Appearance
Privacy Policy — DRAFT TEMPLATE
DRAFT — NOT LEGAL ADVICE. This is a starting template, not a finished policy. A privacy lawyer (HK PDPO; GDPR if serving EU users) must review and adapt before publication. Placeholder values in
[BRACKETS]need company-specific decisions. Sections marked [REVIEW] are jurisdiction-sensitive.
Effective Date: [DATE] Data Controller / Service Provider: [LEGAL ENTITY NAME], a [JURISDICTION] company ("FoxCLM", "we", "us", "our") Contact: [PRIVACY EMAIL]
1. Scope
This policy explains how FoxCLM collects, uses, and protects personal data when you use the FoxCLM platform (contract lifecycle management, scheduling, invoicing, client management) and its websites, viewer pages, and documentation.
It covers two roles:
- Account data — data about you as our customer (account holders, staff, collaborators). We are the data controller.
- Customer Content — data you upload or generate in the Service about your own clients, counterparties, and signers (contracts, client records, signatures, verification results). For this data we act as a data processor on your behalf; your use of it is governed by your agreement with us and the DPA at [DPA URL]. [REVIEW]
2. Data We Collect
2.1 Account data
- Name, email address, password (stored hashed), locale, and timezone
- Business profile details you provide (business name, address, branding)
- Billing and subscription records
- Support communications
2.2 Customer Content
- Contracts, templates, clauses, and their metadata
- Client and contact records, invoices, scheduling data
- Uploaded documents and images
- Electronic signature records and, where you enable it, identity verification (IDV), business verification (KYB), and AML screening results processed through our verification providers [REVIEW]
2.3 Usage data
- Log data: IP address, browser type, pages visited, timestamps
- Actions performed in the app (for audit trails you can view in-product)
- Product-improvement signals (see Section 3)
3. Product-Improvement Signals
To learn which capabilities the product is missing, we collect limited, derived signals from how the Service is used:
- AI assistant requests we could not fulfil. After an AI chat exchange, an automated process classifies whether you asked for something the product cannot do. If so, we store a short derived phrase naming the missing capability (for example, "export invoices to Excel") together with a truncated excerpt of the request. We do not store full chat transcripts for this purpose.
- Searches with no results. When a search returns nothing, we store the search terms.
- Blocked actions. When you reach an action the product declines (for example, a permission gate), we may record which gate was reached, not the content involved.
These signals are:
- used only to prioritise product development;
- reviewed in aggregate (clustered into themes);
- retained for [12] months, then deleted; [REVIEW]
- never sold or shared with third parties for marketing;
- processed by our AI subprocessor (Section 4) solely to classify and summarise them.
Legal basis (where GDPR applies): legitimate interest in improving the Service. [REVIEW] [If required in your jurisdiction, add an opt-out mechanism and reference it here.]
4. AI Processing
Some features send data to a third-party large-language-model provider ([LLM PROVIDER NAME], the "AI subprocessor") to function: the AI assistant, document data extraction, semantic search indexing, and the product-improvement classification described in Section 3.
- Data sent is limited to what the feature needs (the relevant message, document, or signal list).
- We instruct the AI subprocessor not to use your data to train its models. [REVIEW — confirm the provider's data-use terms support this]
- AI outputs that create or change records are always presented for your review before saving, except where you configure automation otherwise.
5. How We Use Data
- Provide, operate, and secure the Service
- Process payments and manage subscriptions
- Send transactional messages (receipts, reminders, workspace invitations)
- Maintain tamper-evident audit trails for contracts
- Improve the product (Section 3)
- Comply with legal obligations
We do not sell personal data.
6. Sharing and Subprocessors
We share data only with:
- Subprocessors needed to run the Service: hosting, email delivery, payment processing, identity/business verification providers, AML screening providers, and the AI subprocessor. Current list at [SUBPROCESSOR LIST URL]. [REVIEW]
- Legal requests where required by applicable law
- Business transfers (merger, acquisition), subject to this policy
7. Retention
- Account data: for the life of the account plus [90] days
- Customer Content: until you delete it or [30] days after account closure
- Contract audit trails and signature evidence: retained per the retention period you configure or as required for the legal validity of executed contracts [REVIEW]
- Product-improvement signals: [12] months
- Backups: rolling [35]-day window
8. Security
We use encryption in transit, encryption at rest for sensitive credentials, hashed passwords, tamper-evident audit chains for contract history, and access controls limiting staff access to Customer Content. No system is perfectly secure; report suspected issues to [SECURITY EMAIL].
9. Your Rights
Depending on your jurisdiction (including the Hong Kong PDPO and, where applicable, the GDPR), you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to processing based on legitimate interests (including Section 3 signals). Contact [PRIVACY EMAIL]; we respond within [40 days (PDPO) / 30 days (GDPR)]. [REVIEW]
If your data is in a customer's workspace as Customer Content, we will refer your request to that customer, who controls it.
10. International Transfers
Data may be processed in [HOSTING REGIONS]. Where required, transfers are protected by [SCCs / recognised safeguards]. [REVIEW]
11. Children
The Service is not directed at children under [16/18]. Customer Content may include records about minors (for example, students of a tutoring business); the customer is responsible for the lawful basis of that data. [REVIEW]
12. Changes
We will post changes to this page and, for material changes, notify account holders by email or in-app notice at least [30] days before they take effect.
13. Contact
[LEGAL ENTITY NAME] [ADDRESS] [PRIVACY EMAIL]
