Privacy Policy

Our Privacy Policy: The Overview

In an effort to provide a clear and easy privacy policy, it's important to clarify whom we're talking about:

  • "We" are LLC, also referred to as or simply "Foxy".
  • "You" are the Foxy User, who uses the Foxy websites and services.
  • "Your Customers" are the individuals or businesses that visit your website or services.

We never sell or otherwise disclose Your information to third-parties except in the context us using external providers in our own business operations, or as may be required by government or legal orders. For example, we may import your name and email into a service we use to send emails.

We never use Your Customers' information ourselves except in anonymized/aggregated forms (such as tracking the health of our overall system and usage), or in the context of providing You with support. We will never share Your Customers' information with third-parties, except as configured by you (for instance, Your Customers' payment information will be sent to the payment gateways you configure), or as may be required by law.

We do use cookies to maintain logged-in status of our services, and to track your usage of our websites and services. We do not use cookies for Your Customers, except as required to maintain the content of their shopping cart.

We also log IP addresses, in order to prevent fraud and abuse.

We adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) , as well as the EU's GDPR. Please read on for more details.

Our Privacy Policy: The Complete Details

This privacy statement covers the web pages and services belonging to LLC (hereafter referred to as "us", FoxyCart, Foxy, and in the United States. It does not cover the privacy policies of our Users (websites, online stores, merchants, etc. using our services). For the purposes of this privacy policy, "You" shall refer to the Foxy customer ("User") and anybody visiting LLC properties (including but not limited to,,, "You" shall not refer to a User’s website visitors or customers. For information on the "User’s Customers" please see the "Stores Using" section.

For details about our participation in the DPF and GDPR, please see the corresponding sections below.

A copy of this policy is available at

At, privacy on the Internet means that:

  • We inform you how we use any personally identifiable information that is submitted to us online.
  • We maintain confidentiality and security safeguards for personally identifiable information.
  • You have control over the personally identifiable information you decide to submit to us.
  • If you have elected to receive email promotions from us, you can opt-out from these at any time.

We respect your privacy, and will not share, sell, or otherwise disclose your personal information to disclose this information to affiliates, subsidiaries, agents, or third party content providers for marketing purposes. We retain the right to disclose any information necessary to normal business operation, such as to payment processors.

The websites of our Users (stores using our services) may have different privacy policies and practices from those disclosed here, and we encourage you to become familiar with them as necessary.

This site is operated by LLC in the United States. By using this website and our services, you understand and agree that (1) the information collected from this site may be retained indefinitely, and may be stored, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction; and (2) we may use this information for a variety of purposes including direct marketing (unless you opt out of receiving direct marketing from us).

We will only use information provided directly to us (,,,, or any other sites directly controlled by We will not use information provided to our Users. In other words, we will not use or disclose our Users’ customers' information, except as noted below.

Stores Using

Third-party websites using’s services (Users' websites) may have their own privacy policies. will not use any of our Users' customers' personal information that is not provided to directly, except as necessary to process the customer's transaction on behalf of the Foxy User. In other words, if a business named "Ketchup Popsicles" uses’s services, Ketchup Popsicle’s customers:

  • will be processed through’s services and servers as necessary to complete the transaction, which may include:
    • logging the customer IP and other network information,
    • setting cookies,
    • sending the customer information to the payment gateways that are configured by the Foxy User;
    • sending the customer information to 3rd parties and external URLs (ie. anti-fraud services, shipping and fulfillment providers, etc.) as specified by the Foxy User in the store admin;
  • will receive email receipts as configured in the admin by the Foxy User;
  • will have their information stored on’s servers, as necessary to provide transaction history reports to Ketchup Popsicles’ store administrator, and as required by various laws and regulations related to record-keeping for tax purposes;
  • will not be contacted by or any representative of without explicit approval from Ketchup Popsicles (ie. for troubleshooting or bug diagnosis);
  • will not be used for direct marketing by or any representative of;
  • will not have their information shared, sold, or otherwise disclosed to any 3rd parties, unless is required by law to do so;
  • may be used in an anonymous, aggregated format to calculate statistics for’s services (ie. average transaction value, average transactions per store, average transactions per day per store, etc.), which may be used for both internal purposes (analyzing server load, etc.) and external purposes (marketing, etc.).

