Privacy Policy

Chicha Technology LLC ("Chicha Technology," "we," "us," or "our") operates the CondorBox product line and the website at condorbox.ai. This Privacy Policy describes what information we collect, how we use it, and what choices you have.

CondorBox is private AI software for Apple Silicon Macs. Our core privacy principle is simple: your personal data stays on your hardware and never leaves your home network unless you explicitly opt in.

1. Data That Stays on Your Hardware

The following categories of data are created, stored, and processed entirely on your hardware. We do not collect, transmit, or have access to any of this data unless you explicitly grant remote access for a support session.

• AI conversations. All chat messages, prompts, and AI-generated responses are processed locally by on-device language models via Ollama. Nothing is sent to any cloud AI service. Your conversation history is stored on your local disk and is never transmitted.
• Voice assistant data. Wake-word detection, speech-to-text (Whisper), and text-to-speech (Piper) all run on your Mac. Voice audio is processed in memory and is not recorded or stored unless you explicitly enable conversation logging. Voice recordings are never transmitted off-device.
• Smart home data. Device states, automation rules, camera feeds, sensor readings, and Home Assistant configurations remain on your local network.
• Files and media. Documents, photos, music, and any other files stored or synced through CondorBox services (including Syncthing and CondorVault) stay on your hardware and your designated local devices.
• Security monitoring data. All security event logs, threat alerts, network monitoring data, and file integrity monitoring results are processed and stored locally. The on-device security monitor never transmits alert data to Chicha Technology.
• User accounts and credentials. Local user accounts, passwords, authentication tokens, and SSO configurations (Authelia) are stored on the unit and are never shared with us.
• DNS and browsing data. DNS query logs from the built-in ad-blocking and content filtering service (Blocky) are processed and stored locally. We have no visibility into your DNS queries or browsing activity.

2. Data We Collect

We collect a limited amount of data to operate our business, process payments, and deliver software updates.

2.1 Update Check Telemetry

If your CondorBox is connected to the internet, it periodically checks for software updates by contacting our update server. This check transmits:

• A unique unit identifier (not tied to your personal identity)
• Software version numbers for installed services
• Your CondorBox tier (e.g., Starter, Family, Pro, Max)

The update check does not contain any personal data, AI conversations, file contents, browsing history, or smart home information. You may disable automatic update checks at any time through the system panel.

2.2 Fleet Health Monitoring (Care+ Only)

If you subscribe to Condor Care+ and your unit is connected via Tailscale, your unit reports system health metrics to our fleet dashboard:

• CPU, RAM, and disk usage percentages
• Service status (running/stopped) for CondorBox components
• Software version numbers
• Uptime and last reboot time

Fleet monitoring transmits system metrics only. It does not transmit AI conversations, voice recordings, file contents, smart home data, user account information, DNS queries, or any other personal data. Health alerts are sent to your email if: a software update fails, your unit is offline for more than 7 days, or disk usage exceeds 90%.

You may disable fleet monitoring at any time by disconnecting Tailscale or downgrading to Condor Care.

2.3 Account and Payment Data

When you create a customer portal account or make a purchase, we collect:

• Email address — stored in Firebase Authentication for your customer portal account.
• Name — for order fulfillment and account identification.
• Payment information — processed and stored by Stripe. We do not store credit card numbers. We store Stripe transaction IDs for order tracking. See Stripe's Privacy Policy.
• Billing address — required for subscription billing and sales tax calculation.
• Order and subscription history — purchase records, subscription status, and support ticket history.

2.4 Website Analytics

Our website at condorbox.ai may collect standard web analytics data, including pages visited, referring URLs, browser type, and approximate geographic location (derived from IP address). This data is aggregated and is not linked to your CondorBox unit or local data.

2.5 Remote Support Sessions (Care+ Only, Opt-In)

If you subscribe to Condor Care+ and explicitly grant remote access, our support engineers may temporarily access your CondorBox to diagnose and resolve issues.

• Technology: Tailscale mesh VPN (WireGuard encryption).
• Enrollment: You must actively enable access by running a command or clicking a button in the system panel.
• Scope: Diagnostic only. Support can view system metrics, restart services, and check configurations. Support cannot access AI conversations, smart home states, personal files, or perform destructive operations.
• Audit: All SSH sessions are logged via Tailscale admin console. You can see who accessed your unit and when.
• Revocation: You can revoke access at any time.
• Data retention: We do not retain copies of any data accessed during support sessions.

3. Data We Do NOT Collect

For absolute clarity, we do not collect, store, or have access to:

• Your AI conversations or prompts
• Your voice recordings or transcriptions
• Your photos, videos, documents, or files
• Your passwords or authentication credentials
• Your smart home device states, automations, or camera feeds
• Your DNS queries or browsing history
• Your security monitoring alerts or logs
• Your children's activity or interaction data
• Any content generated by AI models running on your device

4. How We Use Your Data

We use the data we collect solely for the following purposes:

• To process and fulfill hardware orders and subscriptions.
• To deliver signed software updates to your CondorBox.
• To provide customer support when you request it.
• To send transactional emails (order confirmations, update notifications, billing receipts).
• To monitor fleet health for Care+ subscribers (opt-in).
• To improve our products and services based on aggregated, non-personal telemetry.
• To comply with legal obligations.

