Patakaran sa privacy
Huling na-update: July 2026
This Privacy Policy describes how Elite Digital Services, LLC ('we', 'us', 'the Provider') collects, uses, stores, and protects personal data in connection with the FoxiFood platform ('the Service'). We are committed to protecting your privacy and processing your data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.
1. Tagakontrol ng Data
Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA
Email: support@foxi.food
For the purposes of the FoxiFood platform, Elite Digital Services, LLC acts in the following data protection roles:
- Tagapangasiwa ng data — for personal data of restaurant partners (Users), and for FOXI ID account data (login credentials and authentication data) of end customers who create a FOXI ID account;
- Tagaproseso ng data — for personal data of end customers processed on behalf of the restaurant partner in connection with orders placed through the restaurant's ordering website (see our Data Processing Agreement for details).
Ang Elite Digital Services, LLC ay isang kumpanya ng Estados Unidos at nagpapatakbo ng FoxiFood platform sa buong mundo, eksklusibo sa mga domain na foxifood.com at foxi.food. Maaari itong makipag-ugnayan sa mga awtorisadong entity sa iba't ibang hurisdiksyon upang isagawa ang mga tiyak na teknikal na gawain sa ngalan nito. Ang ibang domain o local/national na bersyon ng platform ay maaaring pinapatakbo ng hiwalay na legal entity sa ilalim ng hiwalay na license agreement para sa paggamit ng FOXIFOOD trademark; ang mga entity na iyon ay kumikilos sa sarili nitong pangalan at sariling responsibilidad at nagpapanatili ng sarili nitong dokumentasyon sa privacy.
Apart from operating the FOXI ID shared identity infrastructure (see Section 2.3), FoxiFood does not establish a direct commercial relationship with end customers. The platform provides the technical infrastructure required to operate restaurant ordering websites.
Kinatawan sa EU (Artikulo 27 GDPR)
In accordance with Article 27 of the GDPR, the following entity has been appointed as the EU representative of Elite Digital Services, LLC:
Euro business company Kft.
Rómer Flóris utca 8/B. 3. em., Budapest 1024, Hungary
Numero ng buwis: HU28959364
For full details on the EU representative and its role, see our GDPR page.
Privacy by Design at mga Rekord ng Pagproseso
We implement data protection by design and by default in accordance with Article 25 of GDPR. We maintain Records of Processing Activities as required by Article 30 of GDPR, documenting all categories of processing activities carried out on behalf of or as part of the FoxiFood platform. Where required by Article 35 of GDPR, we conduct Data Protection Impact Assessments before undertaking processing operations that are likely to result in a high risk to the rights and freedoms of natural persons.
2. Anong Data ang Kinokolekta Namin
2.1. Data ng Restaurant Partner (User)
Kapag nagparehistro ka at gumamit ng FoxiFood platform, kinokolekta namin ang:
- Business identification: business name, registration number, VAT ID, registered address;
- Impormasyon sa pakikipag-ugnayan: pangalan, email address, numero ng telepono;
- Mga kredensyal ng account: email at naka-encrypt na password;
- Billing information: payment method details, transaction history, invoices (card details are processed and stored exclusively by the payment processor);
- Service usage data: login history, feature usage, admin dashboard activity;
- Data ng komunikasyon: mga support request, feedback, sulat.
2.2. Data ng End Customer (Pinoproseso sa Ngalan ng Restaurant Partners)
End customers interact directly with the restaurant partner's ordering website. FoxiFood provides only the technical infrastructure required to operate that website.
When end customers place orders through a restaurant's FoxiFood-powered website, we process the following data on behalf of the restaurant partner:
- Impormasyon sa pakikipag-ugnayan: pangalan, email address, numero ng telepono;
- Delivery address (kung naaangkop);
- Mga detalye ng order: mga item na inorder, order history, mga kagustuhan;
- Payment transaction references (card details are handled exclusively by the payment processor).
2.3. FOXI ID (Shared Customer Identity Infrastructure)
The FoxiFood platform includes a shared customer identity system ('FOXI ID') that allows end customers to create a single account and use the same login credentials across all restaurant ordering websites on the platform. FOXI ID is a technical infrastructure component provided as part of the platform.
Elite Digital Services, LLC acts as the data controller for FOXI ID account data, which includes:
- Mga kredensyal sa pag-login (email address at naka-hash na password);
- Data ng authentication session;
- Contact information used for pre-filling order forms (name, phone number, delivery address).
Through FOXI ID, the end customer's contact data (name, email, phone number, delivery address) may be pre-filled when placing an order at any restaurant on the platform. Order data, order history, preferences, and payment information are NOT shared between restaurants. Each restaurant can only access data generated through its own ordering website.
Ang mga legal na batayan para sa pagproseso ng FOXI ID data ay:
- Pagtupad ng kontrata (Artikulo 6(1)(b) GDPR) — for maintaining the FOXI ID account and authenticating the end customer at the restaurant where they are placing an order;
- Lehitimong interes (Artikulo 6(1)(f) GDPR) — for pre-filling contact data across restaurants on the platform, where the legitimate interest is providing a seamless ordering experience and reducing friction for returning customers. This interest has been balanced against the end customer's rights — only basic contact data is shared, no order history or preferences are disclosed, and the end customer may request deletion of their FOXI ID account at any time.
