Skip to content Skip to footer
MarTech
Let's Talk
MarTech

Security & Policies

Close
1. How We Protect Your Data

Security Principles

  • Confidentiality – Only authorized parties can access user data.
  • Integrity – Data cannot be altered without authorization.
  • Availability – Platform is reliable and recoverable.
  • Accountability – All access and changes are logged and traceable.
  • Privacy by Design – Privacy integrated into every development stage.
  • Zero-Trust – Continuous verification of identities and devices.

Infrastructure Security

  • Hosted on AWS Cloud with IAM-based access control.
  • Environment separation: development, staging, production.
  • Network isolation with VPCs and security groups.
  • Admin access: IAM roles + MFA.
  • Planned: migration to microservices via AWS Lambda and API Gateway.

Data Protection

  • In transit: HTTPS/TLS 1.2+ with HSTS and CORS.
  • At rest: AWS RDS (AES-256) and S3 SSE-KMS (planned rollout).
  • Secrets: AWS Secrets Manager.
  • Access controls: RBAC, least-privilege enforced.

Data Retention & Deletion

  • Account, payment metadata, and analytics are retained for one (1) year.
  • Deletion requests are manually validated and processed; automation for GDPR Right to Erasure is on the roadmap.

Application Security

  • Sign-in via Google (Gmail), Apple, and verified email with OTP.
  • JWT + refresh tokens for sessions (rotation on roadmap).
  • Rate limiting and API Gateway protections planned.
  • Payments: tokenized via Stripe; no card data stored by Fox Scope.
  • Mobile hardening (post-launch): code obfuscation, certificate pinning, tamper detection.

Monitoring & Incident Management

  • Sentry for app monitoring; AWS CloudWatch/CloudTrail for infra (planned).
  • Email alerts notify the CTO on suspicious activity/failed transactions.
  • SIEM (AWS Security Hub or Datadog) post-launch.

Incident Response Steps

  1. Detection – Alert received.
  2. Assessment – Scope severity and affected systems.
  3. Containment – Restrict access/isolate systems.
  4. Notification – Inform affected users and regulators within 72 hours if required by GDPR/PDPL.
  5. Remediation – Patch, recover, and conduct a post-incident review.

Backup & Disaster Recovery

  • Automated RDS snapshots and incremental backups (encrypted).
  • Cross-region S3 backup (planned).
  • RTO: 4 hours · RPO: 1 hour.

Privacy by Design & Data Minimization

  • We collect only essential data.
  • Analytics are linked to Scope IDs, not directly to personal data.
  • Privacy & security reviews are integrated into development and UAT.

Vendor & Third-Party Management

  • Vendors are vetted for security credibility and certifications.
  • Core partners: AWS (hosting), Stripe (payments), Google Maps (location).
  • Vendor Risk Assessment framework will evaluate data handling, certifications, and breach history.

Compliance & Certifications

  • Aligns with GDPR (EU), CCPA (California), UAE PDPL.
  • Roadmap toward ISO 27001 and SOC 2 Type II.

Continuous Improvement

  • Annual penetration testing before/after major releases.
  • Regular patching, dependency management, and access reviews.
  • Security training for all employees twice per year.

Security Roadmap

  • Phase 1 (Pre-Launch): S3 migration, TLS verification, IAM hardening, Sentry alerts.
  • Phase 2 (Post-Launch): Microservices, API Gateway, SIEM setup, refresh-token rotation.
  • Phase 3 (Maturity): ISO 27001 audit prep, automated retention, Zero-Trust rollout.

User-Facing Summary

We use encryption, tokenized payments, and strict access control to protect your data. Your location data is never shared without your control, and you can request deletion at any time. We continuously monitor and improve to stay compliant with global standards.

2. Privacy Policy
  • What we collect: account details you provide; device/usage data we collect automatically; optional precise/approximate location (you control permissions); and info from third-party sign-in providers.
  • Why: to provide and improve the service, personalize discovery, secure the platform, and meet legal obligations.
  • Legal bases (GDPR): contract, legitimate interests, consent (e.g., marketing cookies, certain location uses, child data), and legal obligations.
  • Sharing: service providers/sub-processors (hosting, analytics, payments, moderation), other users per your privacy settings, legal authorities when required. We do not sell personal data.

  • International transfers: safeguarded (e.g., SCCs).
  • Retention: as needed for service/legal requirements; deletion/anonymization upon account deletion except where law allows/obliges retention.
  • Your rights: access, rectify, erase, restrict/opt-out, portability, withdraw consent, and complain to a regulator.
  • Children: not directed to under-13; parental consent verified where required (up to 16 in some regions).
  • Breach notices: within 72 hours for serious EU/UK incidents; globally within legal timeframes.

Privacy requests: privacy@foxscope.com

3. Cookie Policy

Types of Cookies

  • Essential (Legitimate Interests): authentication (keep you logged in), security (fraud/abuse prevention), load balancing.
  • Analytics (Legitimate Interests, opt-out): Google Analytics + internal analytics for usage/performance.
  • Functional (Legitimate Interests, opt-out): language, location, UI preferences.
  • Marketing (Consent): ad networks, social pixels, conversion tracking.

Control Cookies

  • Manage via our cookie banner or your browser settings (Chrome, Firefox, Safari, Edge).
  • We honor Global Privacy Control (GPC) signals.
  • Mobile app may use device identifiers, local storage, and SDK analytics—control via device settings.

Third-Party Cookies

  • Examples include Google Analytics and Stripe (see their policies for details).

Cookie questions: privacy@foxscope.com

4. Terms & Conditions
  • Who we are: Fox Scope FZ-LLC, Dubai, UAE.
  • Using Fox Scope: you agree to these Terms; if you don’t, please don’t use the platform.
  • Changes: we may update features/terms; we aim to notify you 1 month in advance if a change materially impacts you.
  • Accounts: accurate info; no bots/bulk accounts; keep your credentials secure.
  • Age: designed for 18+ (younger only where permitted with verified parental consent).
  • Scopes: must be tied to a real location; content must be lawful and respect IP/privacy.
  • Plans & Payments: Free Scopes or annual Prime upgrades; renew automatically unless canceled; app-store purchases follow Apple/Google terms; refunds only where required or within our stated grace window.
  • Marketplace (Prime Names): buy/sell unique Prime Scope names; content/data do not transfer; fees apply; IP warranties required; disputes handled via internal process and, if needed, binding arbitration.
  • Prohibited use: illegal activity, harassment, impersonation, scraping, malware, spoofing location, IP violations.
  • IP & License: you own your content; you give us a license to host/operate it and to use it in platform marketing as described in the full Terms.
  • Liability & Disclaimers: platform is provided “as is”; standard limitations apply as allowed by law.
  • App Terms: store rules apply; delete the app when you stop using it.
  • Open Source: components governed by their own licenses.
  • Force Majeure, Notices, Localization, Governing Law (Dubai, UAE), Dispute Resolution (arbitration where permitted).

For the full legal text, see Terms & Conditions in our Legal center.

5. Community Standards

We prohibit: illegal activity; violence/terrorism; self-harm encouragement; harassment and bullying; hate speech; sexually explicit content; spam/deception; IP violations; privacy violations (including doxxing); child endangerment; and harmful misinformation.
Enforcement may include content removal, feature limits, suspension, marketplace restrictions, or account termination. Appeals are reviewed by senior moderators (target: within 14 business days).

Report violations in-app or via support@foxscope.com.

6. Reporting, Safety & Suspicious Activity
  • Use the Report button on any Scope or profile, or email support@foxscope.com.
  • If you suspect account compromise or see suspicious activity, email security@foxscope.com.
  • We review reports and target a response within 72 hours.
7. Data Processing Agreement (DPA)

When you collect personal data from your Scope visitors, Fox Scope acts as processor and you are the controller.
We process data on documented instructions, apply appropriate security, help with data-subject requests, notify you of breaches without undue delay (aim: within 72h), and delete/return data at end of service (subject to retention rules).
We use vetted sub-processors (e.g., AWS, Stripe, Google) and maintain transfer safeguards (e.g., SCCs).
Audit rights are available on reasonable notice. See the full DPA in our Legal center.

8. Contact & Security Reporting
  • Security & Incidents: security@foxscope.com (reviewed by the CTO; responses within 72 hours).
  • Privacy & Data Requests: privacy@foxscope.com.
  • Legal & Terms: legal@foxscope.com.
  • Support: support@foxscope.com.
  • Address: Fox Scope FZ-LLC, Dubai, United Arab Emirates.
+1 840 841 25 69
info@email.com