Privacy Policy
Last updated: March 25, 2026
1. Introduction
Foxx Cyber LLC ("Foxx Cyber," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at foxxcyber.com, use our Bedrock CMMC platform, or engage with any of our products and services (collectively, the "Services").
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, phone number, company name, and job title when you create an account or contact us
- Billing information: Payment method details are collected and processed directly by Stripe, our payment processor. We do not store your complete credit card number on our servers
- Compliance data: Information you input into the Bedrock CMMC platform, including control implementation details, SPRS scores, SSP content, POA&M entries, evidence files, and other compliance documentation
- Communications: Messages, support requests, and other correspondence you send to us
2.2 Information Collected Automatically
- Analytics data: We use a privacy-first, cookie-free analytics system that collects anonymized page visit data, including page URLs, referrer URLs, browser type, and device type. IP addresses are anonymized before storage and are never stored in full
- Session data: We use session cookies strictly for authentication purposes (keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies
3. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Services
- Process payments and manage your subscription
- Send transactional emails (account verification, password resets, billing notifications)
- Respond to your inquiries and support requests
- Improve and develop the Services
- Detect, prevent, and address security issues or fraud
- Comply with legal obligations
We do not sell your personal information. We do not use your data for advertising purposes. We do not share your compliance data with other customers or third parties.
4. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing details, email, transaction data |
| AWS | Cloud infrastructure | All platform data (encrypted at rest and in transit) |
| Neon | Database hosting | Account and compliance data (encrypted) |
| Cloudflare | CAPTCHA verification | IP address, browser fingerprint (for bot detection only) |
| SMTP2GO | Transactional email delivery | Email address, name |
Each third-party service is bound by its own privacy policy. We only share the minimum data necessary for each service to function.
5. Data Security
We implement appropriate technical and organizational security measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Multi-tenant data isolation at the database level (organization-scoped queries)
- JWT-based authentication with session expiration
- Role-based access controls within the platform
- Regular security assessments of our infrastructure
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
6. Cookies and Tracking
We use a minimal cookie approach:
- Authentication cookies: Session cookies to keep you logged in. These are essential for the Services to function and cannot be disabled
- No tracking cookies: We do not use cookies for analytics, advertising, or cross-site tracking
- No third-party cookies: We do not allow third-party services to set cookies on our site for tracking purposes
Our analytics system is privacy-first and does not use cookies. It collects anonymized, aggregated data only.
7. Data Retention
We retain your data as follows:
- Account data: Retained for the duration of your account plus 30 days after account deletion
- Compliance data: Retained for the duration of your subscription plus 30 days, after which it may be permanently deleted
- Billing records: Retained as required by applicable tax and financial regulations
- Analytics data: Anonymized analytics data is retained for up to 12 months
- Support communications: Retained for 2 years for quality and reference purposes
8. Your Rights
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Portability: Request your compliance data in a standard format (PDF, CSV)
- Objection: Object to certain types of processing
To exercise any of these rights, contact us at fcsupport@foxxcyber.com. We will respond to your request within 30 days.
9. Children's Privacy
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Foxx Cyber LLC
Email: fcsupport@foxxcyber.com
Website: foxxcyber.com