Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

ProxyTool
Marvin Seipp
Email: privacy@proxytool.app

2. Data We Collect

Account Data

When you register, we collect:

• Email address
• Hashed password (if using password-based login)
• Account creation date

Subscription & Billing Data

When you subscribe to a paid plan, we process:

• Subscription plan and status
• Invoice history and amounts
• Stripe customer ID (payment processing is handled entirely by Stripe)

We do not store credit card numbers, CVVs, or full payment details. All payment processing is handled by Stripe.

Device Data

When you connect the ProxyTool desktop application, we collect:

• Device name (hostname)
• Platform (Windows/macOS)
• A unique device fingerprint for license enforcement
• Last connection timestamp

Technical Data

When you visit our website, we may process:

• IP address (for rate limiting and security)
• Browser type and version
• Pages visited and interaction timestamps

3. Purpose of Processing

We process your data for the following purposes:

• Providing and maintaining our service
• Processing payments and managing subscriptions
• License enforcement and device management
• Sending transactional emails (login codes, password resets, billing notifications)
• Preventing fraud and ensuring security
• Improving our service based on aggregated usage patterns

4. Legal Basis (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)): Account management, subscription handling, service delivery
• Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, service improvement
• Legal obligation (Art. 6(1)(c)): Tax and accounting requirements
• Consent (Art. 6(1)(a)): Marketing communications (if applicable)

5. Third-Party Services

We use the following third-party services that may process your data:

• Stripe (Dublin, Ireland / US) — Payment processing. Privacy Policy
• Supabase (US) — Database hosting. Privacy Policy
• Vercel (US) — Website hosting. Privacy Policy
• Resend (US) — Transactional emails. Privacy Policy

Data transfers to the US are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses.

6. Data Retention

• Account data: Retained until account deletion
• Billing data: Retained for 10 years (German tax law requirement)
• Device data: Deleted upon device revocation or account deletion
• Technical logs: Deleted after 30 days

7. Your Rights

Under the GDPR, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data ("right to be forgotten")
• Data portability — Receive your data in a machine-readable format
• Object — Object to processing based on legitimate interest
• Withdraw consent — Withdraw any given consent at any time

To exercise these rights, contact us at privacy@proxytool.app.

8. Cookies

We use strictly necessary cookies for authentication and session management. These are essential for the service to function and do not require consent. We do not use tracking cookies or third-party advertising cookies.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

• TLS/HTTPS encryption for all data in transit
• Encrypted database storage
• Regular security audits
• Rate limiting and intrusion detection
• Two-factor authentication for account access

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notification. Continued use of our service after changes constitutes acceptance of the updated policy.