What We Collect

When you visit this website, some information, may be collected automatically as part of the site’s operation. Other information may be requested for you to enter manually, in order to contact us or to register for our services. Information we collect automatically may include any and all aspects of your browser's request to our servers, such as the site that referred you to us, your IP address, your browser version and operating system, and any cookies that may have been set on previous visits to our site. This information is used to allow logging into various services (the admin, the forum, etc.), and to gauge usage of our websites and services.

On some occasions we may ask you to provide information on online forms. For example, if you desire to create an account, we may ask for your:

  • email address;
  • newly-created password;
  • business information such as website URL, postal code and country, and other details necessary to configure your account;
  • credit card details.

Whenever you are asked to provide personal information, we will notify you of the purposes for taking such information, usually at the point when the information is collected. Providing information on online forms is always voluntary, and you are free not to complete any online forms. If you choose not to, however, some products and services may not be available to you. We will let you know when certain information is required to carry out the service requested, usually by placing an asterisk or some other designation next to required information (or by letting you know when certain information requested is optional).


When you visit, we may place a text file, called a cookie, in the browser directory of your computer’s hard drive. A cookie is a small piece of information that a website can store on your web browser and later retrieve. Cookies do not themselves contain your personal information. Cookies offer you many conveniences. Most importantly, they allow you to login to services, and they allow Users' customers to maintain a cart into which products can be added and paid for. They also allow, and certain third party content providers, to recognize information, and so can determine what content is best suited to your needs. The domain names of the site server transmitting the cookies are and

Most browsers allow you to decline cookies, but if you elect to do so, these pages may not display properly. While cookies will be stored in your hard drive for your next visit with us, you are free to delete cookies after your session, and your browser should contain instructions on how to do this.

IP Addresses

In order to prevent fraud and abuse, and to comply with the PCI DSS, we log all IP addresses for all traffic to our systems and services. We do this at all times, regardless of any other notifications or requests for consent we may provide.

How We Use It

The information collected online may be stored indefinitely, or may be retained according to legal or compliance related requirements such as the PCI DSS or GDPR. This information is used for various purposes, including processing your transactions, customer service, product and service development, responding to your inquiries, direct marketing and marketing analysis, and facilitating your use of this website. The information we collect will not be shared with our subsidiaries, agents, third party content providers, affiliates or selected other entities, except as noted above.

Third-Parties With Which We Share Your Information, and Onward Transfer

The types of entities with whom we share your information are:

  • Services used to communicate with you. For example, your email may be imported to a service that we use to send emails, or to our helpdesk. In no case, however, is your email ever used or shared for any other purpose than our own direct communication with you (except as outlined in the "Other Disclosures" section below.
  • Services used to improve our understanding of our systems' usage. For example, we use analytics services to help us identify problems in our service, and to make improvements.
  • Services used to process payments, in order to charge you for our services.

Accountability for Onward Transfers

Except as otherwise noted in this policy, we will only disclose personal information to third-parties under the following conditions:

  • The third-party only uses the provided data for the purpose for which we have provided it.
  • The third-party adheres to the DPF Principles, or treats personal information with at least that level of protection.
  • The third-party has provided assurances that they will only use the data in a manner consistent with the consent originally provided by the User.
  • The disclosure is reasonably necessary to meet a legal obligation, compliance obligation, regulatory obligation, or as needed to conduct our own business processes as mentioned elsewhere in this document.

If we discover a third-party is not adhering to the level of protection required by this privacy policy, we will work to stop disclosure with the third-party. Liability for any damages caused by any third-parties shall remain with the third-party, unless it is proven that Foxy is responsible for the third-party's violation.

Your Choices, Rights, & Access To Your Data

Unless you opt out of receiving promotional materials from us, we may notify you of special promotions, new products or services, or other information that may be of interest. You may choose not to receive promotional information from by checking the appropriate box at the time of information collection or at a later time by sending an email to If you would like to review or revise information you previously provided on an online form, or believe that what we currently have on record is incorrect, you may access, update, or delete your information in the "My Account" section of this website, or by contacting us at

Your Access

You have the right to view, delete, and modify your data. Most of this data is available from the Foxy admin. Please email with your request, if you are unable to view or modify your data in the Foxy admin.

