1. Introduction
Foxy-app.info (website address: https://foxy-app.info/) values your trust and places the highest importance on protecting your personal information. Our platform, including the mobile application and administrative interfaces, is designed as a closed and secure environment, accessible only to approved organizations, businesses, and their authorized teams.
We operate under strict privacy and security standards, following industry-leading practices to ensure that all data, reports, and user interactions remain protected at all times. Access to information within the system is carefully controlled: team members are managed exclusively by their Regional Manager, and only in rare emergency situations may an Admin access a team’s workspace for technical or operational support. Any access is logged, monitored, and reviewed.
By continuing to use our services, you confirm that you have read and understood this Privacy Policy. If you have any questions regarding this policy, please contact your relevant representative—Customer Success or Implementation Specialist—for assistance.
2. Data Collected
Data Storage Location
FOXY operates as a closed, secure platform available only to authorized organizations, businesses, and their assigned teams. All system data is stored on secure cloud infrastructure located within the European Union, fully compliant with GDPR and industry-standard security requirements. Our hosting providers maintain high-level certifications and implement advanced measures such as encrypted storage, access-control policies, and continuous system monitoring. All user data, reports, and operational logs are protected under strict security protocols.
Registration Data
When creating an account on the FOXY mobile app or administrative console, we collect only the information required to verify your identity within your organization — such as phone number, name, role, and assignment to a Regional Manager or team. This information ensures that each user is correctly linked to their operational environment. Users may review or update their details where permitted, except for core identifiers required for platform integrity. Regional Managers can access information only for users under their responsibility, and Admins may access a team only in rare emergency cases for technical or operational assistance. All access is logged and audited.
Operational Data
During normal use of the platform, we collect operational information necessary for system functionality — including event participation, task assignments, field reports, and reported locations. These data points enable coordination between teams, proper event management, and system reliability. We maintain a strict investigation protocol for any unusual activity and continuously apply high-security standards to prevent unauthorized access.
Support & Assistance Data
If a user requests technical assistance, certain information may be collected solely for diagnosing or resolving the issue. This information is voluntarily provided by the user and processed only by an authorized Customer Success or Implementation Representative. Support-related data is retained for service purposes only and is never shared, sold, or used for marketing.
Internal Logs & Security Monitoring
The system automatically collects essential security logs — such as device type, app version, basic connection data, and IP address — to protect the platform against misuse, unauthorized activity, or technical failures. These logs help us investigate incidents, reinforce security layers, and maintain system stability.
Cases for Using Personal Data
We use personal data exclusively for the following purposes:
User verification and identification during platform usage.
Providing technical assistance when requested.
Sending important system updates and operational notifications.
Monitoring account activity to prevent fraudulent or unauthorized behavior.
Adapting the platform experience to organizational needs.
Ensuring overall system performance and smooth operation across all interfaces.
For any questions or clarifications regarding your data, please contact the appropriate Customer Success or Implementation Representative.
3. Embedded Content
FOXY’s platform is primarily a closed, internal system, designed for organizational use only. As a rule, the mobile application and administrative interfaces do not rely on external embedded services during operational use. However, in certain informational areas—such as our public website—some pages may include embedded content (for example, videos, social media embeds, or third-party widgets). When such content is displayed, it functions exactly as it would if you accessed the source website directly.
These external websites may apply their own privacy practices, including the use of cookies, analytics tools, or tracking technologies. They may also collect information about your interaction with their embedded elements. FOXY has no control over how third-party platforms process data, and such interactions fall under their own privacy policies. Any connection to an external service will occur only after you provide explicit consent.
Below are examples of third-party services that may appear on our informational website:
Our website may display selected Facebook content, such as a public timeline or page preview. Facebook operates under its own independent privacy and cookie policies, which FOXY cannot control. No data — including your IP address — is sent to Facebook until you explicitly consent to viewing the embedded content.
Twitter (X)
Certain pages may display public Twitter (X) feeds. Twitter manages its own data collection policies, cookies, and tracking tools. Your information is not shared with Twitter nor transmitted to their servers unless you choose to interact with the embedded content and grant permission.
YouTube
Public site pages may include embedded YouTube videos for informational purposes. YouTube has independent policies regarding cookies, video tracking, and interaction analytics. No connection is made to YouTube’s servers, and no cookies are installed, until you approve loading the embedded video.
If you have questions about how external content is handled, you may contact your Customer Success or Implementation Representative for guidance.
