Skip to main content
Legal

Privacy policy

Last updated: May 2026

1. The short version

We collect the minimum we need to run the service, bill you, and keep abusers off the network. We don't sell your data. We don't read your traffic. You can ask for a copy or deletion anytime, and we'll honour it within 30 days.

2. Who we are

"Proxier.co" (referred to as "we", "us", "our" in this policy) operates a mobile proxy service. We are the data controller for the personal data described below, processed when you sign up for an account, buy a proxy, or use our website.

3. What we collect

3.1 β€” From you, when you sign up or pay

  • Email address
  • Display name (optional)
  • Hashed password
  • Billing details processed by our payment provider (Stripe). We never see or store your full card number.
  • Company name and VAT ID, if you ask for a B2B invoice

3.2 β€” From your browser, when you visit the site

  • IP address (used for security, fraud prevention, geolocation rough-grain)
  • User agent (browser, OS)
  • Pages visited, referrer, time on page (analytics)
  • A few essential cookies (session, CSRF, language preference)

3.3 β€” From the proxy service itself, while you use it

  • Authentication metadata (which port, which session, when, from which IP)
  • Volume metrics (requests, bandwidth) for billing and quota enforcement
  • Error events (timeouts, 5xx returns) for debugging

What we never collect: the URLs you visit through the proxy, the headers you send, the bodies you POST, or the responses you receive. The proxy is a transparent tunnel β€” we count packets, we don't read them.

4. Why we use it (legal basis)

  • Contract performance β€” running your account, delivering proxies, billing, support.
  • Legitimate interest β€” security, fraud prevention, abuse detection, product improvement.
  • Legal obligation β€” accounting, tax, anti-money-laundering when applicable.
  • Consent β€” analytics cookies and marketing emails are opt-in. You can withdraw at any time.

5. How long we keep it

  • Account data: as long as your account exists, plus 6 months after deletion (in case you change your mind).
  • Invoices and tax records: 10 years (legal requirement in the EU).
  • Service logs (auth, traffic counters): 90 days, then aggregated anonymously.
  • Support emails: 2 years.
  • Analytics: 14 months.

6. Who we share it with

We share data with the absolute minimum number of vendors to run the service:

  • Stripe β€” payment processing
  • Postmark β€” transactional email
  • Hetzner / OVH β€” server hosting in the EU
  • Plausible β€” privacy-friendly analytics (no cookies, no personal data)
  • Sentry β€” error tracking (with PII scrubbing)

Each one is bound by a Data Processing Agreement and processes data only on our instructions. We do not sell your data, period. We do not share it with advertisers, brokers, or "data partners".

We may disclose data when legally compelled by a valid court order, subpoena, or law enforcement request from a jurisdiction where we are required to comply. When the law allows it, we notify you first.

7. International transfers

Our primary infrastructure runs in the EU. Some sub-processors (e.g. Stripe, Sentry) are based in the US. Transfers happen under the EU Standard Contractual Clauses and, where available, the EU–US Data Privacy Framework.

8. Your rights (GDPR)

If you are in the EU, UK, or any country with similar laws, you have the right to:

  • Access β€” get a copy of every piece of personal data we hold on you
  • Rectification β€” correct anything inaccurate
  • Erasure β€” ask us to delete your data ("right to be forgotten")
  • Restriction β€” limit how we process it
  • Portability β€” receive your data in a machine-readable format
  • Objection β€” object to processing based on legitimate interest
  • Withdraw consent β€” when processing was based on consent
  • Lodge a complaint β€” with your local data protection authority

To exercise any of these rights, email abuse@proxier.co. We respond within 30 days, free of charge.

9. Data security

We use industry-standard practices: TLS 1.2+ everywhere, encryption at rest for databases, hashed passwords (Argon2), 2FA available on every account, least-privilege access for staff, and audited logs. Despite all of this, no system is 100% secure β€” we'll notify affected users without undue delay if a breach happens.

10. Cookies

We use a minimal set of cookies:

  • Essential (always on): session, CSRF token, language preference. No consent banner needed for these under GDPR.
  • Analytics (opt-in): we use Plausible, which is cookie-less and doesn't track individuals. We may add a banner if we ever switch to a tracker-based provider.

You can clear cookies anytime through your browser settings.

11. Children

The service is not intended for users under 16. We don't knowingly collect data from minors. If you believe a child has signed up, contact us and we'll delete the account.

12. Changes to this policy

We update this page when our practices change. The "last updated" date at the top reflects the most recent version. Material changes are announced by email at least 14 days before they take effect.

13. Contact

Privacy questions, GDPR requests, security disclosures: abuse@proxier.co β€” or via our contact page.