ProxyCrown Ltd ("ProxyCrown", "we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you hold over it. It applies to our website, customer dashboard, proxy infrastructure, and all related services. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable international data protection laws.
Information We Collect
We collect information you provide directly, including full name, business email address, company name, billing address, and payment card details (tokenised by our third-party payment processor — we never store raw card numbers). We collect information generated through your use of the service, including dashboard activity, API request metadata (endpoint called, response codes, latency, bandwidth consumed), proxy gateway logs (source IP, destination hostname, timestamp, bytes transferred — no request or response payload content), and session identifiers. We also collect limited technical data from your browser, including IP address, user agent, preferred language, and referring URL, for security and analytics purposes.
How We Use Your Data
We process your personal data on the following legal bases: (a) Contract performance — to authenticate your identity, provision the proxy service, process payments, and provide technical support; (b) Legitimate interests — to detect and prevent fraud, abuse, and security incidents, to improve service performance, and to send transactional communications about your account; (c) Legal obligation — to comply with tax, anti-money-laundering, and lawful court or government orders; (d) Consent — to send marketing communications (you may withdraw consent at any time via the unsubscribe link or by emailing privacy@proxycrown.com). We do not sell your personal data. We do not use your data for behavioural advertising.
Payment Processing
All payment transactions are handled exclusively by our third-party payment providers, each a PCI DSS Level 1 certified payment service provider. When you enter your payment details, that information is transmitted directly to the payment provider's servers using TLS encryption; it does not pass through or reside on ProxyCrown's infrastructure. ProxyCrown receives only a tokenised reference (a payment provider customer ID and last-four card digits) for billing management purposes. Each payment provider's use of your payment data is governed by its own privacy policy, which is available on that provider's website. For subscription plans, the payment provider stores your payment method to facilitate automatic renewals as described in our Terms of Service.
Data Retention
Account data (name, email, billing details) is retained for the duration of your active account and for 24 months after account closure to satisfy our tax, audit, and fraud-prevention obligations. Proxy gateway logs are retained in identifiable form for 30 days, after which they are aggregated and the raw records are irreversibly deleted. API access tokens are invalidated upon account closure. Backup copies are destroyed within 90 days of the applicable retention expiry. If you request erasure of your data under applicable law, we will fulfil the request within 30 days, subject to retention obligations we cannot lawfully waive.
Security Measures
We implement administrative, technical, and physical safeguards designed to protect your personal data. All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Production systems are access-controlled via role-based permissions and multi-factor authentication. Credentials and secrets are stored in hardware-security-module-backed vaults. We conduct annual third-party penetration tests and maintain a vulnerability disclosure programme. While no system is perfectly secure, we promptly investigate and respond to any suspected data incidents and will notify affected individuals and authorities as required by law.
International Data Transfers
ProxyCrown operates infrastructure in the European Union, the United Kingdom, the United States, and the Asia-Pacific region. When personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to countries that the relevant authority has not deemed to provide adequate protection, we rely on Standard Contractual Clauses (EU SCCs) approved by the European Commission and the UK International Data Transfer Addendum (IDTA), supplemented by technical safeguards including encryption in transit and at rest and pseudonymisation where feasible.
Your Rights
Depending on your jurisdiction, you hold the following rights regarding your personal data: Right of access — request a copy of the data we hold about you; Right to rectification — request correction of inaccurate or incomplete data; Right to erasure — request deletion of data we are not legally required to retain; Right to restriction — request that we limit processing in specific circumstances; Right to data portability — receive your data in a structured, machine-readable format; Right to object — object to processing based on legitimate interests; Right to withdraw consent — withdraw consent for marketing at any time without affecting prior processing. CCPA-specific rights: You have the right to know, delete, and opt out of the sale of personal information (we do not sell personal information). To exercise any of these rights, email privacy@proxycrown.com with subject line "Data Subject Request" and verify your identity. We respond within 30 days. EU residents may also lodge a complaint with their national data protection authority.
Children's Privacy
ProxyCrown is a business-to-business service intended exclusively for adults aged 18 and over. We do not knowingly collect, process, or store personal data from individuals under the age of 16. If you have reason to believe that a minor has provided personal data to us, please notify us immediately at privacy@proxycrown.com. Upon receiving credible notice, we will take prompt steps to delete the information.
Questions About Your Privacy?
Our Data Protection Officer is available to answer privacy inquiries, process data subject requests, and provide copies of our data processing agreements. We respond within one business day.