- "We" are FoxyCart.com LLC, also referred to as Foxy.io or simply "Foxy".
- "You" are the Foxy User, who uses the Foxy websites and services.
- "Your Customers" are the individuals or businesses that visit your website or services.
We never sell or otherwise disclose Your information to third-parties except in the context us using external providers in our own business operations, or as may be required by government or legal orders. For example, we may import your name and email into a service we use to send emails.
We never use Your Customers' information ourselves except in anonymized/aggregated forms (such as tracking the health of our overall system and usage), or in the context of providing You with support. We will never share Your Customers' information with third-parties, except as configured by you (for instance, Your Customers' payment information will be sent to the payment gateways you configure), or as may be required by law.
We also log IP addresses, in order to prevent fraud and abuse.
We adhere to the EU-US Data Privacy Framework (DPF) Principles, as well as the GDPR. Please read on for more details.
wiki.foxycart.com). "You" shall not refer to a User’s website visitors or customers. For information on the "User’s Customers" please see the "Stores Using Foxy.io" section.
For details about our participation in DPF and GDPR (the EU's General Data Protection Regulation), please see the corresponding sections below.
A copy of this policy is available at https://foxy.io/privacy-policy.
At Foxy.io, privacy on the Internet means that:
- We inform you how we use any personally identifiable information that is submitted to us online.
- We maintain confidentiality and security safeguards for personally identifiable information.
- You have control over the personally identifiable information you decide to submit to us.
- If you have elected to receive email promotions from us, you can opt-out from these at any time.
We respect your privacy, and will not share, sell, or otherwise disclose your personal information to disclose this information to affiliates, subsidiaries, agents, or third party content providers for marketing purposes. We retain the right to disclose any information necessary to normal business operation, such as to payment processors.
The websites of our Users (stores using our services) may have different privacy policies and practices from those disclosed here, and we encourage you to become familiar with them as necessary.
This site is operated by FoxyCart.com LLC in the United States. By using this website and our services, you understand and agree that (1) the information collected from this site may be retained indefinitely, and may be stored, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction; and (2) we may use this information for a variety of purposes including direct marketing (unless you opt out of receiving direct marketing from us).
We will only use information provided directly to us (admin.foxycart.com, www.foxy.io, forum.foxycart.com, wiki.foxycart.com, or any other sites directly controlled by Foxy.io). We will not use information provided to our Users. In other words, we will not use or disclose our Users’ customers' information, except as noted below.
Stores Using Foxy.io
Third-party websites using Foxy.io’s services (Users' websites) may have their own privacy policies. Foxy.io will not use any of our Users' customers' personal information that is not provided to Foxy.io directly, except as necessary to process the customer's transaction on behalf of the Foxy User. In other words, if a business named "Ketchup Popsicles" uses Foxy.io’s services, Ketchup Popsicle’s customers:
- will be processed through Foxy.io’s services and servers as necessary to complete the transaction, which may include:
- logging the customer IP and other network information,
- setting cookies,
- sending the customer information to the payment gateways that are configured by the Foxy User;
- sending the customer information to 3rd parties and external URLs (ie. anti-fraud services, shipping and fulfillment providers, etc.) as specified by the Foxy User in the Foxy.io store admin;
- will receive email receipts as configured in the Foxy.io admin by the Foxy User;
- will have their information stored on Foxy.io’s servers, as necessary to provide transaction history reports to Ketchup Popsicles’ store administrator, and as required by various laws and regulations related to record-keeping for tax purposes;
- will not be contacted by Foxy.io or any representative of Foxy.io without explicit approval from Ketchup Popsicles (ie. for troubleshooting or bug diagnosis);
- will not be used for direct marketing by Foxy.io or any representative of Foxy.io;
- will not have their information shared, sold, or otherwise disclosed to any 3rd parties, unless Foxy.io is required by law to do so;
- may be used in an anonymous, aggregated format to calculate statistics for Foxy.io’s services (ie. average transaction value, average transactions per store, average transactions per day per store, etc.), which may be used for both internal purposes (analyzing server load, etc.) and external purposes (marketing, etc.).
