Privacy Policy

1. Overview

unsandbox.com is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We follow a minimal-collection approach, gathering only what is necessary to provide our code execution service and prevent abuse.

2. Information We Collect

2.1 Automatically Collected Information

IP Addresses:

• Used exclusively for rate limiting and abuse prevention
• Retained only as long as necessary for rate enforcement (typically 24-48 hours)
• Not linked to individual users or stored permanently

Request Metadata:

• API endpoint accessed
• Request timestamp
• Response status codes
• Trace identifiers for request correlation across internal services
• Used for service health monitoring, debugging, and rate limiting

2.2 User-Provided Information

Email Addresses (Optional):

• Completely optional - service works fully anonymously without email
• Stored alongside the API key record in our database when provided
• Used for: sudo OTP codes for destructive operation confirmation, API key expiration warnings, and security alerts
• Never sold or shared with third parties
• Can be provided at purchase time or added later from the console settings page

Contacts (Multi-Email RBAC):

• API key owners can invite additional contacts by email address
• Each contact is assigned a role: owner (full control), operator (receives sudo OTP codes), or reader (notifications only)
• Contact email addresses are stored in our database alongside the API key
• Invited contacts receive a verification email containing an HMAC-signed token that expires after 7 days
• When sudo OTP is triggered, each operator and owner contact receives a unique one-time code
• The specific contact email that verifies the OTP is recorded in the audit log for accountability

Code Execution Requests:

• Code submitted for execution is processed in isolated sandboxes
• Execution outputs are returned to you and then discarded
• No permanent storage of code or execution results for standard executions
• Temporary caching may occur for active execution sessions only

Services (Persistent Containers):

• Services are long-running containers that persist data between operations
• Customer code, files, and application state are stored within service containers
• Service data remains stored until you explicitly destroy the service
• Services can be frozen (paused) while preserving all stored data
• You control when services and their data are deleted via the API or CLI

Snapshots (Point-in-Time Backups):

• Snapshots capture the complete state of a service or session at a specific moment
• Snapshot data includes all files, installed packages, and application state
• Snapshots remain stored until you explicitly delete them
• You can restore services or sessions from snapshots, creating new instances with that state
• Snapshot data is stored on our infrastructure and associated with your API key

Environment Vault (Encrypted Secrets):

• Environment variables and secrets you store in the vault are encrypted at rest using AES-256-GCM
• Vault contents are decrypted only when injected into your service container at runtime
• We do not access or inspect vault contents except as needed for service operation
• Vault data is permanently deleted when you delete the vault or destroy the associated service
• Vault contents are included in snapshots and encrypted within the snapshot data

Payment Information:

• Cryptocurrency addresses for payment processing
• Transaction amounts and confirmation status
• Payment method selected (cryptocurrency type or Stripe)
• Refund addresses (if provided)
• API key associations for payment tracking
• Stored only for transaction verification and service delivery

Audit Log:

• We maintain an append-only audit log of destructive operations (delete, unlock, lock, freeze, unfreeze) performed with API keys
• Each audit log entry records: the API key used, associated email (if any), client IP address, timestamp, action performed, resource affected, and outcome
• When a contact verifies a sudo OTP, the specific contact email is recorded in the audit entry for attribution
• Audit log entries are retained indefinitely and cannot be modified or deleted
• Audit logs are used for security investigation and accountability
• Audit logging occurs regardless of whether sudo protection is enabled

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Processing code execution requests and delivering results
• Persistent Services: Maintaining service containers with your code and data for extended operation
• Snapshot Storage: Storing point-in-time backups of your services and sessions for restoration
• Rate Limiting: Enforcing tier-based execution limits to ensure fair usage
• Abuse Prevention: Detecting and preventing service abuse, security threats, and violations
• Payment Processing: Verifying cryptocurrency payments and activating API keys
• Customer Support: Responding to support requests (only if email provided)
• Sudo OTP Verification: Sending one-time confirmation codes to registered email before destructive operations proceed
• Audit Trail: Recording destructive operations in an immutable log for security investigation and accountability
• Service Monitoring: Tracking system health and performance metrics

4. Data Storage and Retention

Standard Executions (Minimal Storage):

• Execution servers log to console only - no disk persistence of code or outputs
• Code and execution results are temporary and discarded after delivery
• IP addresses retained only for active rate limiting windows
• Payment records kept for transaction history and key activation
• API keys stored with expiration dates and tier information
• Email addresses (if provided) stored until key expiration or deletion request

