🦊Foxy Audit ← Back to home

Cookie Policy

Last updated: 16 July 2026 · Version 1.0

This policy explains the cookies and similar local-storage Foxy Audit uses, why, and how you control them. We use no advertising or third-party tracking cookies — an auditing product has no business embedding trackers.

1. What cookies are

Cookies are small text files a site stores in your browser to remember things between requests — for example, that you're securely logged in, or that you dismissed a banner. "Local storage" and "session storage" work similarly but are read only by the site's own code. We call all of these "cookies" below.

2. Categories we use

Strictly necessary — always on

Required for the site to work securely: without them you couldn't log in, stay logged in, or be protected against cross-site request forgery. These can't be switched off.

Analytics — optional

Help us see which pages are used and whether anything is slow or broken. Ours are first-party and cookieless: we count page views on our own servers and, only with your permission, keep an anonymous visitor id locally. Nothing goes to a third party.

Functional — optional

Would remember interface preferences (a dashboard layout, a time zone). We don't use any functional cookies yet; the category is listed so the choice exists if we add them.

3. The cookies we set

NameCategoryPurposeExpiryFlags
sessionNecessaryKeeps you logged into your dashboardSessionHttpOnly · Secure · SameSite=Lax
foxy_staff_sessionNecessaryKeeps staff logged into the admin consoleSessionHttpOnly · Secure · SameSite=Strict
foxy_csrfNecessaryAnti-CSRF double-submit token180 daysSecure · SameSite=Lax
foxy_consentNecessaryRemembers your cookie choices12 monthsSecure · SameSite=Lax
foxy_vid (local storage)AnalyticsAnonymous first-party visitor idUntil clearedSet only with consent
foxy_sid (session storage)AnalyticsAnonymous session idEnds with the tabSet only with consent

4. What we do NOT use

5. How analytics works

When analytics is enabled, each page view sends a small first-party request to our own backend with the page path and, if you consented, an anonymous visitor/session id. Your IP address and browser user-agent are one-way hashed on our server and never stored raw. There is no third-party analytics provider.

6. Managing your choices

On your first visit you choose. You can change your mind anytime via the "Cookie preferences" link in our footer, which reopens the consent panel. You can also block or delete cookies in your browser, though strictly-necessary cookies are required for login.

7. Your regional rights

EU / EEA / UK (GDPR): analytics is off until you opt in, and rejecting is as easy as accepting.

California (CCPA/CPRA): we don't sell or share personal information; you can opt out of analytics anytime in the preferences panel.

8. Changes & contact

We may update this policy as the product changes; the version and date above will move. Questions? Email foxyaudit@gmail.com.

This document describes our current practices in good faith and is not legal advice; have it reviewed by counsel before relying on it.

Home · Terms · Privacy · Acceptable Use
© 2026 Foxy Audit. Cryptographic compliance, not a promise.