Privacy Policy

1. Who We Are

ProxySmart Marketplace is an online marketplace that connects independent mobile proxy infrastructure providers (“Sellers” or “Farmers”) with individuals and organisations seeking mobile proxy access (“Buyers”). We operate the website at proxysmart.market and its associated API services.

For the purposes of applicable data protection law, we act as the data controller in respect of personal data collected through account registration, payment processing, and Platform interactions. We are not a data controller in respect of internet traffic passing through Sellers’ proxy infrastructure, over which we have no visibility or control.

2. Data We Collect

2.1 Account Data

When you register, we collect:

• Email address — for account identification, login, and transactional communications;
• Password — stored as a one-way cryptographic hash (bcrypt); we never store or have access to your plaintext password;
• Account role — whether you are a Buyer, Seller, or Administrator;
• Shop name — for Sellers, an optional public display name shown in marketplace listings.

2.2 Transaction & Financial Data

To process payments and manage your account balance, we collect and store:

• Deposit history (amount, method, date, payment provider reference);
• Order history (purchase date, duration, country, price, status);
• Proxy credentials issued per order (stored encrypted; accessible only to the order’s Buyer);
• Payout requests (amount, method, status, payout method details you provide);
• Platform balance and transaction ledger (all credits and debits).

We do not store full card numbers, CVVs, or raw bank account numbers. Card payments are processed by Stripe, Inc. under their own privacy policy. Cryptocurrency payments are processed by CoinGate under their own privacy policy. We receive only a payment confirmation reference.

2.3 Seller Infrastructure Data

Sellers who register ProxySmart servers on the Platform provide:

• ProxySmart server API URL (including authentication credentials);
• Server name and optional display information (city, country, notes);
• Modem IMEI numbers and carrier information (synced automatically from the ProxySmart server);
• Current modem IP addresses (updated periodically by the sync system).

These data are necessary to provide the marketplace service and are not shared with Buyers beyond what is required to deliver the Proxy Service (host, port, credentials).

2.4 Support & Communications Data

When you contact support, we collect the content of your support tickets and messages, including any attachments you provide. This data is used solely to resolve your issue and improve service quality.

2.5 Technical & Log Data

Like all web services, our servers automatically collect certain technical data:

• IP address of each request to the Platform API;
• HTTP method, endpoint, and response code;
• User-Agent string (browser/client type);
• Timestamps of all API requests;
• Audit log of significant account actions (login, order creation, payout request, etc.).

This data is used for security monitoring, fraud prevention, abuse detection, and platform diagnostics. It is retained for 90 days unless required longer for legal compliance.

2.6 Data You Choose to Provide

You may optionally provide additional data such as payout method details (bank account details, PayPal address, cryptocurrency wallet address, Wise details). This data is stored as provided and used only to process payout requests. We do not verify, validate, or assume liability for errors in payout details you provide.

3. How We Use Your Data

We use your personal data for the following purposes:

3.1 Platform Operation (Contract Performance)

• Creating and managing your account;
• Processing deposits, purchases, and payouts;
• Provisioning and managing Proxy Services you purchase;
• Displaying your listings in the marketplace (Sellers);
• Providing customer support;
• Sending transactional emails (order confirmation, expiry warnings, payout notifications).

3.2 Legal Compliance

• Complying with applicable laws, regulations, and legal process;
• Responding to lawful requests from law enforcement and government authorities;
• Enforcing our Terms of Service;
• Detecting, investigating, and preventing fraud, abuse, and illegal activity;
• Maintaining financial records as required by tax and accounting regulations.

3.3 Legitimate Interests

• Improving the Platform’s functionality and user experience;
• Monitoring for security threats and technical issues;
• Auditing Platform activity for integrity and compliance;
• Analysing aggregate, anonymised usage patterns (no individual profiling).

3.4 What We Do NOT Do

• We do not sell your personal data to third parties;
• We do not use your data for behavioural advertising or ad profiling;
• We do not monitor or record internet traffic passing through Sellers’ proxy infrastructure;
• We do not share your personal data with Sellers beyond what is necessary to provision your order;
• We do not share your email address with Buyers (Sellers receive only aggregate order information).

4. Legal Basis for Processing

Where applicable data protection law (such as the GDPR) requires us to identify a legal basis for processing:

• Contract performance — processing necessary to provide the service you have purchased or registered for (account management, order fulfilment, payouts);
• Legal obligation — processing required to comply with applicable law (financial record-keeping, responding to legal process);
• Legitimate interests — processing for fraud prevention, security monitoring, and Platform improvement, where such interests are not overridden by your rights;
• Consent — where we have specifically asked for and obtained your consent (e.g., optional marketing communications, if any).

5. Data Sharing & Disclosure

5.1 Service Providers

We share your data with the following categories of service providers who process data on our behalf:

• Payment processors — Stripe, Inc. (card payments) and CoinGate UAB (cryptocurrency payments) receive payment details and transaction references. These providers operate under their own privacy policies and are responsible for PCI-DSS compliant card data handling;
• Email delivery — MailerSend is used to deliver transactional emails. We provide your email address and order-relevant information for this purpose;
• Hosting & infrastructure — our servers and database are operated on cloud infrastructure providers. Data may be processed in data centres in the EU or other jurisdictions;
• Redis & database services — we use managed database services to store application data.

All service providers are contractually bound to process data only on our instructions and to implement appropriate security measures.

5.2 Sellers

When a Buyer purchases a Proxy Service, we share with the relevant Seller only the information necessary to provision the service (the order exists on their modem). Buyer email addresses and personal details are not shared with Sellers. Sellers see only that an order was provisioned on their infrastructure and the earnings credited to their account.

5.3 Legal Disclosures

We may disclose your personal data if required to do so by law or in the good-faith belief that such action is necessary to: comply with a legal obligation; protect and defend the rights or property of the Platform; prevent or investigate possible wrongdoing in connection with the Platform; protect the personal safety of Users or the public; or protect against legal liability.

We do not provide voluntary bulk data access to law enforcement. We respond to specific, lawful legal process (court orders, subpoenas, official legal requests) with appropriate legal review.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of the Platform or substantially all of its assets, User data may be transferred to the acquiring entity. You will be notified via email or a prominent Platform notice before your data becomes subject to a different privacy policy.

5.5 No Sale of Data

We do not sell, rent, or lease your personal data to any third party for their own marketing, advertising, or commercial purposes.

6. Proxy Traffic & Data

ProxySmart Marketplace does not monitor, intercept, log, store, analyse, or have any visibility into internet traffic passing through Sellers’ proxy infrastructure. All internet traffic travels directly between the Buyer and the internet via the Seller’s modem and mobile carrier. This traffic is entirely outside the Platform’s infrastructure.

Sellers’ ProxySmart Software may maintain connection logs on Sellers’ own servers. These logs are under the sole control of the Seller, not the Platform. We do not access Sellers’ local server logs.

The Platform stores only metadata necessary to manage orders: which modem was used, order duration, status, and whether the port was successfully provisioned or released. No traffic content, URLs visited, or data transmitted by Buyers is stored by the Platform.

7. Data Retention

We retain your data as follows:

• Account data — retained for as long as your account is active and for 3 years after account closure, unless a longer period is required by applicable law;
• Financial records — retained for 7 years from the relevant transaction date as required by applicable tax and accounting law;
• Order records — retained indefinitely for financial and audit purposes, with proxy credentials deleted 30 days after order expiry;
• Support tickets — retained for 2 years after closure;
• Access logs — retained for 90 days for security and fraud monitoring;
• Audit logs — retained for 5 years for compliance purposes.

You may request deletion of your account and associated personal data at any time. We will comply within 30 days, except where retention is required by law or where data is required to resolve outstanding disputes or enforce our Terms.

8. Security

We implement industry-standard security measures to protect your personal data, including:

• Passwords stored as one-way bcrypt hashes (cost factor 12) — we cannot recover your password;
• JSON Web Tokens (JWT) with per-user revocation support via tokenVersion mechanism;
• TLS/HTTPS encryption for all data in transit;
• Restricted database access — only the application server connects to the database;
• API server-side credential storage — proxy server credentials are stored server-side and not exposed to browsers;
• Audit logging of all significant security events;
• Rate limiting on authentication endpoints to prevent brute-force attacks.

Despite our security measures, no system is perfectly secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

9. Cookies & Tracking

The Platform uses minimal client-side storage:

• Authentication token — your JWT access token is stored in browser localStorage to maintain your login session. This is essential for the Platform to function and is not a tracking cookie;
• Theme preference — your light/dark mode preference is stored in localStorage. This is a purely functional preference with no tracking purpose;
• No third-party tracking cookies — we do not use Google Analytics, Facebook Pixel, advertising networks, or any third-party behavioural tracking technology;
• No cross-site tracking — we do not track your activity across other websites.

Our payment provider (Stripe) may set cookies when you interact with their payment flow. These are governed by Stripe’s own cookie policy.

10. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal data:

• Access — the right to obtain a copy of the personal data we hold about you;
• Rectification — the right to correct inaccurate or incomplete data;
• Erasure (“right to be forgotten”) — the right to request deletion of your personal data, subject to legal retention obligations;
• Restriction — the right to request that we limit processing of your data in certain circumstances;
• Portability — the right to receive your data in a structured, machine-readable format;
• Objection — the right to object to processing based on legitimate interests;
• Withdrawal of consent — where processing is based on consent, the right to withdraw it at any time;
• Complaint — the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@proxysmart.market. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

We will not discriminate against you for exercising your privacy rights. Exercising your rights does not affect your ability to use the Platform except where data deletion is requested (in which case your account must be closed).

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside your home country. Where such transfers occur, we take steps to ensure appropriate safeguards are in place in accordance with applicable data protection law, such as standard contractual clauses or adequacy decisions.

Our payment providers (Stripe, CoinGate) and email provider (MailerSend) may process data in the United States or European Union. Each operates under its own data transfer mechanisms.

12. Children

The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a user under 18 has provided personal data, we will delete that data and terminate the account. If you believe a child has registered on our Platform, please contact us at privacy@proxysmart.market.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will provide notice by email or through a prominent Platform notice at least 14 days before the change takes effect. Your continued use of the Platform after such notice constitutes acceptance of the updated policy.

14. Contact & Data Protection

For any questions, concerns, or requests related to your privacy or this policy, please contact:

We aim to respond to all privacy inquiries within 30 days. For urgent matters or data breach reports, please include “URGENT” in your subject line.