Privacy Policy

Last updated: February 10, 2026

1. Introduction

Foxxception ("we," "us," or "our") operates VelvetRope ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This policy applies to two types of users:

  • Campaign Operators โ€” businesses and individuals who create and manage queues
  • End Users โ€” people who enter waiting rooms, queues, and raffles

2. Information We Collect

Campaign Operators

  • Account information: email address, business name, password (hashed)
  • Payment information: processed and stored by Stripe โ€” we do not store card numbers
  • Campaign configuration: names, settings, destination URLs, branding assets
  • Usage data: login times, API calls, dashboard activity

End Users

  • Session identifier: a random, anonymous token stored in a browser cookie
  • Queue activity: position, join time, forward time, Skip Pass purchase status
  • Raffle entries: email address (if provided), entry status, winner status
  • Device info: browser type, screen size, IP address (for bot detection)
  • Payment info for Skip Pass or verified raffle entries: processed by Stripe

Automatically Collected

  • Server logs: IP addresses, request timestamps, HTTP methods, response codes
  • Performance metrics: page load times, WebSocket connection durations
  • Bot detection signals: behavioral patterns, request frequency, browser fingerprinting heuristics

3. How We Use Your Information

We use collected information to:

  • Operate and maintain the queue management service
  • Process payments and distribute Skip Pass revenue
  • Detect and prevent bots, abuse, and fraudulent activity
  • Provide analytics and campaign performance data to operators
  • Send transactional emails (account verification, raffle results, payout notifications)
  • Improve the Service through aggregate usage analytics
  • Comply with legal obligations

4. Bot Detection & Fair Access

VelvetRope employs automated bot detection to ensure fair access to queues. This includes:

  • Rate limiting based on IP address and session patterns
  • Browser behavior analysis (mouse movements, interaction timing)
  • Challenge mechanisms for suspicious traffic

Bot detection data is processed in real-time and is not used for advertising, profiling, or any purpose beyond queue fairness and security.

5. Data Sharing & Third Parties

We do not sell your personal information. We share data only with:

  • Stripe โ€” for payment processing (Stripe Privacy Policy)
  • Fly.io โ€” for infrastructure hosting
  • Campaign Operators โ€” operators can see aggregate queue analytics and raffle entry data (email, status) for their own campaigns
  • Law enforcement โ€” when required by valid legal process

6. Cookies & Local Storage

We use the following cookies:

Cookie Purpose Duration
_bouncer_session Session management and CSRF protection Session
user_id Anonymous queue position tracking Session
account_id Authenticated operator session Session

We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

7. Data Retention

  • Operator accounts: retained while your account is active. Deleted 90 days after account cancellation.
  • Campaign data: retained for 12 months after a campaign ends, then automatically purged.
  • End user session data: anonymized after 30 days. Queue position and timing data is retained in aggregate form only.
  • Payment records: retained as required by law (typically 7 years for financial records).
  • Server logs: retained for 30 days, then deleted.

8. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encrypted database connections
  • Passwords hashed with PBKDF2
  • API keys generated with cryptographically secure random bytes
  • Role-based access controls for operator accounts

No system is 100% secure. If you discover a vulnerability, please report it to support@foxxception.com.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access โ€” request a copy of the personal data we hold about you
  • Correction โ€” request correction of inaccurate data
  • Deletion โ€” request deletion of your personal data
  • Portability โ€” request your data in a machine-readable format
  • Objection โ€” object to processing of your data for specific purposes

To exercise these rights, email legal@foxxception.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. International Data Transfers

The Service is hosted in the United States (via Fly.io). If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

13. Contact

For privacy-related questions or requests:

Foxxception

Support: support@foxxception.com

Legal: legal@foxxception.com