What We Collect
When you visit this website, some information, may be collected automatically as part of the site’s operation. Other information may be requested for you to enter manually, in order to contact us or to register for our services. Information we collect automatically may include any and all aspects of your browser's request to our servers, such as the site that referred you to us, your IP address, your browser version and operating system, and any cookies that may have been set on previous visits to our site. This information is used to allow logging into various services (the admin, the forum, etc.), and to gauge usage of our websites and services.
On some occasions we may ask you to provide information on online forms. For example, if you desire to create an account, we may ask for your:
- email address;
- newly-created password;
- business information such as website URL, postal code and country, and other details necessary to configure your Foxy.io account;
- credit card details.
Whenever you are asked to provide personal information, we will notify you of the purposes for taking such information, usually at the point when the information is collected. Providing information on online forms is always voluntary, and you are free not to complete any online forms. If you choose not to, however, some products and services may not be available to you. We will let you know when certain information is required to carry out the service requested, usually by placing an asterisk or some other designation next to required information (or by letting you know when certain information requested is optional).
When you visit Foxy.io, we may place a text file, called a cookie, in the browser directory of your computer’s hard drive. A cookie is a small piece of information that a website can store on your web browser and later retrieve. Cookies do not themselves contain your personal information. Cookies offer you many conveniences. Most importantly, they allow you to login to Foxy.io services, and they allow Users' customers to maintain a cart into which products can be added and paid for. They also allow Foxy.io, and certain third party content providers, to recognize information, and so can determine what content is best suited to your needs. The domain names of the site server transmitting the cookies are Foxy.io and FoxyCart.com.
Most browsers allow you to decline cookies, but if you elect to do so, these pages may not display properly. While cookies will be stored in your hard drive for your next visit with us, you are free to delete cookies after your session, and your browser should contain instructions on how to do this.
In order to prevent fraud and abuse, and to comply with the PCI DSS, we log all IP addresses for all traffic to our systems and services. We do this at all times, regardless of any other notifications or requests for consent we may provide.
How We Use It
The information collected online may be stored indefinitely, or may be retained according to legal or compliance related requirements such as the PCI DSS or GDPR. This information is used for various purposes, including processing your transactions, customer service, product and service development, responding to your inquiries, direct marketing and marketing analysis, and facilitating your use of this website. The information we collect will not be shared with our subsidiaries, agents, third party content providers, affiliates or selected other entities, except as noted above.
Third-Parties With Which We Share Your Information, and Onward Transfer
The types of entities with whom we share your information are:
- Services used to communicate with you. For example, your email may be imported to a service that we use to send emails, or to our helpdesk. In no case, however, is your email ever used or shared for any other purpose than our own direct communication with you (except as outlined in the "Other Disclosures" section below.
- Services used to improve our understanding of our systems' usage. For example, we use analytics services to help us identify problems in our service, and to make improvements.
- Services used to process payments, in order to charge you for our services.
Accountability for Onward Transfers
Except as otherwise noted in this policy, we will only disclose personal information to third-parties under the following conditions:
- The third-party only uses the provided data for the purpose for which we have provided it.
- The third-party adheres to the DPF Principles, or treats personal information with at least that level of protection.
- The third-party has provided assurances that they will only use the data in a manner consistent with the consent originally provided by the User.
- The disclosure is reasonably necessary to meet a legal obligation, compliance obligation, regulatory obligation, or as needed to conduct our own business processes as mentioned elsewhere in this document.
Your Choices, Rights, & Access To Your Data
Unless you opt out of receiving promotional materials from us, we may notify you of special promotions, new products or services, or other information that may be of interest. You may choose not to receive promotional information from Foxy.io by checking the appropriate box at the time of information collection or at a later time by sending an email to firstname.lastname@example.org. If you would like to review or revise information you previously provided on an online form, or believe that what we currently have on record is incorrect, you may access, update, or delete your information in the "My Account" section of this website, or by contacting us at email@example.com.
