Privacy Policy

GDPR Compliant Data Protection • Last updated: June 8, 2026

1. Data Controller

Service: RoxyProxy

Activity: Dedicated 4G mobile proxy service

Location: Bordeaux, France

Contact: @roxyproxyshop (Telegram)

DPO: Data protection contact available via Telegram

2. Data We Collect

As part of providing dedicated 4G proxy services, we collect the following categories of personal data:

A. Account Data

  • Telegram ID: Unique identifier for authentication and support
  • Username: Telegram handle (optional, for easier communication)
  • Subscription date: Timestamp of service activation
  • Plan type: Package purchased (24H, 7 days, 30 days)

B. Technical Logs (7-Day Retention)

  • Source IP address: Your IP when connecting to proxy
  • Connection timestamp: Date/time of proxy authentication
  • Data volume: Bandwidth consumed (unlimited but monitored for abuse)
  • Protocol used: SOCKS5, HTTP(S), or OpenVPN

🔒 Automatic Deletion:

Technical logs are automatically deleted after 7 days (Art. 6 French Data Retention Law).

C. Payment Information (via Third Parties)

  • Cryptocurrency: Transaction hash (BTC/USDT/ETH) - anonymous
  • Stripe/PayPal: We do NOT store card numbers (handled by payment processors)
  • Amount & date: Stored for invoicing (10-year legal requirement)

D. Cookies & Website Analytics

  • Google Analytics: Anonymous visitor statistics (consent required)
  • Consent cookie: Stores your cookie preferences (13 months)
  • No tracking pixels: We do not use Facebook Pixel or similar trackers

3. Legal Basis for Processing

Contract Execution (Art. 6.1.b GDPR)

Processing your Telegram ID, subscription data, and connection logs is necessary to provide the proxy service you ordered.

Legitimate Interest (Art. 6.1.f GDPR)

Detecting abuse (fraud prevention, DDoS protection) and network security monitoring.

Consent (Art. 6.1.a GDPR)

Google Analytics cookies - you can accept or refuse via our cookie banner.

Legal Obligation (Art. 6.1.c GDPR)

10-year invoice retention (French Tax Code) and response to judicial requests (Art. 6 LCEN).

4. Zero-Logging Policy

✓ WHAT WE DO NOT LOG

  • Websites visited: We do not monitor or record URLs/domains you access via proxy
  • Request content: HTTP headers, POST data, cookies sent to third-party sites - never inspected
  • Search queries: Google searches, social media activity - completely private
  • Long-term behavior: Logs deleted after 7 days, no historical profiling

Technical Implementation:

Traffic transits through RAM-only buffers without disk logging. Only connection metadata (timestamp, volume) stored temporarily for abuse prevention.

5. Data Recipients

Your personal data may be shared with the following categories of recipients:

Infrastructure Providers

OVH France: Server hosting (ISO 27001 certified, France-based)

Servers physically located in France (GDPR compliant, no international transfers)

Payment Processors

Stripe: Card payments (PCI-DSS Level 1 certified)
PayPal: Alternative payment method
Crypto: Anonymous, no personal data shared

Analytics

Google Analytics: Anonymous website statistics (only with your consent)

Legal Authorities

We may disclose data to French judicial authorities in response to valid legal requisitions (Art. 6 LCEN - Electronic Commerce Law). This only applies to connection logs (IP, timestamp), not browsing activity (which we don't collect).

6. Data Retention Periods

Account Data

3 years after last activity (CNIL recommendation)

Connection Logs

7 days (automatic deletion)

Invoices

10 years (French tax law requirement)

Analytics Cookies

13 months (CNIL guidelines)

7. Your GDPR Rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

1. Right of Access (Art. 15 GDPR)

Obtain confirmation of whether we process your data and receive a copy of all information we hold about you.

2. Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete personal data (e.g., update Telegram username).

3. Right to Erasure - "Right to be Forgotten" (Art. 17 GDPR)

Request deletion of your personal data in the following cases:

  • Data no longer necessary for original purpose
  • You withdraw consent (for cookie/analytics processing)
  • You object to processing and we have no overriding legitimate grounds

Exception: We must retain invoices for 10 years (French tax law) and may retain data for ongoing legal claims.

4. Right to Data Portability (Art. 20 GDPR)

Receive your data in machine-readable format (JSON/CSV) to transfer to another provider.

5. Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interest (e.g., analytics, direct marketing).

6. Right to Restriction of Processing (Art. 18 GDPR)

Request temporary suspension of processing while we verify accuracy or assess your objection.

7. Right to Withdraw Consent (Art. 7.3 GDPR)

Withdraw consent for cookies or analytics at any time (does not affect previous lawful processing).

Exercising Your Rights:

Contact us via Telegram: @roxyproxyshop

We will respond within 30 days (Art. 12.3 GDPR). Identity verification required to prevent unauthorized disclosure.

File a Complaint:

If you believe we are violating GDPR, you can lodge a complaint with the French data protection authority:

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Phone: +33 (0)1 53 73 22 22
Website: www.cnil.fr/en/complaints

8. Data Security

We implement technical and organizational measures to protect your data:

  • Encryption in transit: TLS 1.3 for all website/API communications
  • Authentication: Strong password hashing (bcrypt), unique credentials per line
  • Network isolation: Proxy servers in VLAN-segmented environment
  • Access control: Only authorized administrators can access database
  • Monitoring: 24/7 intrusion detection and security logging

Breach Notification:

In case of a data breach, we will notify you and the CNIL within 72 hours as required by Art. 33-34 GDPR.

9. International Transfers

✓ NO INTERNATIONAL TRANSFERS

All data is stored exclusively in France and the European Union. We do not transfer personal data to countries outside the EU/EEA.

Hosting: OVH France (Gravelines, Roubaix datacenter)
Payment processors: Stripe (EU entities), PayPal (EU subsidiaries)
Google Analytics: Configured with EU data processing terms, IP anonymization

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates the most recent revision. Significant changes will be notified via Telegram or email.

← Back to homepage