Privacy Policy

1. Data Controller

Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA

Email: support@foxi.food

For the purposes of the FoxiFood platform, Elite Digital Services, LLC acts in the following data protection roles:

• Data controller — for personal data of restaurant partners (Users), and for FOXI ID account data (login credentials and authentication data) of end customers who create a FOXI ID account;
• Data processor — for personal data of end customers processed on behalf of the restaurant partner in connection with orders placed through the restaurant's ordering website (see our Data Processing Agreement for details).

Elite Digital Services, LLC is the sole operator of the FoxiFood platform and may engage authorized entities in various jurisdictions to perform specific technical tasks on its behalf.

Apart from operating the FOXI ID shared identity infrastructure (see Section 2.3), FoxiFood does not establish a direct commercial relationship with end customers. The platform provides the technical infrastructure required to operate restaurant ordering websites.

EU Representative (Article 27 GDPR)

In accordance with Article 27 of the GDPR, the following entity has been appointed as the EU representative of Elite Digital Services, LLC:

Euro business company Kft.
Rómer Flóris utca 8/B. 3. em., Budapest 1024, Hungary
Tax number: HU28959364

For full details on the EU representative and its role, see our GDPR page.

Privacy by Design and Records of Processing

We implement data protection by design and by default in accordance with Article 25 of GDPR. We maintain Records of Processing Activities as required by Article 30 of GDPR, documenting all categories of processing activities carried out on behalf of or as part of the FoxiFood platform. Where required by Article 35 of GDPR, we conduct Data Protection Impact Assessments before undertaking processing operations that are likely to result in a high risk to the rights and freedoms of natural persons.

2. What Data We Collect

2.1. Restaurant Partner (User) Data

When you register and use the FoxiFood platform, we collect:

• Business identification: business name, registration number, VAT ID, registered address;
• Contact information: name, email address, phone number;
• Account credentials: email and encrypted password;
• Billing information: payment method details, transaction history, invoices (card details are processed and stored exclusively by the payment processor);
• Service usage data: login history, feature usage, admin dashboard activity;
• Communication data: support requests, feedback, correspondence.

2.2. End Customer Data (Processed on Behalf of Restaurant Partners)

End customers interact directly with the restaurant partner's ordering website. FoxiFood provides only the technical infrastructure required to operate that website.

When end customers place orders through a restaurant's FoxiFood-powered website, we process the following data on behalf of the restaurant partner:

• Contact information: name, email address, phone number;
• Delivery address (when applicable);
• Order details: items ordered, order history, preferences;
• Payment transaction references (card details are handled exclusively by the payment processor).

2.3. FOXI ID (Shared Customer Identity Infrastructure)

The FoxiFood platform includes a shared customer identity system ('FOXI ID') that allows end customers to create a single account and use the same login credentials across all restaurant ordering websites on the platform. FOXI ID is a technical infrastructure component provided as part of the platform.

Elite Digital Services, LLC acts as the data controller for FOXI ID account data, which includes:

• Login credentials (email address and hashed password);
• Authentication session data;
• Contact information used for pre-filling order forms (name, phone number, delivery address).

Through FOXI ID, the end customer's contact data (name, email, phone number, delivery address) may be pre-filled when placing an order at any restaurant on the platform. Order data, order history, preferences, and payment information are NOT shared between restaurants. Each restaurant can only access data generated through its own ordering website.

The legal bases for processing FOXI ID data are:

• Contract performance (Article 6(1)(b) GDPR) — for maintaining the FOXI ID account and authenticating the end customer at the restaurant where they are placing an order;
• Legitimate interest (Article 6(1)(f) GDPR) — for pre-filling contact data across restaurants on the platform, where the legitimate interest is providing a seamless ordering experience and reducing friction for returning customers. This interest has been balanced against the end customer's rights — only basic contact data is shared, no order history or preferences are disclosed, and the end customer may request deletion of their FOXI ID account at any time.

The Provider does not use FOXI ID data for marketing, profiling, cross-restaurant analytics, or any purpose other than providing the platform infrastructure.

End customers may exercise their data subject rights regarding their FOXI ID account (access, rectification, erasure, portability, restriction, objection) by contacting: support@foxi.food. Deletion of a FOXI ID account removes the shared login across all restaurants on the platform. Order history at individual restaurants is retained or deleted in accordance with the respective restaurant partner's data retention policy.

2.4. Automatically Collected Data

We automatically collect certain technical data when you visit our websites:

• IP address and approximate geolocation;
• Browser type, version, and language settings;
• Device type and operating system;
• Pages visited, time spent, referring URLs;
• Cookie data (see our Cookie Policy for details).

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contract performance — processing necessary for the performance of the Agreement between us and the User (registration, account management, service provision, billing);
• Legitimate interest — processing necessary for our legitimate business interests (service improvement, security, fraud prevention, analytics), balanced against your rights;
• Legal obligation — processing required to comply with applicable laws (tax reporting, anti-money laundering, regulatory requirements);
• Consent — where required by law, we obtain your explicit consent (e.g., for analytics cookies, marketing communications). You may withdraw consent at any time.

