privacy / proxycheck.io

What spam should I expect from you once I hand over my email address?

Hopefully none of the emails we send you will be considered spam but to keep you in control we have provided five email preferences within the customer dashboard and by default only one of those is enabled which is for important account related mail.

The only type of email you cannot disable are security related such as when your password is changed.

Do you store cookies in my browser when I visit your website and if so what are they for?

We do store a few cookies when you visit our website and we've detailed all of them below. We try to only serve you a cookie when it's relevent and so you may only receive a few of these cookies dependent on which of our pages you visit or other factors.

Cookie Category Description
Dashboard Functionality The customer dashboard will place various cookies in your browser to maintain site functionality. These include only login, ui preference and function cookies.
This data is stored solely in your browser and is only accessible by proxycheck.io
Theme Toggle Functionality When using the theme toggle in the top right of our pages we store a cookie in your browser to maintain your selected theme choice.
This data is stored solely in your browser and is only accessible by proxycheck.io
Cookie Accept Functionality When you click our cookie accept button at the top of our pages a cookie is stored in your browser so that the message won't re-appear.
This data is stored solely in your browser and is only accessible by proxycheck.io
Cloudflare Security This cookie is stored in your browser once you've been verified by Cloudflare as not a threat to our website and will allow you to bypass future security check screens.
This data is stored solely with Cloudflare and is only accessible to Cloudflare.
Stripe Security Our payment processor Stripe may put a cookie in your browser while you visit our site to help reduce payment fraud.
This data is stored solely with Stripe and is only accessible to Stripe.
Matomo Analytics We self-host an analytic service called Matomo which allows us to track which pages on our website our visitors are using and for how long, where our visitors are coming from elsewhere on the web and the performance of our paid advertisements.
This data is stored solely on our own servers and is only accessible by proxycheck.io
Google Ads Analytics If you came to our website from a Google Ad, you will have a Google Ads cookie placed in your browser so we can track conversions (how many clicks on our ads resulted in a sale). You will not receive this cookie if you did not visit our website by clicking on a Google-served advertisement.
This data is stored solely with Google Ads and will be available to both us and Google through their Ads platform.
Microsoft Ads Analytics If you came to our website from a Microsoft Ad, you will have a cookie placed in your browser so we can track conversions (how many clicks on our ads resulted in a sale) You will not receive this cookie if you did not visit our website by clicking on a Microsoft-served advertisement.
This data is stored solely with Microsoft Ads and will be available to both us and Microsoft through their Ads platform.
Can I delete my account and all my data?

Yes, you can, with an easily accessible button called "Close Account and Erase all Data" found within the top right of the settings tab (which is the default tab) of the customer dashboard. In addition to that, we will automatically schedule your account for deletion if you've never used it or it has been inactive for over one year. Below is a table explaining the different deletion scenarios.

Cause of Deletion What gets erased Description
User activated Everything The user has clicked the delete account button from within the customer dashboard. The account and all its associated data will be erased in 30 minutes unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion.
Account has never been used Everything If after thirty days the account hasn't been activated it will be scheduled for deletion in 15 days unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion.
Account has been inactive for a year Everything If the account hasn't been logged into or generated a query to our API in more than one year it will be scheduled for deletion in 30 days unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion.
Staff activated Everything One year after an account is manually disabled by our staff it will be erased, this long period is to give the user time to explain their breach of our terms of service or discuss why their account was disabled with our staff who can cancel the scheduled deletion.

If an account deletion occurs and you wish to reverse it you should contact our support immediately, we do make rigorous backups and some (but not all) of your data will still be present in these backups for up to 3 months after a scheduled deletion occurs. These restores are conducted manually by our staff due to our backup infrastructure being seperate from our live infrastructure for security.

If I use your disposable email detection feature what happens to the emails I send you?

If the email you send us is considered by us to be disposable (and shown as such on our API) then it's logged in only one place which is your accounts positive detection log. We do not store these anywhere else and we do not access your positive detection logs at any time.

If the email you send us is considered to not be disposable (aka we think it's a normal email address) then we do not store it anywhere and we perform no processing on that email of any kind. That means no saving, no logging, nothing. We do not act upon this data in any way.

When we perform checking on emails we only check the part after the @, the top level domain part. Which means you can send us a randomised first portion of the email for example instead of sending [email protected] you could send [email protected] - It's completely up to you, we do not save the emails you send us, it's simply not needed for this feature to function.

What information do you collect and store when I sign up for your service?

To ensure your privacy we collect only your email address to facilitate sending you an API Key and to send you important notices relating to your usage of our service. You are free to use any email address. If you do not use an API Key then we only store your IP address so that our software can record how many queries you have made upto the allowed 100 per day.

If you have an API Key we store your querying IP for a maximum of 24 hours to help us track free account abusers. If you purchase a paid subscription we ask for your name and address but those are only stored with Stripe (our payment processor) and are not stored on our own servers.

