Fox's Nest Terms of Service

Last updated: 28 February 2026

§ 1. General Provisions

These Terms of Service govern the use of the foxsnest.com website (hereinafter: the Service) operated by CALMFOX Sp. z o.o. with its registered office in Bydgoszcz, ul. Dluga 47, 85-034 Bydgoszcz, Poland, entered in the National Court Register under KRS number 0001163844, NIP 9532810342 (hereinafter: the Provider). The Service enables cookie consent management (GDPR), digital accessibility enhancement (WCAG), GDPR compliance scanning, accessibility and GDPR compliance audits for websites, as well as support for compliance with the European Accessibility Act (EAA) and the Artificial Intelligence Act (AI Act).

By using the Service, you accept these Terms of Service in their entirety. Users are required to read these Terms before using the Service. If you do not accept these Terms, you should not use the Service.

§ 2. Definitions

  • Service – The website available at foxsnest.com together with all its functionalities, subpages, and application programming interface (API).
  • Service Provider – CALMFOX Sp. z o.o. with its registered office in Bydgoszcz, ul. Dluga 47, 85-034 Bydgoszcz, Poland, KRS 0001163844, NIP 9532810342.
  • User – A natural person, legal entity, or organizational unit without legal personality that uses the Service under these Terms of Service.
  • Account – An individual User account in the Service, created during the registration process, providing access to the Service functionalities and enabling management of services.
  • Widget – A JavaScript code snippet generated by the Service, intended for installation on the User's website to deliver selected functionalities.
  • GDPR Widget – A cookie consent management widget that displays an information banner and privacy settings panel, enabling visitors to grant or withdraw consent for specific cookie categories.
  • WCAG Widget – An accessibility enhancement widget that provides features such as font size adjustment, high contrast mode, focus indicators, and other accessibility tools.
  • Badge – A graphical indicator in SVG format displayed on the User's website, showing the current WCAG accessibility audit score.
  • WCAG Audit – An automated digital accessibility analysis service for the User's website, conducted based on WCAG 2.1/2.2 guidelines using the axe-core engine and artificial intelligence.
  • Pricing Plan – A service package selected by the User with a defined scope of functionality, limits, and price, in accordance with the current offer available on the pricing page.
  • Discovery Period – A 14-day free trial period allowing full use of the Service functionality without requiring credit card information.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  • GDPR Scanner – An automated GDPR compliance analysis service for the User's website, including detection of cookies, tracking technologies, privacy policy verification, and generation of a compliance assessment report.
  • Cookie Monitor – A periodic monitoring service for cookies and tracking technologies on the User's website, detecting changes in cookies used and assessing the risk level. Available from the Pro plan and above.
  • Team – A feature enabling multi-user access to a User's Account, allowing team members to be invited with assigned roles (owner, administrator, editor, viewer) and access permissions for individual domains.
  • AI Act Declaration – A tool enabling the creation, publication, and management of compliance declarations with Regulation (EU) 2024/1689 of the European Parliament and of the Council on artificial intelligence (AI Act) for AI systems used on the User's website.
  • Dev Tasks – A feature for generating a list of remediation tasks based on WCAG audit results, shareable with external developers via a unique access token (share token). Available from the Standard plan and above.
  • Scan Scheduling – A feature enabling the configuration of automatic, periodic WCAG audits and GDPR scans (weekly or monthly) with result notifications. Available from the Pro plan and above.
  • Compliance Checklist – An interactive checklist assessing the level of GDPR compliance of the User's website based on widget configuration and manual confirmations by the User.

§ 3. Terms of Use

Use of the Service requires meeting the following conditions:

  • The User must be at least 18 years of age or have full legal capacity. For legal entities and organizational units, registration must be performed by a person authorized to represent them.
  • The User must accept these Terms of Service and the Privacy Policy before using the Service.
  • The User is required to provide truthful, current, and complete data during registration and while using the Service.