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing and operating the FoxiFood platform and all its features;
• Account creation, authentication, and management;
• Processing payments and issuing invoices through our payment partners;
• Providing technical support and responding to your inquiries;
• Sending service notifications (maintenance, security alerts, Terms updates);
• Improving the Service based on usage patterns and feedback;
• Ensuring security, preventing fraud, and detecting unauthorized access;
• Complying with legal and regulatory obligations;
• Generating anonymized and aggregated statistics.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of recipients, to the extent necessary:

• Payment processor (currently Stripe) — payment processing (PCI DSS Level 1 certified);
• DigitalOcean — cloud hosting and infrastructure;
• Brevo — transactional email delivery;
• Google Analytics — website analytics (with your consent, anonymized);
• Legal and regulatory authorities — when required by law, court order, or government request;
• Professional advisors — lawyers, auditors bound by professional secrecy.

All third-party processors are contractually bound to process data only according to our instructions and to maintain appropriate security measures.

6. International Data Transfers

As Elite Digital Services, LLC is based in the United States, your data may be transferred to and processed in the USA. We ensure that appropriate safeguards are in place for such transfers in accordance with Chapter V of GDPR, including Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. For transfers to sub-processors, Module Two (controller-to-processor) or Module Three (processor-to-processor) SCCs are applied, as applicable. We conduct Transfer Impact Assessments for each sub-processor to evaluate the legal framework of the destination country. Copies of the signed SCCs are available upon request. Our hosting infrastructure (DigitalOcean) operates data centers within the EU for European users.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Account data: for the duration of the Agreement plus 30 days for data export;
• Billing and transaction data: for the period required by applicable tax and accounting laws (typically 5-10 years);
• Communication records: for 3 years after the last communication;
• Analytics data: retained for statistical purposes in anonymized form; identifiable data deleted after 26 months;
• End customer order data: as determined by the restaurant partner (data controller). The restaurant partner may configure data retention settings within the platform. FoxiFood processes and deletes end customer data strictly according to the instructions of the restaurant partner. Upon termination of the restaurant partner's Agreement, data is deleted within 30 days;
• FOXI ID account data: for as long as the end customer maintains an active FOXI ID account. Upon account deletion request, FOXI ID data is deleted within 30 days. Inactive FOXI ID accounts (no login activity for 36 months) are automatically scheduled for deletion with 30 days' prior notice to the end customer's registered email address.

The restaurant partner, as the data controller for order data of its end customers, remains solely responsible for compliance with all applicable legal, tax, and accounting data retention obligations in its jurisdiction. FOXI ID account data retention is managed by the Provider as described in Section 2.3.

After the expiration of retention periods, data is irreversibly deleted or anonymized.

8. Data Security

In accordance with Article 32 of GDPR and the principle of data protection by design and by default (Article 25 GDPR), we implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of all data in transit using TLS/SSL;
• Encrypted storage of sensitive data at rest;
• Password hashing using industry-standard algorithms;
• Access controls and role-based permissions;
• Regular security updates and vulnerability monitoring;
• Daily automated backups with 30-day retention;
• Payment card data handled exclusively by the PCI DSS Level 1 certified payment processor — we never store card numbers;
• Incident response procedures and breach notification protocols.

9. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the following rights:

• Right of access — request a copy of your personal data we hold;
• Right to rectification — request correction of inaccurate or incomplete data;
• Right to erasure — request deletion of your data ('right to be forgotten'), subject to legal retention obligations;
• Right to restriction — request restriction of processing in certain circumstances;
• Right to data portability — receive your data in a structured, machine-readable format;
• Right to object — object to processing based on legitimate interest;
• Right to withdraw consent — withdraw consent at any time where processing is based on consent;
• Right to lodge a complaint — file a complaint with a supervisory authority in your country of residence. Relevant supervisory authorities include: Úřad pro ochranu osobních údajů (ÚOOÚ) in the Czech Republic, Úrad na ochranu osobných údajov in Slovakia, and Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) in Hungary. See our GDPR page for full contact details of supervisory authorities.

To exercise any of these rights, contact us at: support@foxi.food. We will respond to your request within 30 days. You may also contact our EU representative (Euro business company Kft.) — see our GDPR page for details.

10. Cookies

We use essential cookies for site functionality and optional analytics cookies with your consent. For detailed information about the cookies we use and how to manage your preferences, see our separate Cookie Policy.

The FOXI ID shared customer identity infrastructure uses the following cookies:

• Session cookie on the .foxi.food domain — maintains the end customer's authenticated session at the restaurant where they are currently placing an order. Classified as strictly necessary for the ordering service to function (no consent required);
• Cross-restaurant authentication persistence — enables the end customer to remain logged in when visiting other restaurants on the platform. Classified as a functional cookie. On restaurant ordering websites, this cookie is presented through the cookie consent mechanism, and the end customer may decline it without affecting the ability to place orders (manual login will be required at each restaurant);
• SSO redirect for custom domains — for restaurants using their own custom domain, a short-lived redirect cookie facilitates authentication. Classified as strictly necessary for the login process on custom domains (no consent required).

FOXI ID does not use any third-party cookies, tracking cookies, or cross-domain tracking mechanisms. All FOXI ID cookies serve exclusively the technical purpose of authentication.

11. Children's Privacy

The FoxiFood Service is a B2B platform intended for businesses. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email or notification in the Service. The date of the last update is shown at the top of this document. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact

For privacy-related inquiries, data subject requests, or complaints, contact us at: support@foxi.food

Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA