Privacy Policy
Last Updated: November 21, 2025
Fox2D ("we", "our", or "us") operates the Fox2D website and App Maker service. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.
By using Fox2D, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account through Discord or Google OAuth, we collect:
- User ID from your authentication provider (Discord or Google)
- Username and display name
- Profile picture (avatar)
- Email address associated with your account
1.2 Project Files
When you use App Maker, we temporarily collect and process:
- Scratch project files (.sb3) you upload
- Scratch project IDs or URLs you provide
- Custom app icons you upload (PNG format, max 256KB)
- App metadata (app name, package name, version)
Important: Uploaded files (SB3 files and icons) are automatically deleted after 24 hours. Generated APK files are automatically deleted after 7 days. We do not permanently store your project files or build outputs.
1.3 Usage Information
We automatically collect certain information when you use our services:
- Build history and status (queued, processing, completed, failed)
- Build timestamps and duration
- Error logs related to failed builds
- IP address and browser information (used only for rate limiting and security verification, not stored permanently)
1.4 Cookies and Session Data
We use cookies to maintain your login session:
- Session cookies (expires after 5 minutes of inactivity)
- Authentication tokens (secure, HTTP-only)
2. How We Use Your Information
We use the collected information for the following purposes:
- To provide and maintain our App Maker service
- To authenticate and manage your account
- To process your Scratch projects and generate native apps
- To communicate with you about your builds and account
- To enforce rate limits and prevent abuse (30 uploads per 10 minutes)
- To improve our services and develop new features
- To comply with legal obligations and protect our rights
3. Data Storage and Security
3.1 Storage
- Account data is stored in a secure PostgreSQL database (Supabase)
- Uploaded files are stored in Supabase Storage with user-level access control
- Uploaded files (SB3 and icons) are automatically deleted after 24 hours
- Generated APK files are automatically deleted after 7 days
- Database connections use SSL/TLS encryption
3.2 Security Measures
- Backend-signed upload URLs to prevent abuse
- Row-level security (RLS) policies for user-specific data access
- Rate limiting to prevent spam and abuse
- Secure, HTTP-only cookies for session management
- Regular security updates and monitoring
3.3 Data Retention
- Account data: Retained until you delete your account
- Uploaded files (SB3 and icons): Automatically deleted after 24 hours
- Generated APK files: Automatically deleted after 7 days
- Build history: Retained for 90 days, then archived
- Error logs: Retained for 30 days for debugging purposes
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- With your consent: When you explicitly agree to share information
- Service providers: Third-party services that help us operate (Supabase, Vercel, Discord)
- Legal requirements: When required by law, court order, or government request
- Protection of rights: To protect our rights, property, or safety, or that of our users
5. Third-Party Services
Fox2D uses the following third-party services:
- Discord: For authentication and community features (Discord Privacy Policy)
- Google: For authentication via Google OAuth. We only access basic profile information including email address, name, and profile picture (Google Privacy Policy)
- Supabase: For database and file storage (Supabase Privacy Policy)
- Vercel: For hosting and deployment (Vercel Privacy Policy)
- Scratch API: For fetching public project information (Scratch Privacy Policy)
6. Your Rights
You have the following rights regarding your personal information:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
To exercise these rights, please contact us through Discord.
7. Children's Privacy
Fox2D is designed for users who meet Discord's minimum age requirement (13+ in most countries, 16+ in the EU). We do not knowingly collect personal information from children under these age limits. If you believe we have inadvertently collected information from a child, please contact us immediately.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top
- Announcing major changes in our Discord community
We encourage you to review this Privacy Policy periodically for any changes.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Discord: Join our community server at Fox2D Discord
Additional Information for EU/California Residents
If you are located in the European Union or California, you have additional rights under GDPR and CCPA respectively. This includes the right to request access, deletion, correction, and portability of your data. You also have the right to object to certain processing activities and to lodge a complaint with your local data protection authority.