Privacy Policy

Last updated — 31 May 2025

Welcome to Proxana (“Proxana,” “we,” “our,” or “us”). Proxana helps front-end developers route requests through lightweight proxy endpoints that automatically inject and protect sensitive API keys.

1. Contact us

  • Email: support@proxana.dev

2. Scope

This policy applies when you:

  1. Visit proxana.dev or any sub-domain (the “Site”).

  2. Sign up for or use our proxy service, dashboard, SDKs, extensions, or APIs (the “Service”).

  3. Communicate with us by email, support ticket, social media, live chat, or any other channel.

3. Data We Collect

3.1 Account data

Name, email address, password hash and salt, Stripe customer ID, and subscription tier.

3.2 API-secret data

Encrypted API keys or other credentials that you store in Proxana’s “Secrets” vault.

3.3 Usage data

Endpoint URLs, request and response metadata (HTTP method, status code, latency, bytes transferred), proxy configuration, and feature-flag settings.

3.4 Device and log data

IP address, browser and operating-system details, timestamps, diagnostic logs, and crash reports.

3.5 Payment data

Card brand, last four digits, billing country (all processed securely by Stripe).

3.6 Marketing data

Analytics events, cookie or advertising IDs, and newsletter preferences.

We do not intentionally collect or process special-category data such as race, religion, or health information.

4. Cookies & Similar Technologies

  • Essential cookies keep you logged in, prevent CSRF attacks, and allow basic Site functionality.

  • Analytics cookies (e.g. Google Analytics, PostHog) help us understand traffic patterns and improve the Service.

  • Marketing pixels (e.g. Twitter/X, LinkedIn) measure campaigns and retarget ads — they load only if you opt in.

You can adjust your preferences through your browser settings.

5. How We Use Your Data

  • Provide, maintain, and secure the Service (contractual necessity).

  • Process payments, issue invoices, and meet tax obligations (contractual necessity / legal obligation).

  • Detect abuse, rate-limit traffic, and compile aggregated metrics (legitimate interest).

  • Debug problems, run A/B tests, and improve features (legitimate interest).

  • Send essential emails such as password resets or system alerts (contractual necessity).

  • Send product updates and marketing messages only if you have opted in (consent).

6. Sharing & Disclosures

We never sell your personal data. We share it only with:

  • Google Cloud Platform for hosting infrastructure and encrypted data storage.

  • Stripe for card processing, refunds, and tax calculations.

  • Analytics providers such as Google Analytics and PostHog for usage insights (IP anonymisation enabled where possible).

  • Customer-support platforms (e.g. Zendesk or Crisp) to manage tickets and live chat.

  • Law-enforcement or regulatory agencies when required to comply with the law or a valid subpoena (reviewed by counsel).

7. International Transfers

Our primary hosting region is [e.g. europe-west1]. Whenever personal data moves outside your jurisdiction we rely on:

  • Adequacy decisions (where available);

  • EU Standard Contractual Clauses (SCCs);

  • The UK International Data-Transfer Addendum.

8. Data Retention

  • Account and billing records: kept for seven years after account closure (tax and audit requirements).

  • Encrypted API secrets: deleted immediately when you remove them, or thirty days after you delete your account.

  • Logs and metrics: retained for ninety days by default (you can configure a shorter period).

  • Back-ups: maintained on a rolling thirty-five-day schedule.

9. Security Measures

  • All traffic travels over HTTPS (TLS 1.3).

  • Secrets are encrypted at rest with AES-256 and in transit.

  • Least-privilege IAM; production and staging are fully separated.

  • Annual penetration tests and continuous dependency-vulnerability scanning.

10. Your Rights

Depending on your location you may have the right to:

  • Access a copy of your personal data.

  • Rectify incorrect or outdated information.

  • Erase data (“right to be forgotten”).

  • Restrict or object to certain kinds of processing.

  • Port data to another provider.

  • Withdraw consent for marketing at any time (processing prior to withdrawal remains lawful).

To exercise any right, email support@proxana.dev.
EU/UK residents can also complain to their local supervisory authority; U.S. residents can exercise CCPA/CPRA rights via the same email.

11. Children

The Service is not directed to children under 13 (U.S.) or 16 (EU). We do not knowingly collect data from minors. Please contact us if you believe a child has provided personal data so we can delete it.

12. Third-Party Links

Our Site may link to external resources (e.g. documentation, GitHub, YouTube). We are not responsible for their privacy practices.

13. Changes to This Policy

We will update this document whenever our practices change. Material revisions will be announced by email or dashboard notification at least fourteen days before they take effect.

Glossary

  • Personal data: any information relating to an identified or identifiable person.

  • Processing: any operation performed on personal data, such as collection, storage, or deletion.

  • GDPR, CCPA, CPRA: European and Californian data-protection regulations that give individuals specific rights.

© 2025 Proxana. All rights reserved.

Proxana Text Logo

Copyright © 2025 Proxana.

Proxana Discord Server
Proxana Subreddit
Proxana Youtube Channel

Company

Privacy Policy

Terms of Service

Pages

Home

Pricing

Blog

Docs

Home

Pricing

Blog

Docs