Privacy Policy

Last updated: May 6, 2026

1. Data Controller

ProxyLink is operated by ProxyLink, Thessaloniki, Greece.

Contact for privacy matters: [email protected]

This policy applies to all users of proxylink.dev and is written in compliance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

Account data: Your name and email address, collected when you register. Used to identify your account and communicate with you.

Request logs: When HTTP/HTTPS traffic passes through your proxy links, we log: IP address, HTTP method, path, headers (excluding Authorization and Cookie), request body (up to 64KB), response status, and response time. Visible only to you and your team. Auto-deleted after 30 days.

Audit log: Every remote access session (SSH, RDP, VNC) is logged with: actor email, source IP address, target device label, protocol, session start time, and duration. This log is immutable — it cannot be modified or deleted. It exists for NIS2 and GDPR compliance purposes. Retained indefinitely unless you close your account.

Session recordings: If you enable session recording on a proxy link, the content of RDP, VNC, and SSH sessions is captured and stored on our servers (Hetzner, Germany). During early access, recordings are auto-deleted after 3 days and storage is limited to 200 MB per account. On paid plans, recordings are retained for 14 days. Recordings can be manually deleted at any time.

Billing data: Payment processing is handled by Stripe. We do not store your card details. Stripe's privacy policy applies to payment data. No billing data is collected during the current early access period.

WireGuard VPN tunnel metadata: We store the WireGuard public key and assigned VPN IP for each tunnel you create. No traffic content passing through VPN tunnels is logged or inspected.

Windows endpoint deploy script: When you use the one-click Windows deployment feature, a script is executed on the target PC. That script sends the PC's hostname to our server (once, at installation) so the device can be labelled in your dashboard. No other data from the Windows machine is collected.

LAN scan data: When you trigger a LAN scan through a VPN tunnel, ProxyLink sends TCP/ICMP probes to IP addresses on your client's network and stores the results (IP address, open ports, detected service type) in your account. This data belongs to you and is deleted when you delete the corresponding proxy links or tunnel.

Network automation outputs: When you run automated SSH commands on remote devices (via the Automations feature), the command output is stored in your account so you can review results and compare runs. This output may contain information from the remote device such as usernames, IP addresses, or configuration data. Automation logs are visible only to you and your team. You can delete them at any time from the Automations dashboard.

MAC addresses: If you enable Wake-on-LAN on a proxy link, you may store the MAC address of the target device. This is stored in your account, visible only to you and your team, and deleted when you delete the proxy link.

Usage data: Standard web server logs (IP, timestamp, user agent) for security and abuse prevention.

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance — account data and request logs are necessary to provide the Service you signed up for
  • Legitimate interest — usage logs for security monitoring and abuse prevention
  • Legal obligation — retaining billing records as required by law

4. Data Retention

Request logs: Automatically deleted after 30 days.

Session recordings: During early access, automatically deleted after 3 days (200 MB cap per account). On paid plans, deleted after 14 days. Can be deleted manually at any time.

Audit log: Retained indefinitely for compliance. Exportable as CSV at any time. Deleted when you close your account.

Account data: Retained until you delete your account. After deletion, data is removed within 30 days.

Network automation logs: Retained until you delete them manually, or until you delete your account.

MAC addresses: Retained until you delete the proxy link or your account.

Billing records: Retained for 7 years as required by Greek tax law.

5. Third-Party Services

We use the following third-party processors:

  • Stripe (payment processing) — subscription billing and invoicing. Data processed in the US under Standard Contractual Clauses. Stripe Privacy Policy
  • Cloudflare (CDN, DDoS protection, DNS) — HTTP/HTTPS proxy link traffic passes through Cloudflare's network. TCP proxy links bypass Cloudflare and connect directly to our server. Cloudflare Privacy Policy
  • Hetzner Online GmbH (server hosting, Germany) — all data is stored on servers physically located in the EU. Hetzner Privacy Policy
  • Resend (transactional email) — used to send account registration, alert, and notification emails. Resend Privacy Policy
  • Cloudflare R2 (backup storage) — encrypted daily backups of our database and configuration files are stored in Cloudflare R2 (EU region). Backups are retained for 30 days. Cloudflare Privacy Policy
  • WireGuard (VPN protocol, open source) — self-hosted on our server. No third-party involvement in VPN traffic.
  • Apache Guacamole / guacd (browser RDP/VNC protocol gateway, open source) — self-hosted on our server. RDP and VNC session streams are processed locally. No third party receives this data.

We do not sell your data to third parties.

6. Request Logs and Your Users' Data

When you use ProxyLink to proxy traffic to your server, the requests from your end-users pass through our infrastructure. We log these requests as described in Section 2.

If your end-users are EU residents, you (as the operator of the proxy link) may be a data controller for their data. You are responsible for ensuring your use of ProxyLink complies with GDPR and any other applicable laws regarding your users' data.

We act as a data processor for request log data on your behalf. You can delete request logs at any time from the ProxyLink dashboard.

7. Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Access — request a copy of personal data we hold about you
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

8. Cookies

ProxyLink uses a single session cookie to keep you logged in. No third-party tracking cookies are used. No advertising.

9. Security

We use industry-standard security measures including HTTPS (TLS 1.2+), encrypted connections to the database, and rate limiting on all endpoints. We do not store passwords in plaintext.

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

Privacy questions or requests: [email protected]

ProxyLink, Thessaloniki, Greece