Privacy Policy
Effective Date: March 8, 2026 · Last Updated: March 8, 2026
Meridio LLC ("Company," "we," "us"), operating under the brand Fox AI, respects your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding that data. This policy applies to all Fox AI products and services, including the macOS application, iOS companion app, website (foxstack.ai), and related cloud services.
1. Data Controller
Meridio LLC is the data controller. Contact: privacy@foxstack.ai
2. What We Collect
2a. Data You Provide Directly
| Data | Purpose | Storage |
|---|---|---|
| Email address (via Google, Apple, or email sign-in) | Account creation, billing, support | Supabase (encrypted) |
| Name (if provided by OAuth) | Account profile | Supabase |
| Platform URLs you add | Browser allowlist, onboarding | Local (your Mac) only |
| Chat messages to Fox AI | Agent task execution | Local (your Mac) only |
2b. Data Collected Automatically
| Data | Purpose | Storage |
|---|---|---|
| Device ID (randomly generated UUID) | Device registration, usage tracking | Supabase |
| Task count and token usage | Billing, plan enforcement | Supabase |
| IP address (at time of API requests) | Security, abuse prevention, consent logging | Supabase (hashed/truncated) |
| User agent string | Diagnostics, consent logging | Supabase |
| Subscription events | Billing lifecycle | Supabase + Stripe |
| Consent records (timestamp, type, version) | Legal compliance | Supabase |
2c. Data Processed by Third-Party AI Providers
This is critical to understand: When Fox AI operates on your behalf, it captures screenshots and text content from web pages in its browser and sends them to AI model providers (currently OpenAI and/or Anthropic) for processing. This data may include:
- Visible page content (text, images, layout)
- Personal information displayed on those pages (names, emails, grades, etc.)
- Any sensitive or confidential information visible on screen
We do not control how AI providers process this data. Please review:
- OpenAI Privacy Policy: openai.com/privacy
- Anthropic Privacy Policy: anthropic.com/privacy
2d. Data We Do NOT Collect
- Platform credentials: Your login passwords are entered directly into the isolated browser on your Mac. They are never transmitted to our servers.
- Browser session data: Cookies, session tokens, and browsing history stay on your local machine.
- File contents: Documents you create or edit through Fox AI remain in your local browser session and/or your third-party accounts (e.g., Google Drive).
- Payment card numbers: Payment processing is handled entirely by Stripe. We never see or store your card details.
3. How We Use Your Data
- Provide and maintain the Service: Account management, billing, subscription enforcement, task execution.
- Billing and payments: Stripe processes payments; we store subscription status and usage metrics.
- Security and abuse prevention: Detect unauthorized use, prevent fraud.
- Legal compliance: Consent logging, responding to legal requests, enforcing our Terms.
- Service improvement: Aggregate, anonymized usage analytics to improve the product.
We do not use your data for advertising, sell your data to third parties, or use platform content for AI model training.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database | Email, device ID, usage data |
| Stripe | Payment processing | Email, subscription data, payment method (directly to Stripe) |
| OpenAI / Anthropic | AI model inference | Screenshots, page text, task instructions (sent from your Mac) |
| Vercel | Website and API hosting | IP address, request metadata |
| Apple / Google | OAuth authentication | Authentication tokens (processed by Supabase) |
5. Data Retention
- Account data: Retained while your account is active and for 30 days after deletion request.
- Usage/billing data: Retained for 7 years for tax and legal compliance.
- Consent logs: Retained indefinitely as legal records.
- Local data (your Mac): Deleted when you uninstall the App or clear its data directory (~/.foxai).
- AI provider data: Subject to each provider's retention policy (typically 30 days for API inputs; not used for training by default under business API terms).
6. Your Rights
All Users
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your account and associated data.
- Portability: Receive your data in a structured, machine-readable format.
EEA/UK Residents (GDPR)
If you are in the European Economic Area or United Kingdom, you additionally have the right to:
- Object to processing based on legitimate interest.
- Restrict processing in certain circumstances.
- Withdraw consent at any time (where processing is based on consent).
- Lodge a complaint with your local data protection authority.
Legal basis for processing: contract performance (providing the Service), legitimate interest (security, improvement), consent (marketing, if any), and legal obligation (tax, compliance).
California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and why.
- Request deletion of your personal information.
- Opt out of the sale or sharing of personal information. We do not sell your personal information.
- Non-discrimination for exercising your rights.
Exercising Your Rights
To exercise any of these rights, email privacy@foxstack.ai with your request. We will respond within 30 days (or 45 days with notice for complex requests).
7. Data Security
- Cloud data is encrypted in transit (TLS) and at rest.
- Local data on your Mac is stored in the App's data directory with standard macOS file permissions.
- Authentication tokens are stored using platform-standard secure storage (Keychain on iOS, file-based on Mac).
- We conduct regular security reviews of our cloud infrastructure.
No system is 100% secure. We cannot guarantee absolute security of your data. You use the Service at your own risk.
8. International Data Transfers
Our servers are located in the United States. If you are outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. For EEA/UK users, transfers are conducted under Standard Contractual Clauses where required.
9. Children's Privacy
The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately at privacy@foxstack.ai and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The "Last Updated" date at the top indicates the most recent revision. Continued use after changes constitutes acceptance.
11. Contact
For privacy inquiries, data requests, or complaints:
Meridio LLC
Email: privacy@foxstack.ai