The Provider reserves the right to refuse to provide services or to block a User's Account in the event of a violation of these Terms, applicable law, or actions detrimental to the Service or other Users.

§ 4. Registration and Account

Registration with the Service is done by completing the registration form with an email address and password, or through external account login (social login). Registration is free of charge.

The User undertakes to:

  • Keep login credentials (email address and password) confidential and not share them with third parties. The User bears full responsibility for all activities performed using their Account.
  • Keep Account data current and accurate, including email address, company details, and billing information.
  • Immediately notify the Provider of any unauthorized access to the Account or suspected security breach by sending a message to contact@foxsnest.com.

Each natural person or legal entity may hold one Account in the Service. Creating multiple Accounts by the same entity is prohibited unless the Provider grants written consent.

§ 5. Services and Pricing Plans

The Service offers the following pricing plans:

  • Free Plan – 1 domain, basic cookie consent widget, limited audit and scan functionality. Free of charge, no time limit.
  • Standard Plan – 1 domain, full GDPR cookie consent widget, WCAG accessibility widget, WCAG evaluation badge, AI Act declaration, dev tasks list.
  • Pro and Business Plans – 1 domain per subscription, full GDPR and WCAG widget functionality, WCAG accessibility audits, GDPR scanner, Cookie Monitor, scan scheduling, Provider branding removal (Pro), priority support (Pro) or dedicated account manager and API access (Business).
  • Enterprise Plan – A dedicated plan with custom limits for domains, pages, and sessions, automatic location detection (IP geolocation) for currency and VAT rate adjustment, extended API access, dedicated account manager, and priority technical support. Terms negotiated individually.

Current prices are available on the pricing page of the Service. Prices are listed in PLN and EUR. The Provider reserves the right to change prices with a 30-day notice period for active subscriptions.

The Service provides the following services:

  • Cookie Consent Management (GDPR) – A widget displaying a cookie information banner and privacy settings panel, enabling website visitors to grant and manage consent for specific cookie categories in compliance with GDPR requirements.
  • Accessibility Widget (WCAG) – A widget enhancing digital accessibility of the website, offering tools such as font size adjustment, high contrast mode, focus indicators, keyboard navigation, and other accessibility features in accordance with WCAG guidelines.
  • WCAG Audit – An automated digital accessibility analysis of the User's website based on WCAG 2.1/2.2 guidelines, including multi-page scanning, identification of accessibility issues, and generation of a report with recommendations.
  • Compliance Badge – A graphical indicator in SVG format showing the current WCAG accessibility audit score, embeddable on the User's website. The badge is automatically updated after each audit.
  • Management Dashboard – A central administration panel for managing domains, widget configuration, reviewing audit results, managing subscriptions, and accessing invoices and account settings.
  • GDPR Scanner – An automated GDPR compliance analysis of the User's website, including detection of cookies and tracking technologies, privacy policy verification, and generation of a compliance assessment report with remediation recommendations.
  • Cookie Monitor – A periodic cookie monitoring service for the User's website, detecting changes in cookies used, categorizing them (necessary, analytics, marketing, preferences, uncategorized), and assessing the risk level. Monitoring frequency depends on the selected plan: weekly (Pro) or daily (Business and Enterprise).
  • Team Management – A multi-user access feature enabling team members to be invited to the User's Account with assigned roles (owner, administrator, editor, viewer) and granular access permissions for individual domains.
  • AI Act Declaration – A tool for creating, publishing, and managing compliance declarations with the AI Act Regulation (EU) 2024/1689 for artificial intelligence systems used on the User's website, including risk classification, AI system descriptions, and statement publication.
  • Dev Tasks – Generation of a remediation task list based on WCAG audit results, shareable with external developers via a unique access token, with task status tracking and developer assignment capabilities.
  • GDPR Compliance Checklist – An interactive checklist verifying the level of GDPR compliance of the User's website, automatically assessing widget configuration and enabling manual confirmation of individual requirements.

§ 6. Payments

Paid plans are billed in monthly or annual cycles, as selected by the User. Payments are processed through the Stripe payment operator. The User authorizes Stripe to automatically charge the designated payment method in subsequent billing cycles.

Listed prices are net prices. VAT is added in accordance with applicable tax regulations, depending on the User's location and the nature of the transaction.

VAT invoices are generated automatically and made available to the User in the Service management dashboard after each completed billing cycle.

In the event of non-payment, the Provider will attempt to re-charge the payment method. If payment is not received within 7 days of the due date, services will be suspended until the outstanding balance is settled. After 30 days of suspension, the Provider reserves the right to delete data associated with the Account.

§ 7. Trial Period (Discovery Period)

Every new User is entitled to a one-time, 14-day trial period (Discovery Period), allowing free use of the Service functionality. Activation of the trial period does not require providing credit card information.

During the trial period, the User has access to the Service functionality, including GDPR and WCAG widgets, accessibility audits, GDPR scanner, and the compliance badge, subject to technical limitations and limits applicable to the trial period.

After the trial period expires, the User must select one of the paid pricing plans. If no plan is selected, access to services will be suspended and widgets installed on the User's websites will stop functioning. Account data will be retained for 90 days, allowing the User to return and activate a paid plan.

If the User selects a paid plan during the Discovery period, unused trial days may be carried over as a trial period within the paid subscription, during which the User will not be charged.

§ 8. Rights and License

The Provider grants the User a non-exclusive, non-transferable, revocable license to use the Service and its functionalities, including widgets, within the scope defined by the selected pricing plan and for the duration of the subscription. The license includes the right to install widgets on the User's websites specified in the management dashboard.

The User may NOT:

  • Decompile, disassemble, reverse engineer the source code of the Service or widgets, or attempt to obtain access to the source code by any other means.
  • Sublicense, resell, rent, or make the Service or its components available to third parties without the Provider's written consent.
  • Remove, modify, or conceal copyright notices, trademarks, or other intellectual property markings of the Provider placed in the Service or widgets.
  • Use the Service for unlawful purposes, including distributing content that infringes third-party rights, malicious software, or content that violates applicable regulations.

§ 9. Legal Compliance Obligations

The User bears sole responsibility for ensuring that their website complies with applicable laws, including in particular the GDPR, the Act on Providing Services by Electronic Means, the European Accessibility Act (EAA), and other applicable regulations.

To ensure legal compliance, the User undertakes to:

  • Maintain a current and comprehensive Privacy Policy on their website that complies with GDPR requirements, including information about cookies and tracking technologies used.
  • Properly configure widgets in accordance with the law applicable to the jurisdiction in which the User's website operates, including appropriate assignment of cookies to consent categories.
  • Obtain legally required consent before using tracking technologies, analytics cookies, and marketing cookies on their website.
  • Timely process data subject requests (right of access, rectification, erasure, restriction of processing, data portability, objection) in accordance with GDPR requirements.
  • Report personal data breaches to the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.
  • Enter into a Data Processing Agreement (DPA) with the Provider before processing personal data through the widgets.

Fox's Nest provides tools to support compliance with GDPR and WCAG regulations but does not guarantee full legal compliance of the User's website. Ultimate responsibility for legal compliance rests with the User.

§ 10. Liability

The Service is provided on an as-is basis, without any warranties, express or implied, including without limitation warranties of fitness for a particular purpose, non-infringement of third-party rights, or reliability.

The Provider shall not be liable for:

  • Losses, lost profits, or damages resulting from interruptions in the Service, including interruptions caused by technical failures, maintenance, or issues on the part of infrastructure providers.
  • Loss of User data. The User is responsible for independently maintaining backups of their data, including widget configurations and audit results.
  • Actions or omissions of third parties, including hosting service providers, payment operators, web browser vendors, and other entities independent of the Provider.
  • Force majeure events, including natural disasters, wars, cyberattacks, telecommunications infrastructure failures, changes in law, or decisions by public authorities.
  • Incorrect widget configuration by the User, including incorrect assignment of cookies to consent categories, missing required information in the banner, or improper privacy panel settings.
  • Non-compliance of the User's website with applicable regulations, including the GDPR, EAA, digital accessibility laws, or other regulations.
  • Display or functionality issues with widgets resulting from incompatibility of the visitor's web browser, device, or operating system.

