1. Introduction

This Privacy Policy explains how Hypebox (“Hypebox”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards information in connection with Staks — our business management platform available at staksai.com and app.staksai.com (the “Service”).

Staks is operated by Hypebox through its affiliated entities, Hypebox Media SARL (Beirut, Lebanon) and Hypebox For Marketing and PR (Dubai, United Arab Emirates). By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

This Policy should be read together with our Terms of Use.

2. Who this Policy applies to, and our role

Staks is a business-to-business (“B2B”) tool. It is used by organizations (“Customers”) and the people they authorize (“Users”, such as owners, admins, and team members). Two categories of data are involved, and our role differs for each:

3. Information we collect

a. Information you provide directly

b. Information collected automatically

c. Information from third parties

We do not intentionally collect special categories of sensitive personal data (such as government IDs, health, or biometric data) for our own purposes. Customers should avoid entering such data into free-text fields unless necessary and lawful for their own business.

4. How we use information, and our legal bases

We use information to:

Where we rely on legitimate interests, we balance those interests against your rights. Where the law requires consent (for example, certain cookies or marketing), we obtain it and you may withdraw it at any time.

We do not sell your personal information, and we do not use Customer Content to advertise to you.

5. AI features (Business Copilot)

Staks includes AI-assisted features (the “business copilot” and related tools) that help you query, summarize, and extract insights from your data. To provide these features, the relevant data (such as your prompt and the specific business records needed to answer it) is processed by our AI subprocessor, Anthropic, using the Claude family of models.

6. How we share information

We share information only as described here:

Service providers (subprocessors). We use trusted vendors to run the Service. They may process data only to provide services to us and are bound by confidentiality and data-protection obligations:

We will maintain an up-to-date list of subprocessors and provide reasonable notice of material changes upon request.

7. International data transfers

Hypebox operates from Lebanon and the UAE, and our subprocessors are located in the European Union, the United States, and other regions. This means your information may be transferred to, stored in, and processed in countries other than your own, which may have different data-protection laws. Where required, we put in place appropriate safeguards (such as contractual protections) for these transfers.

8. Data retention

We retain personal data for as long as needed to provide the Service and for legitimate business, legal, accounting, or reporting purposes.

9. Security

We take security seriously and implement technical and organizational measures designed to protect information, including:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential and for managing the access you grant to Users within your organization.

10. Your rights and choices

Depending on your location and applicable law (including the Lebanese Law No. 81/2018 on Electronic Transactions and Personal Data, the EU/UK GDPR where relevant, and applicable UAE data-protection law), you may have the right to:

To exercise these rights, contact us at info@hypebox.agency. If your personal data is held within a Customer’s account as Customer Content, please contact that organization (the controller); we will assist them as their processor. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law.

11. Cookies and similar technologies

We use cookies and local storage that are strictly necessary to operate the Service — for example, to keep you signed in and remember your session and preferences. Because Staks is an authenticated business application, these are essential to its function. Where we use any non-essential cookies or analytics, we will do so in accordance with applicable law and, where required, with your consent. You can control cookies through your browser settings, but disabling essential cookies may prevent the Service from working.

12. Children’s privacy

Staks is a business tool intended for use by organizations and adults. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us personal data, please contact us so we can remove it.

The Service may link to or integrate with third-party websites and services (such as Google sign-in or AI assistants that connect via our API). Their privacy practices are governed by their own policies, and we are not responsible for them. We encourage you to review those policies.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice (for example, by email or in-app notice). Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

15. Contact us

If you have questions, concerns, or requests regarding this Policy or your personal data, contact us at: