Privacy Policy — Proxiware

1Data Controller Identity

Proxiware LLC is the data controller responsible for your personal information as described in this Privacy Policy. Our contact details are set out in Section 15 below.

This Privacy Policy applies to all personal information collected through our website at proxiware.com, our customer dashboard, our APIs, and all associated Services as defined in our Terms of Service.

2Information We Collect

We collect several categories of information depending on how you interact with our Services:

2.1 Information You Provide Directly

Account Registration: Email address, password (stored as a secure hash), and optionally your name or business name.
Payment Information: Billing details, credit/debit card information (tokenized and processed by Stripe), and cryptocurrency wallet addresses for crypto payments.
KYC/Identity Verification: Government-issued identification documents and proof of address when KYC verification is required under our KYC Policy.
Communications: Messages you send to us via support channels, email, Discord, or Telegram, including support tickets and feedback.

2.2 Information Collected Automatically

Usage Data: Log files, proxy connection records, bandwidth consumed, IP addresses used for authentication, browser type, operating system, and device identifiers.
Technical Data: HTTP request metadata, authentication timestamps, session tokens, and API access logs.
Analytics Data: Page views, referral sources, geographic region, and interaction events collected via Google Tag Manager and similar tools.
Fraud Prevention Data: Browser fingerprints collected at account creation and login for fraud and abuse detection.

2.3 Information from Third Parties

Social Login: If you authenticate via Google OAuth, we receive your name, email address, and profile image from Google.
Referral Partners: Referral source information from affiliate or partner networks.
Identity Verification Providers: Verification status and risk signals from our KYC provider (Idenfy) when identity verification is completed.

3Legal Basis for Processing (GDPR Article 6)

For users located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar data protection laws, we rely on the following legal bases to process your personal information:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Services you have requested, manage your Account, and process payments.
Legitimate Interests (Art. 6(1)(f)): Fraud prevention, network security, abuse detection, product improvement, and direct marketing to existing customers.
Legal Obligation (Art. 6(1)(c)): Compliance with applicable AML laws, financial regulations, tax obligations, and lawful requests from authorities.
Consent (Art. 6(1)(a)): Where we rely on your consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.

4How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provision proxy services, process orders, manage subscriptions, and provide technical support.
Account Management: To create and maintain your Account, authenticate your identity, and communicate with you about your Account.
Billing & Payments: To process payments, manage invoices, and prevent payment fraud.
Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse, and other illegal activity.
Legal Compliance: To comply with applicable laws, respond to legal process, enforce our policies, and protect the rights, property, and safety of Proxiware and others.
Product Improvement: To analyze usage patterns, diagnose technical issues, and improve our Services and user experience.
Marketing: To send you promotional communications about our products and services where you have opted in or where permitted by applicable law. You may opt out at any time.
Customer Communications: To send transactional messages including service announcements, security alerts, and administrative notices.

5Information Sharing & Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers & Sub-processors

We engage trusted third-party service providers who process personal data on our behalf under strict data processing agreements. These include:

Stripe, Inc. — Payment processing and billing portal;
Cryptomus — Cryptocurrency payment processing;
Idenfy — Identity verification and KYC compliance;
Intercom — Customer support and messaging;
Google LLC — Analytics (Google Tag Manager), OAuth authentication;
Cloud hosting and infrastructure providers — Database, object storage, and server hosting.

5.2 Legal & Safety Disclosures

We may disclose your information to law enforcement agencies, government authorities, or other third parties when we reasonably believe disclosure is necessary to:

Comply with applicable law, regulation, legal process, or enforceable governmental request;
Enforce our Terms of Service or investigate potential violations;
Detect, prevent, or address fraud, security, or technical issues;
Protect the rights, property, or safety of Proxiware, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of such transaction. We will notify you via email or prominent website notice of any such change in ownership or control of your personal information.

5.4 With Your Consent

We may share your information with other third parties when you give us your explicit consent to do so.

6International Data Transfers

Proxiware LLC is based in the United States. If you are located in the EEA, UK, or another jurisdiction outside the United States, your personal information will be transferred to and processed in the United States.

We implement appropriate safeguards for international transfers, including:

Standard Contractual Clauses (SCCs) as approved by the European Commission;
Data processing agreements with sub-processors that include adequate transfer mechanisms;
Where applicable, reliance on adequacy decisions issued by the relevant supervisory authority.

7Data Retention

We retain your personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

Account Data: Retained for the duration of your account plus a reasonable period after closure (typically 3 years) to comply with legal obligations and resolve disputes;
Payment & Transaction Records: Retained for a minimum of 7 years to comply with tax and financial recordkeeping requirements;
KYC Documents: Retained for a minimum of 5 years following the end of the business relationship, as required by AML regulations;
Usage & Access Logs: Typically retained for 90 days, unless longer retention is required for security investigations or legal holds;
Marketing Data: Retained until you opt out or withdraw consent.

When data is no longer required, we securely delete or anonymize it.

8Security

We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, loss, alteration, or disclosure. These measures include:

Encryption of data in transit using TLS 1.2 or higher;
Encryption of sensitive data at rest;
Secure, hashed storage of passwords;
Access controls and principle of least privilege for internal systems;
Regular security assessments and vulnerability monitoring;
Browser fingerprinting and anomaly detection at login.

No security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a security breach that affects your personal information, we will notify you as required by applicable law.

9Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. The types of cookies we use include:

Strictly Necessary Cookies: Required for authentication sessions, CSRF protection, and basic site functionality. These cannot be disabled.
Analytics Cookies: Used via Google Tag Manager to understand how visitors interact with our website. These are set only with your consent where required by applicable law.
Functional Cookies: Remember your preferences and settings to personalize your experience.

You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of our Services. For more information on managing cookies, visit allaboutcookies.org.

10Your Rights Under GDPR (EU/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Right of Access (Art. 15): Request a copy of the personal data we hold about you;
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data;
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal exceptions;
Right to Restriction of Processing (Art. 18): Request that we restrict processing of your data in certain circumstances;
Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format;
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes;
Rights Related to Automated Decision-Making (Art. 22): Not be subject to solely automated decisions that produce significant legal effects.

To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

11Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it;
Right to Delete: Request deletion of your personal information, subject to certain exceptions;
Right to Correct: Request correction of inaccurate personal information;
Right to Opt-Out: Opt out of the sale or sharing of your personal information (see Section 12);
Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information to necessary service delivery;
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise CCPA rights, contact us at [email protected] or use the "Do Not Sell My Personal Information" link. We will verify your identity before processing your request and respond within 45 days.

12Do Not Sell or Share My Personal Information

Proxiware does not sell your personal information to third parties for monetary consideration. We may share certain data (such as analytics identifiers) with advertising and analytics partners in ways that may constitute "sharing" under the CCPA. You have the right to opt out of such sharing.

To opt out, contact us at [email protected] with the subject line "Do Not Sell/Share My Information." We will process your request within 15 business days.

13Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or under the age of 16 in the EEA). If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete such information.

If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at [email protected].

14Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Effective Date" at the top of this page;
Notify you via email to the address associated with your Account; and/or
Display a prominent notice on our website or in the dashboard.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

15Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy & Data Requests [email protected]

Legal Inquiries [email protected]

Customer Support [email protected]

For EEA residents: Proxiware LLC does not have a statutory obligation to appoint a Data Protection Officer at this time. Privacy-related requests from EEA residents should be directed to [email protected].