4. Cookies
FOXY’s public website uses a minimal set of cookies to ensure secure, stable, and optimized functionality. Cookies are small text files stored on your device, allowing the website to remember certain preferences, maintain session stability, and provide a reliable browsing experience. Cookies are also used for essential security measures, such as protecting against malicious activity and ensuring that only authorized sessions can access restricted areas.
Our operational systems (mobile app, admin interface, and organizational dashboards) function in a closed, controlled environment, where cookies are used strictly for security, session management, and authentication. We do not use cookies for advertising, commercial tracking, or unnecessary profiling.
You may choose to disable cookies through your browser settings; however, doing so may impact functionality or restrict your ability to access secure sections of the site. For guidance, refer to your browser’s help resources.
Necessary Cookies (All Site Visitors)
These cookies are required for the site to function safely and correctly. They do not store personal information beyond what is necessary for security and system stability.
Security & Protection Cookies
Used to help identify legitimate traffic, prevent misuse, and apply essential security settings. These cookies help ensure that only safe and valid sessions can interact with the website.Session Cookies
Temporary cookies created to identify your browsing session, maintain stability while navigating the site, and ensure pages load and behave correctly.
Necessary Cookies (Logged-In Authorized Users)
For users who access secure areas of the platform — such as organizational dashboards or authorized management interfaces — additional cookies are required solely for authentication and access control.
Authentication Cookies
Used to verify that the logged-in user is authorized and trusted. These cookies keep your session active and ensure your identity is validated during navigation.Session Integrity Cookies
Help maintain a secure and uninterrupted experience across different pages within secure sections of the system.Preference Cookies (Internal Use Only)
Used to remember interface configurations for authorized users (for example, admin layout preferences). These cookies do not track behavior and do not contain personal data.
If you need clarification regarding cookie usage or security practices, please contact your Customer Success or Implementation Representative, who will be happy to assist.
5. Who Has Access to Your Data
FOXY operates within a closed and highly controlled environment, ensuring that access to user information is limited strictly to authorized personnel and only when required. If you are not a registered user within an approved organization, we do not collect, store, or have access to any personal information about you.
For registered users operating under an organization or Regional Manager, access to your data is restricted as follows:
Regional Managers (Organization-Level Access)
Your assigned Regional Manager can access only the information of users who belong to their team or operational scope. This includes basic profile data, event participation, and operational activity relevant to managing team operations. Regional Managers cannot access data belonging to other organizations or unrelated teams.
System Administrators (Emergency & Technical Only)
System Administrators have limited access, used exclusively for maintaining platform stability, security monitoring, and resolving technical issues. Administrator access is rare, carefully controlled, and logged. Admins do not interact with user data unless it is required to address an emergency or platform-level issue.
Support Representatives (Case-by-Case Access)
In specific cases where a user requests assistance, an authorized Customer Success or Implementation Representative may access limited and relevant information needed to diagnose or resolve the issue. This access is performed only with a valid operational reason and is never used for any other purpose.
FOXY does not share, sell, or expose user information to third parties. Every access action is governed by strict internal policies, logged for auditing, and reviewed to ensure compliance with our security standards.
6. Third-Party Access to Your Data
FOXY is designed as a closed, secure platform, and we do not share personal information, operational details, event data, or user-generated content with external parties. Your data remains strictly within your organization’s environment and is accessible only to authorized internal roles as described in this policy.
FOXY does not sell, trade, or distribute user information to third parties for marketing, analytics, or advertising. Any external services involved in the platform are used solely for essential technical functionality, and they receive only the minimum required data — never event content, location reports, or any sensitive operational information.
Essential Authentication Services
In certain cases, the platform may use external identity providers to allow secure login (for example, Google Sign-In). When used, these providers receive only the authentication details required to verify your identity. They do not receive access to event data, team information, panic alerts, task details, or any operational content from FOXY.
Support-Related Third Parties (If Applicable)
If a user requests technical assistance, a limited amount of data may be processed by authorized tools strictly for support purposes. Only information that the user voluntarily provides is transmitted, and it is handled under strict privacy conditions.
All interactions with such tools occur only after the user has explicitly chosen to submit a support request. Support information is accessible solely to an authorized Customer Success or Implementation Representative and is used exclusively to resolve the issue.
No Access to Team or Event Data
It is important to emphasize:
No third party has access to your reports, events, tasks, real-time locations, panic alerts, or any operational activity.