The Provider's total liability to the User for all claims related to the use of the Service is limited to the total amount of fees paid by the User to the Provider in the 12 months preceding the event giving rise to the claim.

The liability limitations set forth in this section do not apply to Users who qualify as consumers under applicable consumer protection laws. Mandatory consumer protection provisions shall apply to consumer Users.

§ 11. Indemnification

The User agrees to indemnify and hold harmless the Provider, its employees, associates, and subcontractors from all liability and to cover all costs, expenses, and damages (including legal fees) arising from third-party claims related to:

  • Violation of these Terms of Service by the User.
  • Violation of applicable laws by the User, including data protection regulations, consumer law, or competition law.
  • Infringement of intellectual property rights, personal rights, or other third-party rights in connection with the use of the Service.
  • Incorrect widget configuration resulting in non-compliance of the User's website with applicable regulations.
  • Providing false, outdated, or incomplete data in the Service.

The provisions of this section do not apply to Users who qualify as consumers under applicable consumer protection laws.

§ 12. Data Processing

To the extent that the Provider processes personal data on behalf and on the instruction of the User (as a data processor within the meaning of Article 28 of the GDPR), such processing is carried out on the basis of a Data Processing Agreement (DPA).

The detailed rules for data processing, including the scope of processing, categories of data, security measures, obligations of the parties, and rules for sub-processing, are set forth in the separate Data Processing Agreement (DPA).

The full Data Processing Agreement is available here.

§ 13. Use of Artificial Intelligence

The Service uses artificial intelligence (AI) technologies as part of the following services: WCAG accessibility audits (analyzing digital accessibility issues and generating recommendations), GDPR scanner (analyzing cookies and tracking technologies), and tools supporting AI Act compliance.

Regarding the use of artificial intelligence in the Service:

  • AI analyzes identified digital accessibility issues and GDPR compliance issues, categorizes them by severity and impact on users, and generates remediation recommendations within WCAG audit reports and GDPR scan reports.
  • The AI system does not make automated decisions that significantly affect the User's rights or obligations. AI analysis results are for informational and advisory purposes only.
  • The User has the right to request human review of AI analysis results by contacting the Provider at contact@foxsnest.com.
  • The Provider uses AI models provided by Anthropic (Claude) and OpenAI. Data sent to AI providers is processed in accordance with their data processing policies and does not include personal data of the User's website visitors.
  • The Provider endeavors to ensure that the use of artificial intelligence in the Service complies with Regulation (EU) 2024/1689 of the European Parliament and of the Council on artificial intelligence (AI Act). The AI systems used in the Service do not constitute high-risk AI systems within the meaning of this regulation.

§ 14. Compliance Badge

The Compliance Badge is a graphical indicator in SVG format that can be embedded on the User's website and displays the current WCAG accessibility audit score. The Badge feature is available from the Standard plan and above.

The score displayed on the Badge is based on the results of an automated accessibility audit and does not constitute a legal guarantee of full compliance of the website with WCAG requirements or other digital accessibility regulations. The Badge reflects the technical state of the website at the time of the last audit.

The Provider reserves the right to suspend or deactivate the Badge in the event of a significant drop in the User's website accessibility audit score or if the Badge is being used in a manner that may mislead website visitors.

§ 15. Team Management

The User (Account owner) may invite other users to their Account via the team management feature. Invitations are sent to the email address specified by the Account owner and expire after a set period of time.

