Privacy Policy

We collect account data you provide directly (name, business email, billing details), product telemetry generated when you use the dashboard or API (request counts, gateway latency, error codes), and limited technical data from your browser (IP address, user agent, language). We do not log the content of proxied requests or responses.

Personal data is used to authenticate you, prevent abuse, bill correctly, deliver product updates, and improve performance. Aggregated, de-identified telemetry helps us tune routing and capacity. We never sell your data and we never use account data for behavioural advertising.

We share data only with vetted sub-processors that help us run the service — payment providers, cloud hosting, analytics, and customer support tooling. Each sub-processor is bound by a Data Processing Agreement (DPA) compliant with the GDPR's standard contractual clauses.

All traffic is encrypted in transit (TLS 1.2+). Production secrets sit in HSM-backed vaults with strict role-based access. We perform annual third-party penetration tests and maintain a SOC 2 Type II report available under NDA on request.

You can access, correct, export, or delete your personal data at any time from the dashboard or by emailing [email protected]. EU residents may also lodge a complaint with their local supervisory authority. We respond to verified requests within 30 days.

We use a small set of strictly-necessary cookies for authentication and CSRF protection, plus first-party analytics that respect Do-Not-Track. We do not use third-party advertising trackers anywhere on our marketing site or product.

Account data is retained while your account is active and for up to 24 months after closure to satisfy tax and audit obligations. Operational logs are retained for 30 days, after which they are aggregated and the originals destroyed.

Our infrastructure spans the EU, the US, the UK, and APAC. International transfers are protected by Standard Contractual Clauses, the UK IDTA, and supplementary technical measures including encryption and pseudonymisation.

ProxyCrown is a B2B service and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact [email protected] and we will delete it promptly.

We may update this policy to reflect product, legal, or regulatory changes. Material changes will be announced in-product and via email at least 30 days before they take effect. The effective date is shown at the top of this page.