In our 11+ years of doing Foxy, there are occasionally new compliance concerns or security updates that cause industry-wide discussion and concern. In the past few years, however, the pace of sweeping and important industry-wide changes seem to have accelerated. In addition to a number of SSL protocol improvements and well-publicized security vulnerabilities, we’ve also seen the EU Court of Justice declare Safe Harbor invalid, the introduction of Privacy Shield to replace Safe Harbor, and now the EU’s General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018.

We’ve been working on our GDPR compliance for the past few months, and are finalizing things with our lawyers currently. We do not anticipate any problems in our own GDPR compliance. As a Level 1 PCI Service Provider, we were already in a good position to meet the strict requirements of the GDPR, though there certainly have been a few changes we needed to deal with.

We will update this post when our Privacy Policy includes the pending changes and clarification. If you have any specific questions about how Foxy (as a Data Processor) will handle your customers’ data, please don’t hesitate to contact us.

UPDATE 2018-05-16:

We have just pushed out our new Privacy Policy, which includes sections related to GDPR as well as Privacy Shield. If you have any questions about our updated Privacy Policy, please let us know. We’re well aware of the continued uncertainty related to GDPR, and we’re happy to discuss things with you.

UPDATE 2018-05-24:

We have also updated our Terms of Service with a Data Processing Addendum, which meets additional GDPR requirements some of our users have asked about.