QuarantineFox

Privacy Policy

Effective date: March 17, 2026

Overview

QuarantineFox is an Outlook add-in developed by JustFox, a trade name of VirtualOx B.V. This privacy policy explains how QuarantineFox handles your data.

In short: QuarantineFox does not collect, store, or transmit any of your data.

Data Collection

QuarantineFox does not collect any personal data, usage data, or telemetry. We do not use cookies, analytics, or any form of tracking.

Data Processing

QuarantineFox reads two values from the Office.js API to detect your Microsoft 365 cloud environment:

• Office.context.mailbox.restUrl - the REST endpoint URL for your mailbox
• Office.context.mailbox.userProfile.emailAddress - your email address domain (e.g., ".mil" or ".us")

Processing is strictly limited to local execution within the user's browser. JustFox never acts as a recipient of this data, and no data is persisted or transferred. These values are used solely to determine whether you are in a Commercial, GCC, GCC High, or DoD environment so the correct quarantine portal URL can be opened.

App Permissions

QuarantineFox requests the following permissions, as shown in the Microsoft 365 Admin Portal:

• ReadItem - Required to access the mailbox REST URL and email address domain for environment routing. No email content, attachments, or message bodies are ever read, processed, or transmitted.
• ProfileAccess - Required to read the user's email address domain (e.g., ".mil") for cloud environment detection. Only the domain suffix is evaluated locally; the full address is never stored or transmitted.
• SendReceiveData - Required because the add-in loads its interface from an external web server (qf.justfox.app). This is standard for all web-based Office Add-ins. No user data is sent to this server.

Third-Party Services

QuarantineFox does not share data with any third parties. The add-in opens the Microsoft Defender quarantine portal in your default browser - this is a Microsoft service governed by Microsoft's own privacy policy.

Cookies

QuarantineFox does not use cookies of any kind.

Data Storage

QuarantineFox does not store any data. No data is saved locally, in the cloud, or anywhere else.

Regulatory Compliance

QuarantineFox is compliant by design with applicable privacy regulations, as no personal data is collected, stored, or transmitted. This includes:

• GDPR (EU/EEA) - Processing is limited to local-only environment detection. No data is persisted, transferred, or stored. No data to retain or delete.
• CCPA/CPRA (California, US) - No personal information is sold, shared, or collected. No opt-out required as there is nothing to opt out of.
• FERPA (US Education) - No student education records are accessed or stored.
• HIPAA (US Healthcare) - No Protected Health Information (PHI) is collected, stored, or transmitted. The add-in only processes the user's professional email domain locally for routing purposes.
• FedRAMP/FISMA (US Federal) - QuarantineFox does not utilize a cloud backend; all logic executes client-side within Outlook. It introduces no non-FedRAMP authorized services into the environment.

QuarantineFox does not require a Data Processing Agreement (DPA) as no data processing on behalf of the customer takes place.

Your Rights

Under GDPR and other applicable privacy regulations, you have the right to access, rectify, erase, restrict, and port your personal data. Because QuarantineFox does not store any user data, there is no data to provide, rectify, or erase upon request. If you believe your data has been processed in violation of this policy, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Sub-processors

QuarantineFox does not use any sub-processors for data processing, as no user data is collected or processed. The add-in's static files (HTML, JavaScript, icons) are hosted on Cloudflare Pages (Cloudflare, Inc.). Cloudflare may process standard web server logs (IP addresses, timestamps) in accordance with their own privacy policy. QuarantineFox has no access to these logs and does not receive any data from Cloudflare.

Children's Privacy

QuarantineFox is designed for use in enterprise environments and does not target children under 13. It is compliant with COPPA (Children's Online Privacy Protection Act) as no data is collected from any user, regardless of age.

Changes to This Policy

If we make changes to this privacy policy, we will update this page with the new effective date.

Contact

If you have questions about this privacy policy, please contact us:

• Company: VirtualOx B.V.
• Brand: JustFox
• Address: Molendreef 1, 4641 CS Ossendrecht, The Netherlands
• Email: [email protected]
• Website: justfox.dev