search

Data Privacy & Security

RoboX was built on the principle that users should retain full control of their data. Every technical decision, from sensor processing to storage, is designed to ensure privacy, transparency, and compliance with global data protection standards.

hashtag
Privacy Principles

1. Minimize Collection

We collect only the sensor data required for active campaigns. If a campaign needs IMU data, we don't collect camera data. Permissions are requested per-campaign, not blanket access.

2. Anonymize at Source

Personal identifiers are removed on the device before data is uploaded. RoboX servers never receive raw location coordinates, face images, or device identifiers.

3. Transparency

Collectors see exactly what data is collected for each campaign before joining. The app provides real-time visibility into active collection.

4. User Control

Collectors can pause collection, leave campaigns, or delete their data at any time. Deletion is permanent and irreversible.

hashtag
On-Device Anonymization Details

Location Data

Raw GPS coordinates undergo the following transformation before upload:

  1. Grid Quantization: Coordinates snap to ~50m grid cells

  2. One-Way Hashing: Grid cell identifiers are hashed using SHA-256

  3. Temporal Offset: Timestamps shift by random offset (±15 minutes)

Result: The dataset preserves spatial relationships (this location is near that location) without revealing actual positions.

Visual Data

Camera frames are processed through:

  1. Face Detection: ML model identifies faces in frame

  2. Face Masking: Detected faces are obscured (blur or solid fill)

  3. Plate Detection: License plates identified and masked

  4. Text Filtering: Optionally, identifying text (addresses, names) is detected and masked

Processing runs entirely on-device using Core ML models.

Audio Data

For noise-level campaigns, audio processing includes:

  1. Voice Detection: Human speech is detected

  2. Voice Removal: Speech segments are replaced with ambient-matched noise

  3. Amplitude Normalization: Volume levels are standardized

Only processed audio (no intelligible speech) is uploaded.

Device Identifiers

  • Hardware IDs (UDID, IMEI) are never accessed

  • Advertising identifier is not collected

  • A cryptographic pseudonym is generated per-campaign

  • Pseudonyms cannot be linked across campaigns or back to devices

hashtag
Data Security

In Transit

All uploads use TLS 1.3 encryption. Certificate pinning prevents man-in-the-middle attacks.

At Rest

Server-side data is encrypted using AES-256. Encryption keys are managed through hardware security modules (HSMs).

Access Control

  • Employee access requires multi-factor authentication

  • Access is logged and audited

  • Data access requires business justification

  • Regular access reviews remove unnecessary permissions

Infrastructure

  • Servers hosted in SOC 2 Type II certified facilities

  • Geographic redundancy for disaster recovery

  • Regular penetration testing by third parties

  • Bug bounty program for security researchers

hashtag
Compliance

GDPR (EU)

RoboX complies with the General Data Protection Regulation:

  • Lawful basis: Consent (explicit opt-in per campaign)

  • Data subject rights: Access, rectification, erasure, portability implemented

  • Data protection officer appointed

  • Processing records maintained

  • Breach notification procedures in place

DIFC Data Protection Law (UAE)

Compliance with Dubai International Financial Centre requirements:

  • Registration with Commissioner of Data Protection

  • Appropriate technical and organizational measures

  • Cross-border transfer safeguards

Third-Party Audits

Annual audits verify compliance. Audit reports available to enterprise customers under NDA.

hashtag
Your Rights

Access

Request a copy of your data through Settings > Privacy > Request My Data. Export delivered within 30 days.

Deletion

Delete your data through Settings > Privacy > Delete My Data. This removes:

  • All collected sensor data

  • Account information

  • Earnings history

Deletion is permanent. Already-paid compensation is not affected.

Correction

Profile information can be corrected directly in the app. Sensor data cannot be corrected (only deleted).

Portability

Data export is provided in standard formats (JSON, CSV) suitable for transfer to other services.

PreviousAPI AccessNextRoadmap

Last updated