Privacy Policy

Last Updated: January 1, 2025

AIFox AI, Inc. ("AIFox AI," "we," "us," or "our") is committed to protecting the privacy of our customers, website visitors, and all individuals whose data may come under our care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at aifoxai.com or use our AI-powered cybersecurity platform.

Please read this policy carefully. By accessing or using our website or services, you agree to the practices described herein. If you disagree with any part of this policy, please discontinue use of our services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide directly when you:

• Submit a contact or inquiry form on our website
• Request a demo or schedule a call with our sales team
• Register for a webinar, event, or newsletter
• Create an account or customer portal login
• Communicate with our support team

This information may include your name, business email address, company name, phone number, job title, and any content you include in your communications with us.

1.2 Usage and Technical Information

When you visit our website, we may automatically collect technical information including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and clickstream data. This data is collected through server logs and analytics technologies.

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies as described in our Cookie Policy. You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings.

1.4 Customer Security Data

As a cybersecurity platform, our customers may process security telemetry, log data, and related information through the AIFox AI platform. This data is processed as a data processor on behalf of our enterprise customers under the terms of our Data Processing Agreement. This Privacy Policy does not apply to security data processed on behalf of customers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to inquiries and fulfilling requests for demos, assessments, or information
• Providing, operating, and improving our platform and services
• Communicating with you about products, services, security research, and company updates
• Analyzing website usage to improve user experience and content
• Detecting, preventing, and addressing fraud, security incidents, and technical issues
• Complying with legal obligations and enforcing our terms and agreements
• Conducting security research and publishing threat intelligence (using aggregated, de-identified data only)

3. Legal Basis for Processing (GDPR Jurisdictions)

For individuals in the European Economic Area, United Kingdom, or other jurisdictions with similar legal requirements, our legal bases for processing personal data include:

• Legitimate interests: Operating and improving our services, security research, fraud prevention
• Contract performance: Fulfilling our obligations to customers and service users
• Legal obligation: Compliance with applicable law
• Consent: Where you have provided explicit consent, which you may withdraw at any time

4. California Privacy Rights (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete personal information we have collected
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information
• The right to limit use of sensitive personal information
• The right to non-discrimination for exercising your privacy rights

AIFox AI does not sell personal information. To exercise your California privacy rights, contact us at security@aifoxai.com.

5. Information Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with:

• Service providers: Vendors who process data on our behalf under appropriate data processing agreements
• Business partners: Trusted integration partners with your consent where relevant
• Legal requirements: When required by law, court order, or government authority
• Business transfers: In connection with a merger, acquisition, or asset sale (with appropriate protections)
• With your consent: Any other sharing with your explicit authorization

6. Data Security

As a cybersecurity company, data security is foundational to everything we do. We implement comprehensive technical, organizational, and physical safeguards including AES-256 encryption at rest and in transit, multi-factor authentication, least-privilege access controls, continuous security monitoring, annual penetration testing, and SOC 2 Type II certified security operations.

Despite these measures, no system is completely secure. We encourage you to report suspected security issues to security@aifoxai.com.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Website visitor data is typically retained for 24 months. Customer contact data is retained for the duration of the business relationship plus three years. You may request deletion of your data at any time subject to legal retention obligations.

8. International Data Transfers

AIFox AI is headquartered in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States. We use appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission where required.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

10. Contact Us

For privacy inquiries, requests, or concerns, contact AIFox AI at:

• Email: security@aifoxai.com
• Address: 2100 Geng Rd, Suite 400, Palo Alto, CA 94303
• Phone: (650) 555-0129

We respond to verified requests within 45 days. For complex requests, we may require an extension of up to 90 days and will notify you if an extension is needed.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website with a new effective date. For significant changes, we may also provide direct notification by email. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

12. Data Subject Rights (International)

Depending on your location, you may have additional rights under applicable data protection laws. These rights may include:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact us at security@aifoxai.com with sufficient information to identify your account and the specific right you wish to exercise. We will respond within the timeframes required by applicable law.

13. Privacy by Design

As a cybersecurity company, privacy is not an afterthought but a foundational engineering principle. Our systems are designed with data minimization, purpose limitation, and technical safeguards built in from the start. We conduct Privacy Impact Assessments for new data processing activities and integrate privacy reviews into our software development lifecycle.

We apply the following privacy-by-design principles across all our systems: collect only minimum data necessary; implement automatic data deletion schedules; apply pseudonymization and anonymization where technically feasible; provide granular access controls so employees access only the data they need; and conduct regular privacy audits and vulnerability assessments on data handling systems.

14. Security Breach Notification

In the event of a data breach that affects your personal information, AIFox AI will notify you and applicable regulatory authorities as required by law. Our breach response procedures comply with California law, GDPR requirements where applicable, and other applicable data breach notification statutes. We aim to notify affected individuals within 72 hours of discovering a breach that is likely to result in high risk to your rights and freedoms, subject to law enforcement considerations.

15. Third-Party Links and Services

Our website may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to aifoxai.com and the AIFox AI platform. We are not responsible for the privacy practices of third-party websites and encourage you to review the privacy policies of any third-party services you access through our website or platform integrations.

16. Sensitive Personal Information

AIFox AI does not intentionally collect sensitive personal information such as government identifiers, financial account numbers, precise geolocation, racial or ethnic origin, health information, or biometric data through our website. If you inadvertently include such information in a contact form or communication, we will process it solely to respond to your inquiry and will not retain it beyond that purpose.

Enterprise customers who process sensitive personal information through the AIFox AI platform do so as data controllers. Such processing is governed by the applicable Data Processing Agreement and the customer's own privacy obligations under applicable law.

17. Automated Decision-Making

AIFox AI may use automated processes to analyze usage patterns and improve our services. For enterprise customers, our platform makes automated security decisions such as threat classification, risk scoring, and automated containment actions. These automated decisions are subject to human review and override capabilities as described in our product documentation and enterprise agreements. Customers retain the ability to configure the level of automation and human oversight applied in their deployment.