You may want to look at our GDPR Compliance page which goes into more detail about what we store and where we store it.

Do you collect or store any usage/stats information relating to my account?

We record how many queries you perform with your API Key if you have one, if you do not have an API Key, we record these stats with your querying IP address. We also store a list of your positive detections if you're an API key holder, this list is accessible within your dashboard. We also store for around 5 minutes the negative detections made by our API, we then run these through our machine learning engine to find more proxies to block, only proxies found this way are stored long term with the rest of the data being discarded.

What information is stored when I stop using your service?

Your usage statistics, CORS domains, custom rules, custom lists and positive detections will be stored for up-to one year since you last used the service unless a manual or automatic account deletion is scheduled.

You can select within the customer dashboard to close your account and have all held information related to you erased.

What is a warrant canary and why do you have one?

A warrant canary is a piece of information we publish before we receive any kind of warrant or court order to hand over user information. If at any time we were to receive such valid warrants or court orders we would remove the warrant canary warning you that our service is no longer safe for your data. You can view our warrant canary here: https://proxycheck.io/canary.txt

Who do you share my data with?
  • Your email address is shared with Amazon who are our mail carrier, this relationship does not give them the permission to use, resell or share your email address with anyone. They are only allowed to forward mails directly from us to you.
  • If you signup for a paid plan your email address and billing information are shared with Stripe who are our bank card processor. This relationship does not give them the permission to use, resell or share any of your information.

Apart from these two relationships we don't share your information with any other entity.

If my account is protected by a password how is my password stored?

When you protect your account with a password we hash it using bcrypt. This means a unique hash is stored by us and not your password itself. These hashes cannot be reversed back into your password and to further complicate attacks we supply a unique salt to your password prior to hashing. In real terms it means we follow industry best practices and your password is still safe in the event our database is breached.

Back
Last update: 24th of August 2023
24th of August 2023
Removed references to tawk.to and the cookie that would be set on our contact us page due to our removal of the tawk.to service from our website.
20th of November 2022
Some reformatting was performed to remove erroneous text and make the paragraphs easier to read quickly without altering the meaning.
18th of November 2022
A new section was added to detail all the ways you can delete your account and all associated data including automated removals conducted by us for unused, inactive or disabled accounts. The section describing our use of cookies and what they do was completely overhauled into a neat table with better descriptions.
27th of February 2022
A new cookie was added which details how we now track conversions for our Google Ads. If you did not come to our website via a Google Ad then no third-party conversion tracking will be performed and the Google conversion tracking Javascript will not even be served to you. A new cookie was added which details how we now track conversions for our Microsoft Ads. If you did not come to our website via a Microsoft Ad then no third-party conversion tracking will be performed and the Microsoft conversion tracking Javascript will not even be served to you. A new advertising cookie section was added giving more detail to how we track advertising conversions.
15th of February 2022
A new section regarding what happens to the emails you send us to check when utilising our disposable email feature was added.
6th of December 2021
The section regarding our tawk.to cookie use was changed as we now only serve the tawk.to chat software through our contact page. Thus you will not have this cookie set when you access any of our pages except the contact us page.
7th of October 2021
The section regarding how long your data is stored and how to erase it has been altered because you can now erase the data yourself from within the dashboard as opposed to needing to contact our support to do this.
18th of April 2021
The section regarding our cookie use was reworded, specifically the Matomo section to further clarify that we don't acquire or share our analytical data with any third parties, this has always been the case but it wasn't specifically detailed on the page until now.
13th of March 2021
The section regarding what data we store about you when you stop using the service was updated to clarify that we don't hold your positive detections forever and they are in-fact deleted after 12 months.
15th of January 2021
A new entry within the Cookie section was added for Stripe (our payment processor) which may place a cookie in your browser to help us reduce payment fraud.
19th of July 2020
A reference to Mailgun in the document was changed to Amazon as we have switched email carriers from Mailgun to Amazon.
4th of April 2019
The section about what information we store when you use our service was updated to state we now ask for your name and address when making a paid purchase but this information is stored exclusively with Stripe our payment processor.
1st of November 2018
The list of email toggles in the first privacy section was updated to replace the "promotional emails" toggle with the "Upcoming payment notice" toggle. We never sent any promotional emails so we have sunsetted that setting.
29th of October 2018
The privacy policy was updated to include instructions on how to have us delete all held information about you. The "Who do you share my data with?" section was updated to include information about our relationships with Mailgun and Stripe. Reworded the very top paragraph about email spam to be more clear. Altered the name of our self-hosted analytic service from Piwik to Matomo as the project has changed names.
7th of June 2018
Wording on the top entry "What spam should I expect from you" was updated to say we now offer five email preferences within the dashboard instead of four.