Last updated: July 3, 2026
ISPbox (ispbox.net) is operated by Nielogiczny (“we”, “us”), based in Poland. This policy explains what personal data we process when you visit our website or use the ISPbox platform (the “Service”), and what rights you have. For data protection matters, contact us at [email protected].
We act as a data controller for the personal data of our own users and website visitors (account details, billing, support, analytics). We act as a data processor for the data our customers (internet service providers) store in the platform about their end-customers — that data belongs to our customers, who decide how it is used; we process it only to provide the Service.
We do not sell personal data and we do not use Customer Data for advertising.
The platform can connect to third-party services only at your direction:
We share personal data only with service providers that help us run the Service — hosting/infrastructure providers, our payment processor, and email delivery providers — under agreements that restrict their use of the data, and with authorities where required by law. We do not share Customer Data with third parties except as described here or as directed by you.
All traffic to the Service is encrypted in transit (TLS). Passwords are stored using strong one-way hashing. Sensitive credentials (such as integration tokens and VPN keys) are encrypted at rest. Each customer’s data is logically isolated per tenant. Access to production systems is restricted and logged.
We keep account and Customer Data for as long as your account is active. After account termination, Customer Data is deleted or anonymized within a reasonable period (you may request an export within 30 days of termination), except where we must retain records to comply with legal obligations (e.g. tax and accounting law) or to resolve disputes.
We store data in the European Union. Where a provider processes data outside the EU/EEA (for example Stripe or Intuit), transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.
Under the GDPR you have the right to access, rectify, erase, and receive a copy of your personal data, to restrict or object to its processing, and to withdraw consent where processing is based on consent. You can exercise these rights by emailing [email protected]. You also have the right to lodge a complaint with your supervisory authority (in Poland: the President of the Personal Data Protection Office, UODO). If you are an end-customer of an ISP that uses ISPbox, please direct requests to that ISP — we will assist them in fulfilling your request.
The application uses strictly necessary cookies for authentication, session management, and security (e.g. CSRF protection). Our website analytics (self-hosted Umami) do not use cookies and do not track you across sites.
We may update this policy from time to time; material changes will be announced on this page with an updated date, and where appropriate by email. Questions? Contact Nielogiczny · ISPbox at [email protected].