The Provider does not use FOXI ID data for marketing, profiling, cross-restaurant analytics, or any purpose other than providing the platform infrastructure.
End customers may exercise their data subject rights regarding their FOXI ID account (access, rectification, erasure, portability, restriction, objection) by contacting: support@foxi.food. Deletion of a FOXI ID account removes the shared login across all restaurants on the platform. Order history at individual restaurants is retained or deleted in accordance with the respective restaurant partner's data retention policy.
2.4. Awtomatikong Nakolektang Data
We automatically collect certain technical data when you visit our websites:
- IP address at tinatayang geolocation;
- Uri ng browser, bersyon, at mga setting ng wika;
- Uri ng device at operating system;
- Mga binisitang pahina, oras na ginugol, referring URLs;
- Data ng cookie (tingnan ang aming Patakaran sa Cookie para sa mga detalye).
3. Legal na Batayan para sa Pagproseso
Pinoproseso namin ang personal data batay sa sumusunod na legal grounds (gaya ng tinukoy sa GDPR at makikita sa katumbas na konsepto sa ilalim ng ibang naaangkop na batas sa proteksyon ng data):
- Pagganap ng kontrata — processing necessary for the performance of the Agreement between us and the User (registration, account management, service provision, billing);
- Lehitimong interes — processing necessary for our legitimate business interests (service improvement, security, fraud prevention, analytics), balanced against your rights;
- Legal na obligasyon — processing required to comply with applicable laws (tax reporting, anti-money laundering, regulatory requirements);
- Pahintulot — where required by law, we obtain your explicit consent (e.g., for analytics cookies, marketing communications). You may withdraw consent at any time.
4. Paano Namin Ginagamit ang Iyong Data
Ginagamit namin ang iyong personal na data para sa mga sumusunod na layunin:
- Pagbibigay at pagpapatakbo ng FoxiFood platform at lahat ng mga feature nito;
- Paggawa ng account, authentication, at pamamahala;
- Pagproseso ng mga bayad at pag-isyu ng mga invoice sa pamamagitan ng aming payment partners;
- Pagbibigay ng technical support at pagtugon sa iyong mga katanungan;
- Sending service notifications (maintenance, security alerts, Terms updates);
- Pagpapabuti ng Serbisyo batay sa mga pattern ng paggamit at feedback;
- Pagtiyak ng seguridad, pag-iwas sa panloloko, at pag-detect ng unauthorized access;
- Pagsunod sa mga legal at regulatoryong obligasyon;
- Paglikha ng anonymized at pinagsama-samang estadistika.
5. Pagbabahagi ng Data at mga Third Party
We do not sell your personal data. We share data only with the following categories of recipients, to the extent necessary:
- Payment processor (kasalukuyang Stripe) — pagproseso ng bayad (PCI DSS Level 1 certified);
- DigitalOcean — cloud hosting at infrastructure;
- Brevo — pagpapadala ng transactional email;
- Google Analytics — website analytics (may pahintulot mo, anonymized);
- Legal and regulatory authorities — when required by law, court order, or government request;
- Professional advisors — lawyers, auditors bound by professional secrecy.
All third-party processors are contractually bound to process data only according to our instructions and to maintain appropriate security measures.
6. Internasyonal na Paglipat ng Data
Ang Elite Digital Services, LLC ay nakabase sa Estados Unidos at naglilingkod sa mga customer sa buong mundo; ang iyong data ay maaaring i-transfer at iproseso sa USA at sa ibang bansa kung saan nagpapatakbo ang aming mga sub-processor. Kung saan kinakailangan ng naaangkop na batas sa proteksyon ng data, tinitiyak namin na may naaangkop na safeguard para sa ganitong mga paglilipat. Para sa data na sakop ng GDPR, ang mga paglilipat ay ginagawa alinsunod sa Chapter V ng GDPR, kabilang ang Standard Contractual Clauses (SCC) na inaprubahan ng European Commission alinsunod sa Implementing Decision (EU) 2021/914 noong 4 Hunyo 2021 — para sa mga paglilipat sa mga sub-processor, inilalapat ang Module Two (controller-to-processor) o Module Three (processor-to-processor) SCC, kung naaangkop, at nagsasagawa kami ng Transfer Impact Assessment para sa bawat sub-processor upang suriin ang legal framework ng destination country; available ang mga kopya ng nilagdaang SCC kapag hiniling. Para sa data na sakop ng ibang data protection regime, umaasa kami sa mga transfer mechanism na kinikilala ng naaangkop na batas. Ang aming hosting infrastructure (DigitalOcean) ay nagpapatakbo ng data center sa iba't ibang rehiyon, kabilang ang mga data center sa loob ng EU para sa mga European user.
