Legal

Privacy Policy

Last updated: April 11, 2026

1. Overview

foxreply.ai ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights under applicable data protection law, including the EU General Data Protection Regulation (GDPR).

By using our Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Data We Collect

Account Data

When you register, we collect:

Email address
Password (stored as a cryptographic hash — never in plain text)
Account creation date

Organisation and Bot Data

When you create and configure bots, we store:

Organisation name and logo image you upload
Knowledge base text you provide
Widget customisation settings (colours, title, welcome message)
Quick reply chips and bot personality settings

Conversation Data

When visitors chat with your embedded widget, we store the conversation messages (both visitor and bot) to power the Inbox and Analytics features in your dashboard. These messages are associated with an anonymous session ID and your organisation — not with personally identifiable visitor information unless a visitor shares personal details in chat.

Billing Data

Payment processing is handled entirely by Paddle, our Merchant of Record. We do not store credit card numbers or payment details. We receive and store your billing plan, subscription status, and Paddle customer identifier.

Usage and Technical Data

We automatically collect:

Log data (IP address, browser type, pages visited, timestamps)
Device information (operating system, screen resolution)
Message usage counts per organisation per month

Analytics

We use Vercel Analytics for aggregate, anonymised website analytics. No personally identifiable information is passed to Vercel Analytics.

3. How We Use Your Data

We use your data to:

Provide, operate, and maintain the Service
Process payments and manage subscriptions
Generate AI responses using the knowledge base you provide
Display conversation history and analytics in your dashboard
Send transactional emails (billing confirmations, trial reminders, service alerts)
Respond to your support requests
Detect and prevent fraud or abuse
Comply with legal obligations

We do not sell, rent, or trade your personal data. We do not use your data for cross-site advertising.

Legal Basis (GDPR)

We process your personal data on the following legal bases:

Contract performance — to provide the Service you signed up for
Legitimate interests — to improve the Service and prevent fraud
Legal obligation — to comply with applicable laws
Consent — where you have explicitly given permission (e.g., marketing emails)

5. Cookies

We use minimal, functional cookies:

Authentication — a JWT token stored in your browser's localStorage to keep you logged in.
Session ID — an anonymous session identifier stored in sessionStorage for widget conversations, cleared when you close the browser.

We do not use tracking cookies or third-party advertising cookies. You can clear cookies and local storage at any time through your browser settings.

6. Data Retention

Account data is retained as long as your account is active.
After account deletion, data is permanently erased within 30 days.
Widget conversation messages are retained for 12 months and then automatically deleted.
Billing records may be retained for up to 7 years to comply with accounting and tax regulations.
Anonymised aggregate usage statistics may be retained indefinitely.

7. Security

We take reasonable technical and organisational measures to protect your data, including:

HTTPS encryption for all data in transit
Bcrypt password hashing
JWT authentication with short-lived tokens
Access controls limiting employee access to production data

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to hello@foxreply.ai.

8. Your Rights

If you are located in the EU / EEA or UK, you have the following rights under the GDPR:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — request that we limit processing of your data
Portability — request your data in a machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at hello@foxreply.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction, including the United States, where our cloud infrastructure and AI providers are located. We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

For privacy-related inquiries, data subject requests, or complaints:

foxreply.ai — Data Protection
Email: hello@foxreply.ai

Privacy questions?

Email us at hello@foxreply.ai. We take privacy seriously and respond to all inquiries within one business day.