and policy notices;
- send marketing or promotional communications only where permitted by law and your communication choices;
- record, manage, and honor consent, opt-out, unsubscribe, STOP, HELP, and preference requests;
- detect, investigate, and prevent fraud, abuse, spam, security incidents, unauthorized access, and misuse of the Services;
- maintain logs and evidence for operational integrity, auditing, delivery confirmation, legal compliance, and dispute handling;
- comply with legal, tax, regulatory, sanctions, customs, carrier, messaging, payment, and contractual obligations;
- enforce our agreements and protect rights, safety, property, and platform integrity.
5) Legal bases (EEA, UK, Switzerland, and similar laws)
If data protection laws such as the GDPR or UK GDPR apply, we process personal information on one or more of these legal bases:
- Contract: providing shipping, account, payment, communication, and related services you request;
- Legitimate interests: securing the Services, preventing fraud and abuse, communicating about transactions or service updates, improving reliability, and running internal operations that are not overridden by your rights;
- Legal obligation: tax, customs, sanctions, recordkeeping, consumer protection, messaging, carrier, and regulatory duties; and
- Consent: where required by law or where we specifically ask for your consent, such as for certain optional communications, marketing messages, cookies, or messaging channels.
Where we rely on consent, you may withdraw it as described in this policy or in the communication channel where consent was collected. Withdrawal does not affect processing that occurred before withdrawal.
7) Service providers and integrations
We use service providers and integrations to operate the Services. Categories may include:
- hosting, deployment, database, and infrastructure services;
- authentication, account access, and phone or email verification;
- messaging delivery for SMS/text messages, WhatsApp or similar messaging channels, delivery status, inbound replies, and opt-out handling;
- transactional and permitted marketing email delivery;
- customer support, chat, customer relationship, and marketing automation tools;
- payment processing and fraud-prevention tools;
- shipping, carrier, customs, address-validation, and logistics APIs;
- security, rate limiting, logging, error monitoring, and observability tooling;
- analytics or product-improvement tools, if enabled in accordance with this policy.
These providers may process personal information only for the purposes described in this policy, our contracts with them, and applicable law. Providers may change over time. We update this policy when our processing practices materially change.
8) Data retention
We retain personal information only as long as necessary to:
- provide the Services and maintain your account;
- complete shipments and related workflows;
- send and document transactional communications;
- maintain consent, opt-out, unsubscribe, delivery, and support records;
- comply with legal, tax, accounting, sanctions, customs, carrier, messaging, and payment obligations;
- enforce our agreements and resolve disputes; and
- preserve security, fraud-prevention, audit, and operational records.
Retention periods vary by data category and legal requirements. Communication providers, carriers, payment processors, and logistics partners may maintain their own records under their own retention rules and legal obligations. When information is no longer needed by us, we delete, de-identify, or aggregate it, unless longer retention is required or permitted by law.
9) Security
We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, transport security, event logging, rate limiting, monitoring, and data minimization or redaction in operational telemetry.
No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and notifying us promptly of suspected unauthorized access.
10) Your privacy rights
Depending on where you live, you may have the right to:
- Access personal information we hold about you;
- Correct inaccurate personal information;
- Delete personal information, subject to legal exceptions;
- Object to or restrict certain processing;
- Port eligible data to another service, where technically feasible;
- Withdraw consent where processing is based on consent;
- Opt out of certain marketing or targeted advertising uses, where applicable; and
- Appeal a refusal of your request where applicable state law requires an appeal process.
How to submit a request. Contact us using the details in Section 16. We may need to verify your identity before responding and will request only the minimum information needed to do so.
Timing. We will respond within the time period required by applicable law, for example within 45 days where required by many U.S. state privacy laws, subject to extension where permitted. GDPR timeframes may apply in the EEA or UK.
Authorized agents.
11) U.S. state privacy notices
If you reside in a U.S. state with comprehensive privacy laws, our collection, use, and disclosure practices are described in this policy, particularly Section 2 (information we collect), Section 4 (how we use information), Section 6 (how we share information), and Section 10 (your privacy rights).
Sensitive personal information. Some laws classify certain data as "sensitive," for example account credentials or, in some contexts, precise geolocation. We use sensitive personal information only to provide the Services, maintain security, prevent fraud, and comply with law as described in this policy. Where a state grants a right to limit use of sensitive personal information, you may contact us as set out in Section 16.
No sale or sharing of mobile opt-in data. We do not sell or share mobile phone numbers, SMS/text message opt-in data, WhatsApp or similar messaging opt-in data, or messaging consent records for cross-context behavioral advertising, targeted advertising, or third-party marketing.
12) Automated processing
We may use automated systems to support decisions about whether we can process a transaction or account activity. Examples include address checks, sanctions or compliance screening, fraud scoring, rate limiting, delivery-status processing, and risk signals. Significant decisions are designed to involve human review where required by law. If you believe an automated decision has affected you unlawfully, contact us using Section 16 and we will explain how to seek review where applicable.
13) Third-party sites and services
The Services may contain links to third-party websites, carrier tools, payment interfaces, messaging platforms, or support channels. Their collection and use of information are governed by their policies, not this one. We encourage you to read those policies before providing information.
14) Communications and marketing
Transactional and service messages
We may send transactional or service messages as needed to operate the Services. These may include order confirmations, payment reminders, shipment and delivery updates, address or customs issues, support responses, account alerts, security notices, phone verification codes, policy notices, and similar non-marketing communications.
When you provide a phone number, email address, or messaging contact as part of an account, order, shipment, checkout, support request, or verification flow, you authorize BOXMEX to use that contact information for the related transaction, account, security, and service communications, subject to applicable law and your communication preferences.
Message frequency varies based on your account activity, orders, shipments, support requests, and communication preferences. For SMS/text messages and similar mobile messages, message and data rates may apply.
For recurring BOXMEX SMS, message frequency varies. Msg & data rates may apply. Reply STOP to opt out and HELP for help. BOXMEX SMS is operational/customer-care only for quotes, orders, payment status, shipment intake, tracking, delivery exceptions, and support. SMS consent is not required to purchase or use BOXMEX shipping services.
Marketing and optional communications
We may send marketing or promotional communications only where permitted by law and your choices. Consent to receive marketing messages is not required to buy a shipping label or use the core Services unless a specific optional program lawfully states otherwise.
Consent for one channel does not automatically authorize marketing in another channel. For example, email marketing consent does not by itself authorize marketing text messages, and transactional shipping updates do not by themselves authorize promotional messages.
15) Security incidents
If we become aware of a breach affecting your personal information that requires notification under applicable law, we will notify you and regulators as required by those laws.
16) Contact us
Questions, requests, or complaints about this Privacy Policy or our privacy practices:
| Channel | Detail |
|---|---|
| Privacy | privacy@boxmex.ai |
| Support | support@boxmex.ai |
| Legal | legal@boxmex.ai |
| Postal mail | BOXMEX, LLC, 5900 Balcones Dr, Suite 100, Austin, TX 78731, USA - Attn: Privacy |
17) Changes to this privacy policy
We may update this Privacy Policy from time to time. We will post the updated version on the Services with a revised Last modified date and policy version. Where required by law, we will provide additional notice, for example email or prominent in-product notice, or obtain consent.
Your continued use of the Services after the effective date of an update means you acknowledge the revised Privacy Policy, except where your consent is required for a new use and we seek that consent separately.