5. Data Sharing and Third Parties

We do not sell your data. We do not share your personal information with third parties for marketing purposes. We do not permit advertising networks or data brokers to access any data from your CondorBox.

We share data only with the following service providers, solely as necessary to operate our business:

• Stripe — payment processing. See Stripe's Privacy Policy.
• Google Cloud Platform (Firebase) — customer portal hosting, authentication, and order management. See Google's Privacy Policy.
• Tailscale — optional VPN for remote support. Tailscale handles system-level networking only and does not inspect data. See Tailscale's Privacy Policy.
• Let's Encrypt — TLS certificate issuance. Only your domain name is shared for certificate generation.
• Cloudflare — domain and DNS services for condorbox.ai.

We may also disclose information if required by law, court order, or government regulation, or if necessary to protect our rights, safety, or property.

6. On-Device Processing

CondorBox is designed so that all personal data processing happens locally:

• AI inference: All language model inference runs locally via Ollama on your Mac's Apple Silicon GPU. No cloud AI APIs are used.
• Voice processing: Speech-to-text (Whisper) and text-to-speech (Piper) run entirely on-device.
• Security monitoring: Process monitoring, network analysis, file integrity monitoring, and AI threat analysis all run locally.
• DNS filtering: Ad blocking and content filtering via Blocky runs locally.
• Smart home: Home Assistant runs in a local VM. Device communication stays on your local network.
• File sync: Syncthing synchronizes files directly between your devices over your local network or via encrypted peer-to-peer connections.

7. Children's Privacy (COPPA)

CondorBox is designed with families in mind.

1. Local-only processing. Children's accounts (via CondorKids) are created on the local unit with parental controls, kid-safe AI content filtering, and child-safe DNS filtering. All data associated with children's accounts — including AI conversations, voice interactions, and browsing activity — is processed and stored entirely on the local unit.
2. No cloud collection. We do not knowingly collect personal information from children under 13 through our website or cloud services. The customer portal account (email and payment) must be maintained by an adult.
3. Parental consent. A parent or guardian must consent to the creation of children's accounts on the CondorBox unit. Parents have full access to view and manage children's activity logs, DNS filtering settings, and content filter configurations through the system panel.
4. No third-party sharing. Children's data is never transmitted to Chicha Technology, advertising networks, or any third party.

If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@condorbox.ai and we will promptly delete it.

8. Data Retention

• On-device data: You control all data on your CondorBox. You may delete conversations, files, accounts, and any other local data at any time. A factory reset permanently erases all local data. All data is stored in standard, accessible formats on your own hardware.
• Cloud portal account data: We retain your email, name, and account information for as long as you have an active account. You may request account deletion at any time by contacting privacy@condorbox.ai. Upon deletion, we remove your account from Firebase within 30 days.
• Fleet health metrics: Fleet monitoring data (Care+ subscribers) is retained for 90 days and then automatically deleted. If you cancel Care+, fleet data is deleted within 30 days of cancellation.
• Payment records: Payment records are retained in accordance with legal requirements (typically 7 years for tax and financial reporting). Payment card data is stored by Stripe, not by us.
• Update check logs: Update check telemetry is retained for up to 12 months and then automatically deleted.

9. Your Rights

• Access: You have full, unrestricted access to all data on your CondorBox. For cloud portal data, you may request a copy of your account information at any time.
• Deletion: You can factory reset your CondorBox at any time to permanently erase all local data. For cloud portal data, contact privacy@condorbox.ai to request account deletion.
• Portability: All on-device data is stored in standard formats on your own hardware. You own the hardware and can access, copy, or migrate your data at any time using standard file system tools.
• Opt-out: You can disable all cloud features at any time. Disable automatic update checks in the system panel, disconnect Tailscale to stop fleet monitoring and remote access. You can use CondorBox entirely offline after initial setup.

10. Data Security

10.1 On-Device Security

• All local data is encrypted at rest via macOS FileVault (full-disk encryption).
• Local services communicate over localhost or encrypted connections.
• The CondorBox firewall restricts inbound connections to essential services.
• The security monitor detects and alerts on suspicious activity.

10.2 Remote Connection Security

• Remote support uses Tailscale (WireGuard), providing end-to-end encryption.
• All remote connections require explicit customer opt-in.
• SSH sessions are logged and auditable.

10.3 Software Update Security

• All software updates are cryptographically signed using minisign.
• The update agent verifies signatures before applying any update.
• Update manifests include sequence numbers to prevent replay attacks.
• No unsigned code can be installed via the update mechanism.

10.4 Cloud Service Security

• Customer portal uses industry-standard TLS encryption in transit.
• Firebase Authentication handles identity with Google's security infrastructure.
• Access to production systems is restricted to authorized personnel.

10.5 No Backdoors

CondorBox contains no backdoors, no hidden telemetry, and no remote kill switch. We cannot access your unit without your explicit consent.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: You may request a description of the personal information we have collected about you in the preceding 12 months.
• Right to delete: You may request that we delete the personal information we have collected about you.
• Right to opt out of sale: We do not sell personal information. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@condorbox.ai. We will respond within 45 days as required by law.

12. International Users

CondorBox is designed and sold primarily for customers in the United States. If you are located outside the United States and use our cloud portal, your account data (email, name, payment records) may be processed in the United States. Your on-device data always remains on your local hardware regardless of your location.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how we handle your personal data, we will provide at least 30 days' notice via email to your account address before the changes take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at: