← Back to home
GDPR Compliant

Privacy Policy

Last updated: June 10, 2026 · Effective: June 10, 2026

Table of contents

1

Data controller

The controller of the personal data collected via the airproxy.store website is:

Airproxy
Website: airproxy.store
Email address: privacy@airproxy.cloud
Service offered: resale of residential and datacenter HTTP/HTTPS proxies

By accessing the site or creating an account, you acknowledge that you have read this policy and consent to the processing of your data under the conditions described below.

2

Data collected

We collect only the data strictly necessary to provide the service. No superfluous data is gathered.

CategoryDataTime of collection
IdentificationEmail addressRegistration
AuthenticationPassword (bcrypt-hashed, never in clear text)Registration / change
FinancialTop-up history, amounts, payment method (card/crypto), Stripe transaction IDsPayment
ServicePurchased proxies (IP, port, credentials, expiry, alias), account balancePurchase
SupportSupport ticket messagesTicket opening
TechnicalConnection IP address (server logs), timestampsBrowsing / login
Data not collected: we do not collect first name, last name, postal address, phone number, date of birth or any other data not listed above. Full bank card details are processed exclusively by Stripe (PCI-DSS Level 1) and never pass through our servers.
3

Purposes and legal bases

Each processing operation is based on a legal basis within the meaning of Article 6 of the GDPR:

PurposeLegal basis (Art. 6 GDPR)
Creation and management of the customer accountPerformance of the contract (6.1.b)
Payment processing and invoicingPerformance of the contract (6.1.b)
Delivery and management of proxiesPerformance of the contract (6.1.b)
Proxy expiry notificationsLegitimate interest (6.1.f) — service continuity
Customer support (tickets)Performance of the contract (6.1.b)
Security, fraud preventionLegitimate interest (6.1.f)
Compliance with legal obligations (tax, accounting)Legal obligation (6.1.c)

We carry out no commercial canvassing and send no newsletters without prior explicit consent.

4

Data retention

DataRetention period
Account data (email, password)Account activity period + 3 years after deletion
Transaction / invoice data10 years (legal accounting obligation)
Active and expired proxiesUntil account deletion
Support tickets3 years from ticket closure
Server logs (IP, timestamps)90 days (then automatic purge)
Encrypted backups7 rolling days (automatic overwrite)
After these periods, your data is permanently deleted or irreversibly anonymized. No data is kept indefinitely.
5

Recipients and processors

Your data may be communicated to the following processors, strictly within the framework of providing the service:

ProcessorRoleData transmittedLocation
Stripe Inc.Card payment processingEmail, amount, card data (via their SDK)United States (SCC)
ResendSending transactional emailsEmail address, message contentUnited States (SCC)
OVHcloudVPS server hostingAll data (hosting)France (EU)

These processors act exclusively on our instructions and are contractually bound to comply with the GDPR. No data is sold to third parties.

6

Transfers outside the European Union

Stripe Inc. and Resend are US companies. Transfers to the United States are governed by the Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with Article 46 of the GDPR.

As the main server is hosted by OVHcloud in France, the vast majority of processing takes place within the European Union.

You can obtain a copy of the safeguards put in place for these transfers by contacting: privacy@airproxy.cloud
7

Your rights

In accordance with the GDPR (Articles 15 to 22) and the French Data Protection Act, you have the following rights:

Right of access
Obtain a copy of all the data we hold about you.
Right to rectification
Have inaccurate or incomplete data corrected.
Right to erasure
Request the deletion of your data, subject to legal retention obligations.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interest.
Right to restriction
Request the suspension of processing pending review.

To exercise one of these rights, send your request by email to privacy@airproxy.cloud, specifying your account email address and the nature of your request. We will respond within 30 days.

Right to erasure — limits: certain data (transactions, invoices) is subject to a legal retention obligation of 10 years. Their early deletion cannot be granted. In the event of an erasure request, your account will be deactivated and the data covered by a legal obligation will be archived with restricted access.
8

Cookies and trackers

The Airproxy site uses a minimal number of cookies, all strictly necessary for the operation of the service:

Cookie / StorageTypePurposeDuration
token (localStorage)FunctionalJWT authentication token — session maintenanceSession / 7 days
Stripe (iFrame / SDK)Functional third-partyPayment security, fraud detection (PCI-DSS)Session
We use no advertising cookies, no profiling cookies and no third-party analytics tools (Google Analytics, Facebook Pixel, etc.). Your browsing is not tracked for commercial purposes.

In accordance with Article 82 of the French Data Protection Act, strictly necessary cookies do not require your prior consent.

9

Data security

We implement appropriate technical and organizational measures to protect your data:

  • Password encryption: bcrypt algorithm (cost 12) — never stored in clear text
  • JWT authentication: tokens signed with a strong secret, limited validity period
  • Secure transport: HTTPS/TLS across the entire site
  • Attempt limiting: rate limiting on authentication routes (10 req/min)
  • Daily backups: encrypted, kept for 7 days, stored locally on the server
  • Restricted access: only the administrator account can access user data
  • Dependency updates: regular monitoring of vulnerabilities (npm audit)

In the event of a personal data breach likely to create a risk to your rights and freedoms, we undertake to notify the CNIL within 72 hours in accordance with Article 33 of the GDPR, and to inform you without undue delay if the risk is high (Article 34 GDPR).

10

Minors

The Airproxy service is intended exclusively for adults (18 years or older). We do not knowingly collect personal data concerning minors.

If you are a parent or legal guardian and become aware that a minor has provided us with personal data, please contact us at privacy@airproxy.cloud so that we can delete it as soon as possible.

11

Changes to the policy

We reserve the right to amend this privacy policy at any time, in particular to comply with new regulations or with the evolution of the service.

In the event of a substantial change, you will be informed by email at the address associated with your account, at least 30 days before the new provisions take effect.

The date of the last update appears at the top of this document. Continued use of the service after the effective date constitutes acceptance of the changes.

12

Contact and complaints

For any question relating to the protection of your personal data or to exercise your rights, contact our data protection officer:

📧 privacy@airproxy.cloud
Recommended subject: "GDPR – [nature of the request] – [your account email]"
Response time: 30 days maximum (Article 12 GDPR)

If you consider that your rights are not being respected, you have the right to lodge a complaint with the CNIL (French Data Protection Authority):

CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Website: www.cnil.fr · Tel: +33 1 53 73 22 22

You may also use the European online dispute resolution platform: ec.europa.eu/consumers/odr

A question about your data?

Our team is available to answer all your questions regarding privacy.

privacy@airproxy.cloud
Home Terms of Use Terms of Sale Privacy My account