Team members may be assigned the following roles:

  • Owner — full access to all Account features, including team management, subscription, and billing management. This role is automatically assigned to the person who creates the Account.
  • Administrator — manage team members, widget configuration, and domains, without access to billing and subscriptions.
  • Editor — full access to widget configuration, audits, and reports, without team management capabilities.
  • Viewer — read-only access to data, audit results, and reports.

The Account owner is responsible for all actions performed by team members within their Account. The owner is required to assign roles in accordance with the principle of least privilege.

The maximum number of team members depends on the selected pricing plan and is specified on the pricing page.

§ 16. GDPR Scanner and Cookie Monitor

The GDPR Scanner enables automated GDPR compliance analysis of the User's websites. Scan results are for informational purposes only and do not constitute legal opinions or compliance guarantees.

The Cookie Monitor enables periodic monitoring of cookies and tracking technologies on the User's websites. The service automatically detects new cookies, categorizes them, and assesses the GDPR compliance risk level.

Scan limits (number of scans per month, maximum number of pages per scan) and Cookie Monitor frequency depend on the selected pricing plan and are specified on the pricing page.

The User undertakes to scan only websites for which they have administrator or owner permissions. Scanning third-party websites without their consent is prohibited.

§ 17. Public Data Sharing

Some Service features enable public data sharing without authentication. The User acknowledges and accepts that the following data may be publicly accessible:

  • Compliance Badge — the WCAG audit score in SVG format and a public accessibility report, available at a unique URL linked to the User's domain.
  • Dev Tasks — a remediation task list shared via a unique access token (share token). The User decides independently who receives the token.
  • AI Act Declaration — a published artificial intelligence usage statement, available at a unique URL.

The User may revoke public data sharing at any time by deactivating the corresponding feature in the management dashboard. Deactivation does not delete data that may have been previously copied or archived by third parties.

§ 18. Complaints

Complaints regarding the operation of the Service should be submitted electronically to contact@foxsnest.com.

A complaint should include:

  • User identification details (full name or company name, email address associated with the Account).
  • A detailed description of the issue, including the date of occurrence, circumstances, and any error messages.
  • The expected resolution of the issue.

The Provider will review the complaint and respond within 14 business days from the date of receiving the complete complaint. In justified cases, this period may be extended by an additional 14 business days, of which the User will be informed.

§ 19. Withdrawal

Users who qualify as consumers under applicable consumer protection laws have the right to withdraw from the contract for the provision of electronic services without giving a reason within 14 days from the date of conclusion of the contract, in accordance with applicable consumer rights legislation.

The withdrawal statement should be sent to contact@foxsnest.com. A withdrawal form template is available upon request at the same address. In the event of withdrawal, the Provider will refund all payments received within 14 days from the date of receiving the withdrawal statement.

§ 20. Personal Data Protection

The rules for processing Users' personal data are defined in our Privacy Policy, which constitutes an integral part of these Terms of Service.

§ 21. Changes to Terms

The Provider reserves the right to amend these Terms of Service. Users will be notified of any changes at least 14 days in advance via email sent to the address associated with the Account and by displaying an appropriate notice in the management dashboard.

Continued use of the Service after the amended Terms take effect constitutes acceptance of the changes. If the User does not accept the changes, they have the right to terminate the agreement and delete their Account before the changes take effect.

§ 22. Final Provisions

These Terms of Service are governed by and shall be construed in accordance with Polish law.

Any disputes arising from these Terms or related to the use of the Service shall be resolved by the court having jurisdiction over the Provider's registered office in Bydgoszcz. This provision does not apply to consumers, who have the right to bring proceedings before the court having jurisdiction over their place of residence and to use out-of-court dispute resolution methods, including the ODR platform (https://ec.europa.eu/consumers/odr).

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid provision shall be replaced by a valid provision that most closely reflects the purpose and intent of the replaced provision.

All questions, comments, and correspondence regarding the Service should be directed to the email address: contact@foxsnest.com or in writing to: CALMFOX Sp. z o.o., ul. Dluga 47, 85-034 Bydgoszcz, Poland.