7. Pagpapanatili ng Data
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Account data: for the duration of the Agreement plus 30 days for data export;
- Billing and transaction data: for the period required by applicable tax and accounting laws (typically 5-10 years);
- Mga rekord ng komunikasyon: sa loob ng 3 taon pagkatapos ng huling komunikasyon;
- Analytics data: retained for statistical purposes in anonymized form; identifiable data deleted after 26 months;
- End customer order data: as determined by the restaurant partner (data controller). The restaurant partner may configure data retention settings within the platform. FoxiFood processes and deletes end customer data strictly according to the instructions of the restaurant partner. Upon termination of the restaurant partner's Agreement, data is deleted within 30 days;
- FOXI ID account data: for as long as the end customer maintains an active FOXI ID account. Upon account deletion request, FOXI ID data is deleted within 30 days. Inactive FOXI ID accounts (no login activity for 36 months) are automatically scheduled for deletion with 30 days' prior notice to the end customer's registered email address.
The restaurant partner, as the data controller for order data of its end customers, remains solely responsible for compliance with all applicable legal, tax, and accounting data retention obligations in its jurisdiction. FOXI ID account data retention is managed by the Provider as described in Section 2.3.
After the expiration of retention periods, data is irreversibly deleted or anonymized.
8. Seguridad ng Data
In accordance with Article 32 of GDPR and the principle of data protection by design and by default (Article 25 GDPR), we implement appropriate technical and organizational measures to protect personal data, including:
- Pag-encrypt ng lahat ng data habang nasa transit gamit ang TLS/SSL;
- Naka-encrypt na pag-iimbak ng sensitibong data habang naka-imbak;
- Password hashing gamit ang industry-standard algorithms;
- Access controls at role-based permissions;
- Regular na mga security update at vulnerability monitoring;
- Araw-araw na automated backup na may 30-araw na retention;
- Payment card data handled exclusively by the PCI DSS Level 1 certified payment processor — we never store card numbers;
- Mga proseso ng incident response at breach notification protocol.
9. Ang Iyong mga Karapatan sa Privacy
Depende sa kung saan ka nakatira, maaaring mayroon kang ilan o lahat ng sumusunod na karapatan sa ilalim ng mga batas sa proteksyon ng data na naaangkop sa iyo — kabilang ang GDPR (EEA/UK), mga batas sa privacy ng estado sa US tulad ng California Consumer Privacy Act (CCPA/CPRA), LGPD ng Brazil, at katumbas na mga batas sa ibang bansa:
- Karapatan sa access — humiling ng kopya ng iyong personal data na hawak namin;
- Karapatan sa pagwawasto — humiling ng pagwawasto ng hindi tama o hindi kumpletong data;
- Karapatan sa pagbura — request deletion of your data ('right to be forgotten'), subject to legal retention obligations;
- Karapatan sa paghihigpit — humiling ng paghihigpit sa pagproseso sa ilang mga pangyayari;
- Karapatan sa data portability — matanggap ng iyong data sa structured, machine-readable na format;
- Karapatan sa pagtutol — tumutol sa pagproseso batay sa legitimate interest;
- Karapatan na bawiin ang pahintulot — bawiin ang pahintulot anumang oras kung saan ang pagproseso ay batay sa pahintulot;
- Karapatan na maghain ng reklamo — maghain ng reklamo sa data protection supervisory authority sa bansang tinitirhan mo. Para sa mga bansang EU/EEA, tingnan ang aming GDPR page para sa contact details ng mga supervisory authority; para sa ibang bansa, ang competent authority ay maaaring nakalista sa naaangkop na Country-Specific Terms.
Para magamit ang alinman sa mga karapatang ito, makipag-ugnayan sa amin sa: support@foxi.food. We will respond to your request within 30 days. You may also contact our EU representative (Euro business company Kft.) — see our GDPR page for details.
10. Cookies
We use essential cookies for site functionality and optional analytics cookies with your consent. For detailed information about the cookies we use and how to manage your preferences, see our separate Cookie Policy.
The FOXI ID shared customer identity infrastructure uses the following cookies:
- Session cookie sa .foxi.food domain — maintains the end customer's authenticated session at the restaurant where they are currently placing an order. Classified as strictly necessary for the ordering service to function (no consent required);
- Cross-restaurant authentication persistence — enables the end customer to remain logged in when visiting other restaurants on the platform. Classified as a functional cookie. On restaurant ordering websites, this cookie is presented through the cookie consent mechanism, and the end customer may decline it without affecting the ability to place orders (manual login will be required at each restaurant);
- SSO redirect para sa custom domains — for restaurants using their own custom domain, a short-lived redirect cookie facilitates authentication. Classified as strictly necessary for the login process on custom domains (no consent required).
FOXI ID does not use any third-party cookies, tracking cookies, or cross-domain tracking mechanisms. All FOXI ID cookies serve exclusively the technical purpose of authentication.
11. Privacy ng mga Bata
The FoxiFood Service is a B2B platform intended for businesses. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected data from a child, we will delete it promptly.
12. Mga Pagbabago sa Privacy Policy na ito
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email or notification in the Service. The date of the last update is shown at the top of this document. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
13. Makipag-ugnayan
For privacy-related inquiries, data subject requests, or complaints, contact us at: support@foxi.food
Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA