Foxden

Privacy Policy

Draft — pending review by legal counsel before public launch.

Last updated: [DATE TO BE FILLED ON PUBLICATION]

1. Who we are

Foxden ("Foxden", "we", "us", "our") is a virtual private network (VPN) service operated by [LEGAL COMPANY NAME], a company registered in the Meydan Free Zone, Dubai, United Arab Emirates, with company registration number [NUMBER TO BE FILLED].

You can contact us at: privacy@foxdenvpn.com

This Privacy Policy describes how we handle information when you use our Android application and related services. We have written it to be as clear as we can. If anything is unclear, please contact us.

2. The short version

Foxden is built on a principle: the less we know about you, the less anyone can ever learn about you from us. We have designed our service so that we collect as little information as possible, and so that the small amount we do collect cannot identify you as a person.

Specifically:

  • We do not ask for your name, email address, phone number, or any other personal identifier when you sign up.
  • We do not log your VPN connection activity. We do not record what websites you visit, what you download, or what you do online.
  • Your account is identified by a randomly generated account number that you control.
  • The keys that secure your VPN connection are generated on your device and never leave it.
  • We do not store payment-method information. Foxden uses one-off purchases with no auto-renewal, so there is no stored payment instrument tied to your account.
  • We retain a small amount of metadata required to operate the service and prevent abuse. We delete it as soon as it is no longer needed.

The rest of this document describes the details.

3. Information we do not collect

To make this clear, here is what Foxden does not collect, store, or process:

  • Your name, email address, phone number, postal address, or government identifiers.
  • The websites you visit while connected to Foxden.
  • The contents of any data transmitted through Foxden.
  • The full text of DNS queries you make. Our VPN servers run a local DNS resolver (AdGuard Home) to answer your queries inside the tunnel. By design it does not persist a per-user query log to disk; the only DNS state we retain is the aggregate counters described in section 4.4 and your own ad/threat-blocking on/off settings.
  • Records of when you connected to Foxden, from where, or for how long.
  • The IP addresses you originate from while connected to Foxden.
  • Your real-world location, beyond what is briefly necessary to route your traffic.
  • Browsing history, search queries, or behavioral data.
  • Records linking your account to any external identifier.
  • Payment-method details. Foxden uses one-off purchases processed by third-party payment providers with no auto-renewal; we never receive or store credit card numbers, billing addresses, or any other payment instrument data.

Our VPN servers operate in RAM-only mode. They do not write activity logs to persistent storage. Connection data does not survive a server reboot. This applies equally to both our supported transports — direct WireGuard and Shadowsocks-wrapped WireGuard. The Shadowsocks layer is a transport wrapper only; it does not introduce any new data about you that we store or process.

4. Information we do collect

We collect the following limited information, and only for the purposes described below.

4.1 Account information

When you create a Foxden account, we generate a random account number. We store a cryptographic hash of this number, not the number itself. We do not know what your account number is — only you do. If you lose it, we cannot recover it for you.

We store, associated with your hashed account number:

  • Whether your account currently has paid time available, and the date your paid time expires. Foxden uses a one-off time-credit billing model: each purchase adds a fixed number of days to your account; there is no recurring subscription and no auto-renewal.
  • The public keys of the devices on which you have installed Foxden, and the internal tunnel IP address assigned to each device. We do not have, and have never had, the corresponding private keys; those exist only on your devices.
  • Your ad-blocking and threat-blocking preferences (on/off for each).
  • An optional, user-set name for each device (defaulting to an auto-generated pair like "Cosy Otter") so you can recognise your devices in the device-management screen.

4.2 Purchase information

When you purchase paid time, the payment is processed by a third-party payment provider, not by us. Within the Android app, purchases are processed by Google Play. On our website, we may also offer payment by card (processed by Stripe), PayPal, and cryptocurrency (processed by a payment processor on our behalf). In every case we receive only a token or reference that allows us to verify that a payment was made and credit the corresponding time to your account. We do not receive or store your name, email address, payment card number, or billing address from these providers. Where a provider necessarily exposes some identifier to complete a payment (for example, a PayPal account email, or card details handled entirely by Stripe), that information stays with the provider; we hold only the verification token described below.

We store the purchase token associated with your account for up to 10 days after the purchase. This covers the 7-day money-back guarantee window disclosed in the app at the point of purchase, plus a short buffer so that a refund requested near the end of that window can still be processed. During this period we can confirm the purchase, credit the corresponding time to your account, and process refunds (see Section 9). After this period, an automated process deletes the purchase token and any record linking it to your account. From that point on, no information in our records connects your Foxden account to a specific purchase.

If you delete your account, any purchase tokens still within this retention window are deleted with it.

Each purchase is a one-time charge. There is no recurring billing relationship and no payment instrument stored against your account.

4.3 Crash reporting

We use Sentry, a self-hosted or third-party crash reporting service, to receive reports when the Foxden app crashes on your device. We have configured Sentry to:

  • Not collect IP addresses.
  • Not collect personal identifiers.
  • Collect only the technical information needed to diagnose the crash (such as the app version, Android version, device model, and the stack trace of the error).

We use this information solely to fix bugs. We do not use it to identify users or track usage patterns.

4.4 Operational metrics

Our VPN servers report aggregate, non-identifying metrics to our control plane, such as total bandwidth used, number of active connections, and server load. These metrics are not associated with any individual user. We use them to monitor service health and plan capacity.

4.5 Connection-state metadata

To make the app's "currently connected" display work reliably across phone restarts and to support the boot-reconnect feature (Android's Always-on VPN), we retain a small amount of state for each device: the public key, the assigned internal tunnel IP, and the timestamp of the most recent handshake observed by the VPN server. We do not retain a history of past connections — only the most recent state. This metadata is deleted when the device is removed from your account or when the account is deleted.

5. How we use your information

We use the limited information we collect only for the following purposes:

  • To operate the Foxden service (provision your device on the VPN servers, route your traffic).
  • To verify that your account has paid time available, since a Foxden connection requires it.
  • To apply your ad-blocking and threat-blocking preferences to the local DNS resolver on each VPN server you connect to.
  • To diagnose and fix technical issues, when you experience a crash.
  • To comply with valid legal obligations, as described in Section 9.

We do not use your information for advertising. We do not sell, rent, or otherwise share your information with third parties for marketing purposes. We do not build behavioral profiles of users.

6. Third parties

The following third-party services are involved in providing Foxden. We disclose them so you know who is processing what.

6.1 Payment providers

Your payment is processed by a third-party payment provider, depending on how you pay:

  • Google Play — for in-app purchases on Android. Governed by Google's privacy policy at policies.google.com/privacy.
  • Stripe — for card payments on our website. Governed by Stripe's privacy policy at stripe.com/privacy.
  • PayPal — for PayPal payments on our website. Governed by PayPal's privacy policy.
  • A cryptocurrency payment processor — for Bitcoin and Monero payments on our website.

In each case we receive only a token or reference confirming the payment, as described in Section 4.2. The provider's handling of your payment information is governed by their own privacy policy.

6.2 Hosting providers

Our VPN servers are operated on infrastructure rented from third-party hosting providers (which may include providers such as Hetzner, M247, and others, depending on the location). These providers may, in the operation of their networks, see metadata about traffic flowing through our servers (source and destination IP addresses, packet sizes, timestamps), but they do not have access to the contents of your traffic, which is encrypted end-to-end with WireGuard. We choose providers based on their privacy practices and willingness to host privacy-respecting services.

Our control plane (the backend service that manages accounts and assigns servers) is hosted separately from our VPN servers, on infrastructure rented from [PROVIDER TO BE SPECIFIED].

6.3 Crash reporting

We use Sentry for crash reporting, configured as described in Section 4.3.

6.4 No other third parties

We do not use any advertising networks, behavioral analytics platforms, customer data platforms, or marketing automation tools. We do not embed Google Analytics, Firebase Analytics, Mixpanel, Amplitude, Facebook Pixel, or similar tracking tools in our app or on our website.

7. Data security

We protect the information we hold in the following ways:

  • Account numbers are stored as cryptographic hashes (HMAC-SHA256 with a server-side pepper), not in plaintext.
  • All communication between your device and our servers is encrypted using current cryptographic standards (HTTPS for control plane traffic, WireGuard for VPN traffic).
  • Our VPN servers operate in RAM-only mode and do not persist activity to disk.
  • Our control plane and VPN servers are operationally separate. Our VPN servers do not have access to your account information.
  • Access to our infrastructure is restricted to authorized personnel and protected by multi-factor authentication.

No system is perfectly secure. If we discover a breach that may affect you, we will notify you and the relevant authorities as required by applicable law.

8. Data retention

We retain information only as long as necessary:

  • Account data: Retained for as long as your account exists. If you have not used your account for 12 consecutive months, we may delete it.
  • Purchase data: The link between a purchase and a Foxden account is retained for up to 10 days from the date of purchase — the 7-day money-back guarantee window plus a short buffer to process refunds requested near the deadline. After this period, an automated process deletes the purchase token and any record linking it to a specific account. Aggregate purchase records required for tax and accounting purposes (totals by package and date, without per-account linkage) may be retained for the minimum period required by applicable law.
  • Connection-state metadata (most recent handshake timestamp + assigned tunnel IP per device, per section 4.5): Retained as long as the device remains on your account. Replaced, not appended to, on each new handshake.
  • Crash reports: Retained for up to 90 days, then deleted.
  • Operational metrics (aggregate, non-identifying): Retained indefinitely in aggregate form for capacity planning.

If you delete your account, we delete the data associated with it within 30 days, except where we are legally required to retain certain records (for example, tax records of paid subscriptions).

9. Legal requests

We are a UAE-registered company and are subject to UAE law. We may also receive requests from foreign authorities through Mutual Legal Assistance Treaty (MLAT) channels processed via UAE authorities.

Our policy on legal requests:

  • We respond only to valid legal process — typically a UAE court order or a properly executed MLAT request. We do not respond to informal requests, foreign police communications without UAE legal backing, or requests lacking proper legal authority.
  • We provide only the information we actually have. Because of how Foxden is designed, the information we can provide is limited to: account number existence, paid-time status (whether time is currently available and the expiry date), purchase tokens for purchases made in the last 10 days (older purchases have no link to the account in our records), the public keys and assigned internal tunnel IPs of the devices on the account, and the most recent handshake timestamp recorded for each device.
  • We cannot provide what we do not have. We do not have records of your VPN connection activity, the websites you visited, the contents of your traffic, your real IP address, your name, your email, your payment card information, or your real-world identity.
  • We push back on requests we believe to be overbroad, improper, or that exceed what is legally required.

We will publish a quarterly transparency report describing the legal requests we have received and how we have responded. The report will be available at foxdenvpn.com/transparency.

We maintain a warrant canary at foxdenvpn.com/canary, updated monthly, indicating whether we have received any of the categories of secret legal process that, if we had received them, we might be prevented from disclosing.

10. International data transfers

Foxden operates internationally. The information we hold is processed in the United Arab Emirates (where our company is registered), in the locations of our VPN servers (which include the United States, the European Union, the United Kingdom, and other countries), and in the location of our control plane infrastructure.

If you are in the European Union, the United Kingdom, or another jurisdiction with data export restrictions, your information may be transferred outside that jurisdiction. We rely on appropriate safeguards for such transfers, including the principles set out in this Privacy Policy and contractual protections with our service providers where applicable.

11. Your rights

Depending on where you live, you may have legal rights regarding your personal information. These may include:

  • The right to know what information we hold about you.
  • The right to receive a copy of that information.
  • The right to correct inaccurate information.
  • The right to request deletion of your information.
  • The right to object to or restrict certain processing.
  • The right to lodge a complaint with a data protection authority.

To exercise any of these rights, contact us at privacy@foxdenvpn.com. Because we do not collect personal identifiers at signup, we will need to verify your identity through your account number to act on a request relating to a specific account.

We respond to verified requests within 30 days.

12. Children

Foxden is not directed at children under the age of 16. We do not knowingly collect information from children under 16. If you believe a child has signed up for Foxden, please contact us and we will delete the account.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify users through the Foxden app or by posting a notice on our website at least 30 days before the change takes effect.

We will maintain previous versions of this policy at foxdenvpn.com/privacy/history so you can see what has changed.

14. Contact

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@foxdenvpn.com Postal: [LEGAL COMPANY NAME], [MEYDAN FREE ZONE ADDRESS], Dubai, United Arab Emirates

For general support, contact support@foxdenvpn.com.

Appendix A: A note on what "no logs" means

Many VPNs claim to keep "no logs". The phrase is often used loosely. We want to be precise about what we mean.

When Foxden says we do not log your activity, we mean specifically:

  1. Our VPN servers do not write any record of your connections, the duration of your connections, the source IP addresses you connect from, the destination addresses you connect to, the full text of the DNS queries you make, or the contents of any traffic, to persistent storage. The servers run in RAM-only mode, and any state they hold transiently is lost when the server is rebooted or restarted. This applies equally whether you are connected over direct WireGuard or over our Shadowsocks-wrapped fallback transport; the Shadowsocks layer is an encryption wrapper for circumvention purposes and does not add any new state we retain.

  2. Our control plane records that an account exists, its paid-time status, the device public keys and assigned tunnel IPs associated with the account, your ad/threat-blocking preferences, the timestamp of the most recent successful WireGuard handshake observed by the VPN servers for each device, and — for up to 10 days after each purchase — the purchase token associated with that purchase. After this period, an automated process deletes the purchase-token link, so there is no record in our control plane connecting your account to a specific purchase. It does not record connection events, traffic destinations, or activity within the VPN tunnel.

What this means in practice: if compelled by valid legal process to disclose information about a Foxden user, we can disclose only the limited account metadata described above. We cannot disclose what websites the user visited, what they downloaded, what they communicated, how long they were connected, where they were physically located, or the full text of any DNS queries they made, because we do not have that information.

We invite independent auditors to verify these claims. We intend to publish independent audit reports beginning with our first audit in [DATE TO BE PLANNED].

End of Privacy Policy