Privacy Policy.

RabidFox Analytics LLC (“RabidFox,” “we,” “us,” or “our”) is the developer of the RFX Banking Analytics iOS application (the “App”), the website at rabidfoxanalytics.com (the “Website”), and related services (collectively, the “Services”).

This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. It applies to anyone who uses our Services, anywhere in the world.

We collect only what we need to operate the Services. Different categories of data are treated differently — most stays on your device, some is needed for account management, and a small amount may flow through opt-in cloud features.

RFX is built around on-device-first architecture. Here is exactly how data moves through the system:

• FFIEC call reports are downloaded directly from the FFIEC’s public Central Data Repository to your iPad. We do not see, copy, or store them.
• All dashboard rendering happens on your device using Apple Silicon.
• RabidFox AI runs on-device using Apple Intelligence and local models. Queries do not leave your iPad.
• Optional Deep Seek is the only feature that sends data off-device, and only when you explicitly tap to opt-in for a specific query.
• Generated PDFs are created locally with jsPDF and stored on your device.

This isn’t a marketing claim — it’s an architectural design choice that gives you GLBA-aligned data residency without any extra setup.

We use the limited information we collect for these specific purposes:

• To operate the Services: Run the App, deliver dashboards, fulfill Pro license activations.
• To support you: Respond to emails, troubleshoot technical issues, process license requests.
• To improve product quality: Aggregated and anonymized crash reports help us fix bugs and improve stability.
• To comply with legal obligations: Tax records, regulatory inquiries, court orders where applicable.
• To communicate with you: Service updates, security notices, privacy policy changes — never marketing without your opt-in.

We will never sell your information, rent it, or share it with data brokers. Full stop.

RFX includes two AI tiers, designed for different data-sensitivity needs:

• RabidFox AI (on-device, default): Uses Apple Intelligence and on-device language models. Queries and responses never leave your device. Available with all RFX versions including Demo Mode.
• Deep Seek (cloud, opt-in only): For complex analytical questions where on-device models can’t answer. Disabled by default. Each query requires explicit per-question opt-in. When enabled, anonymized text is sent to our cloud AI provider for processing.

Cloud AI processing is currently provided by Anthropic (Claude API) under a data processing agreement that prohibits training on customer data. We will notify you in advance of any change in our AI provider.

We share data only with the specific service providers needed to run the Services, under strict contractual privacy protections:

• Apple Inc. — App Store distribution, Pro license redemption, opt-in crash reporting.
• Anthropic — Cloud AI processing for Deep Seek queries (when you opt in per-query).
• Squarespace — Website hosting and basic site analytics.
• Email service providers — For responding to your support, sales, or investor inquiries.
• Tax, legal, and accounting service providers — As needed for compliance and operations.

We do not share data with advertisers, data brokers, social networks, or any third party not listed above. Full list updated whenever it changes.

Regardless of where you live, you have these rights regarding your personal information:

• Right to access: Request a copy of any personal information we hold about you.
• Right to correct: Update or correct any inaccurate personal information.
• Right to delete: Request deletion of your personal information. We process within 24 hours unless we are legally required to retain it.
• Right to portability: Receive your information in a portable, machine-readable format.
• Right to opt out: Opt out of any non-essential data processing (marketing emails, analytics, cloud AI).
• Right to object: Object to any processing you believe is unlawful.

To exercise any right, email support@rabidfoxanalytics.com. We respond within one business day and complete most requests within 30 days.

We protect your information using industry-standard security practices:

• Apple iOS sandboxing isolates RFX data from other apps on your device.
• TLS 1.3 encryption for all network traffic between RFX and our servers.
• Encryption at rest using Apple’s Data Protection API on iOS.
• Limited internal access — only authorized RabidFox personnel can access support data, logged and audited.
• Regular security reviews aligned with Apple App Review standards.

We retain personal information only as long as necessary for the purpose collected, plus any legally required retention period (typically tax/accounting records: 7 years).

RFX is designed for banking professionals and is not directed to children under 18. We do not knowingly collect personal information from children under 13 (or the applicable minimum age in your jurisdiction).

If you believe we have collected information from a child, please email support@rabidfoxanalytics.com immediately and we will delete it.

RabidFox is based in the United States. If you use RFX from outside the U.S., your information may be transferred to and processed in the U.S., where data protection laws may differ from your home jurisdiction.

We rely on standard contractual clauses and similar mechanisms for any international data transfers, in accordance with applicable laws.

RFX is designed to align with the following regulatory frameworks relevant to banking customers:

• GLBA (Gramm-Leach-Bliley Act) — on-device processing as default architecture.
• FFIEC Information Security Booklet alignment for banking customer data handling.
• SR 11-7 — AI features are explainable and auditable for model risk management review.
• GDPR / UK GDPR — full rights regime for EU and UK residents.
• CCPA / CPRA — California Consumer Privacy Act / Privacy Rights Act compliance.
• SOC 2 Type II — framework alignment (formal certification in progress).

For bank IT, CISO, or General Counsel reviews, we maintain a detailed compliance brief covering each of these frameworks. Email support@rabidfoxanalytics.com to request.

We may update this Privacy Policy to reflect changes to our practices, the law, or our Services. When we do:

• We update the “Last Updated” date at the top of this page.
• For material changes, we notify Pro customers by email at least 30 days before changes take effect.
• Prior versions are archived and available on request.

Questions, requests, or concerns? Email support@rabidfoxanalytics.com. For California residents exercising CCPA rights, use the same email with subject line “CCPA Request.” For EU/UK residents exercising GDPR rights, use the same email with subject line “GDPR Request.”

Mailing address: RabidFox Analytics LLC, Atlanta, Georgia, USA. (Full address provided on request to verify privacy requests.)