Privacy Policy
At Proxykit, your privacy is a first-class concern. This policy explains what data we collect, how we use it, and the rights you have over your information — in full compliance with GDPR, CCPA, and applicable data protection law.
1. Information We Collect
We collect information you provide directly when you register for an account via Clerk, purchase a proxy plan, or contact us for support. This includes your full name, email address, billing country, and IP address at time of registration. When you connect through our proxy infrastructure, we log connection metadata (timestamps, bandwidth consumed, destination hostname) strictly for security, billing, and anti-abuse purposes. We do not inspect, store, or analyse the content of your traffic.
2. Payment & Billing Data
All payment processing is handled exclusively by Paystack, a PCI DSS Level 1 compliant payment processor. Proxykit does not store, transmit, or have access to your full card number, CVV, or bank account details. We retain only non-sensitive billing records such as transaction reference IDs, plan purchased, and payment status for accounting and dispute resolution purposes. Paystack's processing is governed by their own Privacy Policy.
3. How We Use Your Data
We use your personal information to: (a) create and maintain your account; (b) provision and manage proxy services you have purchased; (c) process payments and send receipts; (d) send service-critical notifications such as bandwidth alerts and plan expiry reminders; (e) investigate abuse reports and enforce our Abuse Policy; (f) comply with applicable legal obligations including tax regulations and law enforcement requests backed by valid legal process; and (g) improve our platform through aggregated, anonymised analytics.
4. Data Sharing & Third Parties
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share data only with: Clerk (identity and session management), Paystack (payment processing), Convex (real-time database hosting), Vercel (hosting and edge delivery), and Cloudflare (DDoS protection and DNS). Each sub-processor is bound by a Data Processing Agreement (DPA) and handles data in accordance with GDPR and applicable privacy law. We may disclose data if required by law, court order, or governmental authority.
5. Data Retention
Account data is retained for as long as your account remains active. Connection logs are retained for a maximum of 90 days for security and legal investigation purposes, after which they are automatically purged. Billing records are retained for 7 years to comply with financial regulations. Upon account termination, personal data is deleted within 30 days, except where retention is required by law.
6. Security Measures
We implement industry-standard security practices to protect your data. This includes TLS 1.3 encryption in transit for all dashboard communications, Cloudflare edge protection against DDoS and injection attacks, and role-based access controls within our internal systems. Sensitive credentials such as API keys are stored as one-way hashed values. We conduct periodic security reviews and maintain an incident response plan. In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR.
7. Your Rights (GDPR & CCPA)
If you are located in the European Economic Area (EEA), United Kingdom, or California, you have specific rights regarding your personal data. These include: the right to access a copy of your data; the right to correct inaccurate data; the right to erasure ("right to be forgotten"); the right to restrict processing; the right to data portability; the right to object to processing; and the right to withdraw consent at any time. To exercise any of these rights, please email support@proxy-kit.com. We will respond within 30 days.
8. International Data Transfers
Proxykit operates globally and your data may be processed in countries outside your home jurisdiction. Where data is transferred from the EEA or UK to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an appropriate level of protection. By using our services, you acknowledge these international transfers.
9. Children's Privacy
Proxykit services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will immediately terminate their account and delete all associated data. If you believe a minor has registered with our service, please contact us at support@proxy-kit.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you via email and update the "Last Updated" date at the top of this page. Continued use of Proxykit after the effective date of changes constitutes your acceptance of the updated policy.
Questions about your data?
If you have any concerns about how we handle your personal data, wish to exercise your rights, or want to request account deletion, please reach out to our compliance team.