Right To Be Forgotten

In the event you request your data be deleted, please be aware that we may need to retain certain historical data (such as invoice details) in order to comply with other legal and tax requirements. In the event Your Customers may request their data be deleted from Foxy systems, please note that there may be other legal requirements preventing historical data from being deleted (for example, EU VAT retention requirements mandating invoices be retained for multiple years).

Further, our own legal, contractual, or industry compliance requirements (such as PCI DSS) may require us to maintain historical data such as webserver logs and database backups. In such cases, your or Your Customers' data may persist in backups that are retained for security and compliance purposes, but this data will not be used for marketing purposes.

Data Breaches

In the event Foxy suffers a data breach, you will be notified as promptly as possible, and in accordance with US and EU laws and requirements. You will also be notified if Your Customers' data is breached, .

Other Disclosures

We also reserve the right to disclose your personal information if required to do so to meet national security or law enforcement requirements, or in the good faith belief that such action is reasonably necessary to comply with legal process, respond to claims, or protect the rights, property or safety of our company, employees, customers or the public.

Links to Other Websites

The sites to which we link, including but not limited to the sites of third party content providers, may have different privacy policies and practices from those disclosed here. These other websites may send their own cookies to visitors, collect data or solicit personal information. We assume no responsibility for the policies or practices of linked sites and encourage you to become acquainted with them.

Safeguarding Your Information uses reasonable precautions to keep your personal information secure from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, we are not responsible for any breach of security or for the actions of third parties.

Policy Regarding Minors

We do not intend to collect personal information from anyone under the age of 18. If you are under 18, you should not enter information on this website and should ask a parent to do so for you.

Additional Information

Under no circumstances does this privacy policy override any provisions or agreements set forth in any of’s Terms of Service or Acceptable Use Policies. The Terms of Service or the Acceptable Use Policy will be used instead of this privacy policy if conflicting statements are discovered. Similarly, any provision in the section titled "The Overview" of this document will override any provision in "The Complete Details".

EU-U.S. DATA PRIVACY FRAMEWORK (DPF) LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit

If you are located in one of the 15 European Union Member Nation States (Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Netherlands, Portugal, Spain, Sweden, the United Kingdom, and other member countries), Canada, or any other nation with privacy legislation you should be aware that personal information submitted to online may be transferred to a data center in the United States.

Our Independent Recourse Mechanism

In compliance with the DPF Principles, commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact at has further committed to refer unresolved DPF compliance complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. In certain circumstances, you may be able to invoke binding arbitration through the DPF panel if the dispute is not resolved first by working with Foxy and then next by working with JAMS.

Foxy is subject to the enforcement powers of the US FTC.

General Data Protection Regulation (GDPR) LLC attests that we are compliant with the European Union's GDPR, and we assert our commitment to maintaining compliance.

Per GDPR definitions, we are a data processor and our Users (You) are data controllers. As noted elsewhere, we will never disclose Your Customers' information except as configured by You. If you require assistance with Your Customers' requests to access, modify, or delete their information, please contact us at Note that there may be other legal requirements you are subject to that prevent the deletion of Your Customers' data (such as historical sales invoices or receipts, the retention of which may be required by the EU or other entity).

As it relates to your information, we are a controller. As a controller, we abide by GDPR requirements, and ensure that we use only processors that certify their own GDPR compliance.

Please also note that we do log IP addresses of all visitors to our services (both for you and for Your Customers). This logging is required to prevent abuse and fraud (such as DoS attacks or automated fraud attempts) and "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party", per GDPR Article 6.1 and Recital 49. Also please note the "Right To Be Forgotten" section above as it relates to log retention.

Contacting Us

If at any time you believe that we have not followed the above policy, or would like more information regarding your privacy protection, please let us know by sending an email to or by writing to us at PO Box 1505, #31921, Austin, TX 78767, Attn: Privacy Policy. We will make reasonable efforts to identify and correct any problem.

For GDPR-related inquiries, please use the above contact information, or contact our designated GDPR representative at (for the EU) or (for the UK).

We reserve the right to change the terms of this privacy policy at any time, but will not do so without posting the revised policy on this website. We encourage you to review this privacy policy whenever you visit our website to make sure you understand how we use the information we collect.

This policy was last updated: 2024.06.04