All organizational information remains private to the team and its Regional Manager.
Admins may only access data in rare, controlled emergency cases for technical support.
External Policies
All external tools or authentication providers used by FOXY are required to follow GDPR and industry-standard data protection regulations. Any interaction with such services is limited, secure, and transparent, and occurs only when required for platform functionality.
If you need clarification about how third-party services interact with the platform, your Customer Success or Implementation Representative will be happy to assist.
7. How Long We Retain Your Data
FOXY operates under a strict and secure data-retention policy designed to protect user privacy and ensure that each organization maintains full control over its own environment.
No Soft Deletion — Permanent Removal Only
FOXY does not use soft-deletion.
When a user, team, or organization is deleted, the deletion is permanent and irreversible. All associated data — including user details, event history, assignments, reports, and operational records — is fully removed from the system without backup copies. Once removed, this information cannot be restored.
Deletion Authorized by the Regional Manager
User accounts can only be deleted with the explicit approval of the Regional Manager responsible for that team. FOXY staff do not delete user accounts independently, except in rare technical cases requested and confirmed by the Regional Manager. This ensures that data removal decisions remain fully controlled by the organization that owns the environment.
Team and Organization-Level Retention
FOXY maintains a strict separation between:
Organizations
Teams within each organization
Users belonging to each specific team
Data is isolated at every level, ensuring that no information is shared across unrelated teams or organizations. A Regional Manager can view only the data relevant to their team; other teams remain completely inaccessible.
If an entire team or organization is removed from the platform, all data associated with it is permanently deleted as part of the same process. There are no archived copies, no hidden backups, and no retained metadata after deletion.
How Long Data Is Retained Before Deletion
Operational data (such as event participation, task logs, and reports) remains available only for as long as:
The user account is active
The team or organization remains active on the platform
The Regional Manager has not requested deletion
Once any of the above conditions are no longer met, all related data is fully removed.
Ongoing Access to Your Information
Users can review and update the personal information available in their profile at any time, subject to organizational settings. Certain core identifiers may be fixed to preserve the integrity and security of the system.
Regional Managers can also access and review data for the users they manage — but never for teams outside their scope.
If you need clarification regarding data retention or deletion, your Customer Success or Implementation Representative can assist with the relevant procedures.
8. Security Measures
FOXY is built as a closed, secure, and organization-controlled environment, designed to protect sensitive operational data, event information, and user activity at all times. We implement multiple layers of security across the platform to ensure that all information is handled according to the highest standards in the industry.
Encrypted Communication
All communication between users, the mobile application, and FOXY’s servers is encrypted using modern SSL/HTTPS protocols. This prevents unauthorized interception, tampering, or exposure of personal or operational data while in transit. No information is ever transmitted in plain text.
Strict Access Control & Isolation
FOXY maintains strong logical separation between:
Organizations
Regional Manager teams
Individual users
Each team’s data is completely isolated from others, ensuring that only the assigned Regional Manager and authorized team members can access relevant information. Admin access is restricted to rare emergency cases, such as technical recovery or incident response, and is always logged and monitored.
Advanced Security Infrastructure
Our platform employs:
Encrypted data storage
Role-based access control (RBAC)
Continuous monitoring for suspicious activity
Automatic session validation
Multi-layer firewall and intrusion-prevention systems
Regular security audits and system hardening
These measures help ensure full system integrity and protect against misuse or unauthorized access.
Incident Response & Investigation
In the unlikely event of a security incident or data-related concern, FOXY’s administrators follow a strict internal response protocol:
Immediate containment to secure the system
Full investigation of the root cause — every case is examined thoroughly
Restoration of system stability and reinforcement of security controls
Notification to relevant organizational representatives, if necessary
Reset or revoke access credentials, when required
Our team handles each incident with complete transparency toward the affected organization and takes all steps needed to ensure the continued safety of the platform.
If you need more information about FOXY’s security architecture or incident procedures, your Customer Success or Implementation Representative will provide guidance.
9. Your Data Rights
FOXY is committed to protecting your privacy and ensuring that every user and organization maintains full control over their data. Because FOXY operates as a closed, organization-managed environment, data rights are handled in coordination with your Regional Manager and in compliance with international privacy regulations.
Access to Your Data
If you are a registered user within an organization using FOXY, you may request access to the personal information associated with your account. This includes basic profile details and operational information relevant to your role inside the platform. Requests of this type are handled through your organization and may require verification by your Regional Manager.