You have the right to view, delete, and modify your data. Most of this data is available from the Foxy admin. Please email firstname.lastname@example.org with your request, if you are unable to view or modify your data in the Foxy admin.
Right To Be Forgotten
In the event you request your data be deleted, please be aware that we may need to retain certain historical data (such as invoice details) in order to comply with other legal and tax requirements. In the event Your Customers may request their data be deleted from Foxy systems, please note that there may be other legal requirements preventing historical data from being deleted (for example, EU VAT retention requirements mandating invoices be retained for multiple years).
Further, our own legal, contractual, or industry compliance requirements (such as PCI DSS) may require us to maintain historical data such as webserver logs and database backups. In such cases, your or Your Customers' data may persist in backups that are retained for security and compliance purposes, but this data will not be used for marketing purposes.
In the event Foxy suffers a data breach, you will be notified as promptly as possible, and in accordance with US and EU laws and requirements. You will also be notified if Your Customers' data is breached, .
We also reserve the right to disclose your personal information if required to do so to meet national security or law enforcement requirements, or in the good faith belief that such action is reasonably necessary to comply with legal process, respond to claims, or protect the rights, property or safety of our company, employees, customers or the public.
Links to Other Websites
The sites to which we link, including but not limited to the sites of third party content providers, may have different privacy policies and practices from those disclosed here. These other websites may send their own cookies to visitors, collect data or solicit personal information. We assume no responsibility for the policies or practices of linked sites and encourage you to become acquainted with them.
Safeguarding Your Information
Foxy.io uses reasonable precautions to keep your personal information secure from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, we are not responsible for any breach of security or for the actions of third parties.
Policy Regarding Minors
We do not intend to collect personal information from anyone under the age of 18. If you are under 18, you should not enter information on this website and should ask a parent to do so for you.
EU-U.S. DATA PRIVACY FRAMEWORK (DPF)
If you are located in one of the 15 European Union Member Nation States (Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Netherlands, Portugal, Spain, Sweden, the United Kingdom, and other member countries), Canada, or any other nation with privacy legislation you should be aware that personal information submitted to Foxy.io online may be transferred to a data center in the United States.
Our Independent Recourse Mechanism
In compliance with the DPF Principles, Foxy.io commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our DPF policy should first contact Foxy.io at https://www.foxy.io/contact.
Foxy.io has further committed to refer unresolved DPF compliance complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. In certain circumstances, you may be able to invoke binding arbitration through the DPF panel if the dispute is not resolved first by working with Foxy and then next by working with JAMS.
Foxy is subject to the enforcement powers of the US FTC.
General Data Protection Regulation (GDPR)
FoxyCart.com LLC attests that we are compliant with the European Union's GDPR, and we assert our commitment to maintaining compliance.
Per GDPR definitions, we are a data processor and our Users (You) are data controllers. As noted elsewhere, we will never disclose Your Customers' information except as configured by You. If you require assistance with Your Customers' requests to access, modify, or delete their information, please contact us at email@example.com. Note that there may be other legal requirements you are subject to that prevent the deletion of Your Customers' data (such as historical sales invoices or receipts, the retention of which may be required by the EU or other entity).
As it relates to your information, we are a controller. As a controller, we abide by GDPR requirements, and ensure that we use only processors that certify their own GDPR compliance.
Please also note that we do log IP addresses of all visitors to our services (both for you and for Your Customers). This logging is required to prevent abuse and fraud (such as DoS attacks or automated fraud attempts) and "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party", per GDPR Article 6.1 and Recital 49. Also please note the "Right To Be Forgotten" section above as it relates to log retention.
For GDPR-related inquiries, please use the above contact information, or contact our designated GDPR representative at firstname.lastname@example.org (for the EU) or email@example.com (for the UK).
This policy was last updated: 2023.08.23