Services (Persistent Data):

• Service containers store all data you create, upload, or generate within them
• Data persists for the lifetime of the service, including when frozen
• Services are retained until you explicitly destroy them via API or CLI
• Upon service destruction, all associated data is permanently deleted
• Inactive services may be automatically destroyed after extended periods per your tier limits
• You can export or backup your data at any time before destroying a service

Snapshots (Backup Retention):

• Snapshots are retained until you explicitly delete them
• Snapshot storage counts against your account's storage allocation
• Snapshots remain available even after the original service or session is destroyed
• Upon snapshot deletion, all captured state data is permanently removed
• If your API key expires, snapshots may be retained for a grace period before deletion

Audit Log (Permanent Retention):

• Audit log entries for destructive operations are retained indefinitely
• Entries cannot be modified, deleted, or anonymized after creation
• This includes the API key identifier, email (if associated), client IP address, action, resource, and timestamp

Data Location:

• All data stored in secure infrastructure within the United States
• Service and snapshot data stored on encrypted disk storage
• Cryptocurrency payment monitoring via blockchain networks (public by nature)

5. Service Domains & Custom Domains

Public Service URLs:

• Each service receives a public URL under *.on.unsandbox.com
• Traffic to your service URL passes through our proxy infrastructure
• Access logs for service domains include visitor IP addresses and request metadata
• We do not inspect or log the content of proxied requests beyond standard access logs

Custom Domains (CNAME):

• You may point custom domains (e.g., www.example.com) to your service via CNAME record
• TLS certificates for custom domains are provisioned automatically via on-demand TLS
• Domain ownership is validated through DNS resolution at certificate issuance time
• We store the association between your custom domain and service for routing purposes

6. Information Sharing

We do NOT sell, rent, or share your personal information with third parties, except:

• Payment Processors: Stripe (for card/USDC payments) receives necessary payment data
• Blockchain Networks: Bitcoin, Litecoin, Dogecoin, Monero blockchains (public by nature)
• Partners: Authorized partners who provision API keys on your behalf receive the key pair and tier information necessary for service delivery
• Legal Requirements: If required by law or to prevent illegal activities
• Service Protection: To enforce our Terms of Use and protect the service

7. Security Measures

We implement industry-standard security practices:

• All web traffic encrypted with TLS/HTTPS
• API keys generated using cryptographically secure random values
• Code execution in isolated containers with resource limits
• Services isolated from each other and from our infrastructure
• Snapshot data stored on encrypted storage volumes
• Regular security updates and monitoring
• Only you can access your services, sessions, and snapshots via your API key

8. Cookies and Tracking

Minimal Tracking:

• No advertising cookies
• No Google Analytics or third-party analytics
• Essential cookies only for CSRF protection and session management
• No cross-site tracking
• No user profiling or behavioral tracking

9. Your Privacy Rights

Anonymous Usage:

• You can use our service completely anonymously without providing email
• Cryptocurrency payments enable identity-free purchases
• No account creation or personal information required

Control Over Your Data:

• List, access, and manage all your services via API or CLI
• Destroy services at any time, permanently deleting all associated data
• List, access, and delete your snapshots at any time
• Export data from services before destruction
• Full control over data lifecycle through self-service tools

If You Provide an Email:

• Request deletion of your email address at any time
• Opt out of support communications
• Request information about data we store related to your email

GDPR Rights (EU Users):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (deletion)
• Right to data portability
• Right to object to processing

Note: Given our minimal collection model and anonymous usage option, many traditional data rights may not apply if you don't provide personal information.

10. Third-Party Services

Payment Processing:

• Stripe: Processes credit card and USDC payments (subject to Stripe's privacy policy)
• Cryptocurrency Networks: Bitcoin, Litecoin, Dogecoin, Monero blockchains (public by nature)

Infrastructure:

• Hosting providers may have access to server logs (anonymized where possible)
• CDN services for static asset delivery
• All third parties bound by confidentiality agreements

11. Children's Privacy

Our service is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

12. International Users

If you access our service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer. We comply with applicable data protection laws for international transfers.

13. Open Source Transparency

Parts of unsandbox.com infrastructure may be open-sourced. You can review our code to verify our privacy practices. We believe in transparency and encourage security research.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service after modifications constitutes acceptance of the updated policy. Material changes will be announced via service notifications.