Requesting Deletion of Your Data
FOXY does not use soft deletion. When data is removed, it is removed permanently and irreversibly.
Therefore:
A user account can be deleted only with explicit approval from the Regional Manager responsible for that team.
Once your account is deleted, all personal and operational data linked to you is fully removed from the system, with no backups retained.
If you request full deletion of your data, you will no longer be able to access the platform, participate in team operations, or receive any form of support.
This approach ensures both privacy and organizational accountability.
Organization and Team-Level Data Rights
Each organization manages its own users and retains full ownership of its data. FOXY ensures:
Strict separation of data between teams and organizations
No cross-visibility of information
Permanent deletion when a team or organization is removed
If an organization or team chooses to delete its workspace, all related data is deleted permanently, without retention or recovery.
GDPR Rights
FOXY fully supports the principles of the General Data Protection Regulation (GDPR) for users and organizations operating within the European Union. This includes:
The right of access
The right to rectification
The right to erasure (subject to Regional Manager approval)
The right to data portability
The right to restrict or object to processing
We apply GDPR standards across all regions as part of our commitment to privacy, transparency, and secure data handling.
If you require assistance exercising your data rights, please contact your Customer Success or Implementation Representative, who will coordinate the process with your organization.
10. Third-Party Websites
FOXY operates as a closed and secure platform, used only by approved organizations and their authorized teams. While the FOXY operational environment does not rely on external websites, our public-facing website may occasionally include links to third-party resources for informational purposes only.
Any third-party website you choose to visit from our site is independent from FOXY and is not governed by our privacy, security, or data-handling policies. We do not screen, monitor, or validate the privacy practices of these external sites, and by choosing to access them you acknowledge that FOXY is not responsible for their conduct, content, or data-collection methods.
No Automatic Connection to External Platforms
Links to social networks or other third-party services—whether shown as icons, buttons, or text—do not transmit any personal data, identifiers, or browsing information unless you explicitly click on them. No background communication occurs without your direct interaction.
External Policies Do Not Apply to FOXY
This Privacy Policy does not grant rights to any external party, nor does it require FOXY to disclose user information to third-party websites. FOXY maintains strict data isolation and does not share team data, user details, event records, or operational information with advertisers or external platforms.
If you choose to follow a link to a third-party website:
That website’s own privacy policy and terms of service apply.
FOXY is not responsible for any information you provide to that external site.
You should review the third-party’s policies before sharing any personal information.
If you need clarification regarding third-party interactions or safe browsing practices, your Customer Success or Implementation Representative can provide guidance.
11. Release of Your Data for Legal Purposes
FOXY is committed to protecting the privacy and security of all organizational and user data. As a closed platform used only by authorized businesses and teams, we disclose information only when legally required and always in accordance with applicable laws and due-process procedures.
Compliance With Legal Obligations
In rare situations, FOXY may be obligated to release limited user information in response to:
A valid legal request
A court order or subpoena
A government or regulatory authority acting within its lawful jurisdiction
Law-enforcement agencies conducting a legitimate investigation
Any disclosure will be carried out strictly in accordance with the laws of the country relevant to the inquiry and the region where the organization operates.
Good-Faith Legal Actions
If FOXY determines in good faith that a legal disclosure is necessary—such as in cases involving safety threats, fraud, misuse, or criminal activity—we may comply with the legal request to the minimum extent required. FOXY does not voluntarily share operational data, event logs, or team information unless legally mandated.
Notification When Possible
Where permitted by law:
FOXY may attempt to notify the affected organization or Regional Manager before disclosing data, allowing them to respond or take appropriate action.
However, in many cases (e.g., confidential investigations), we may be legally prohibited from providing notice.
Notification is not guaranteed and depends entirely on legal constraints.
Strict Limitation of Data Released
If a disclosure is required:
Only the minimum necessary information will be shared.
FOXY never releases more data than legally mandated.
No operational event data, panic alerts, location histories, or internal team details are disclosed unless the law explicitly compels it.
Compliance With Regional Laws
Any legal disclosure is performed only in compliance with the laws of your jurisdiction and the applicable international privacy regulations, including GDPR where relevant.
If you need clarification regarding legal requests, disclosure rules, or compliance standards, your Customer Success or Implementation Representative can provide guidance and coordinate communication with the appropriate organizational contacts.
