Hopefully none of the emails we send you will be considered spam but to keep you in control we have provided five email preferences within the customer dashboard and by default only one of those is enabled which is for important account related mail.
The only type of email you cannot disable are security related such as when your password is changed.
We do store a few cookies when you visit our website and we've detailed all of them below. We try to only serve you a cookie when it's relevent and so you may only receive a few of these cookies dependent on which of our pages you visit or other factors.
Cookie | Category | Description |
---|---|---|
Dashboard | Functionality | The customer dashboard will place various cookies in your browser to maintain site functionality. These include only login, ui preference and function cookies. This data is stored solely in your browser and is only accessible by proxycheck.io |
Theme Toggle | Functionality | When using the theme toggle in the top right of our pages we store a cookie in your browser to maintain your selected theme choice. This data is stored solely in your browser and is only accessible by proxycheck.io |
Cookie Accept | Functionality | When you click our cookie accept button at the top of our pages a cookie is stored in your browser so that the message won't re-appear. This data is stored solely in your browser and is only accessible by proxycheck.io |
Cloudflare | Security | This cookie is stored in your browser once you've been verified by Cloudflare as not a threat to our website and will allow you to bypass future security check screens. This data is stored solely with Cloudflare and is only accessible to Cloudflare. |
Stripe | Security | Our payment processor Stripe may put a cookie in your browser while you visit our site to help reduce payment fraud. This data is stored solely with Stripe and is only accessible to Stripe. |
Matomo | Analytics | We self-host an analytic service called Matomo which allows us to track which pages on our website our visitors are using and for how long, where our visitors are coming from elsewhere on the web and the performance of our paid advertisements. This data is stored solely on our own servers and is only accessible by proxycheck.io |
Google Ads | Analytics | If you came to our website from a Google Ad, you will have a Google Ads cookie placed in your browser so we can track conversions (how many clicks on our ads resulted in a sale). You will not receive this cookie if you did not visit our website by clicking on a Google-served advertisement. This data is stored solely with Google Ads and will be available to both us and Google through their Ads platform. |
Microsoft Ads | Analytics | If you came to our website from a Microsoft Ad, you will have a cookie placed in your browser so we can track conversions (how many clicks on our ads resulted in a sale) You will not receive this cookie if you did not visit our website by clicking on a Microsoft-served advertisement. This data is stored solely with Microsoft Ads and will be available to both us and Microsoft through their Ads platform. |
Yes, you can, with an easily accessible button called "Close Account and Erase all Data" found within the top right of the settings tab (which is the default tab) of the customer dashboard. In addition to that, we will automatically schedule your account for deletion if you've never used it or it has been inactive for over one year. Below is a table explaining the different deletion scenarios.
Cause of Deletion | What gets erased | Description |
---|---|---|
User activated | Everything | The user has clicked the delete account button from within the customer dashboard. The account and all its associated data will be erased in 30 minutes unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion. |
Account has never been used | Everything | If after thirty days the account hasn't been activated it will be scheduled for deletion in 15 days unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion. |
Account has been inactive for a year | Everything | If the account hasn't been logged into or generated a query to our API in more than one year it will be scheduled for deletion in 30 days unless cancelled through the customer dashboard. An email is sent to the user to notify them of the scheduled deletion. |
Staff activated | Everything | One year after an account is manually disabled by our staff it will be erased, this long period is to give the user time to explain their breach of our terms of service or discuss why their account was disabled with our staff who can cancel the scheduled deletion. |
If an account deletion occurs and you wish to reverse it you should contact our support immediately, we do make rigorous backups and some (but not all) of your data will still be present in these backups for up to 3 months after a scheduled deletion occurs. These restores are conducted manually by our staff due to our backup infrastructure being seperate from our live infrastructure for security.
If the email you send us is considered by us to be disposable (and shown as such on our API) then it's logged in only one place which is your accounts positive detection log. We do not store these anywhere else and we do not access your positive detection logs at any time.
If the email you send us is considered to not be disposable (aka we think it's a normal email address) then we do not store it anywhere and we perform no processing on that email of any kind. That means no saving, no logging, nothing. We do not act upon this data in any way.
When we perform checking on emails we only check the part after the @, the top level domain part. Which means you can send us a randomised first portion of the email for example instead of sending [email protected] you could send [email protected] - It's completely up to you, we do not save the emails you send us, it's simply not needed for this feature to function.
To ensure your privacy we collect only your email address to facilitate sending you an API Key and to send you important notices relating to your usage of our service. You are free to use any email address. If you do not use an API Key then we only store your IP address so that our software can record how many queries you have made upto the allowed 100 per day.
If you have an API Key we store your querying IP for a maximum of 24 hours to help us track free account abusers. If you purchase a paid subscription we ask for your name and address but those are only stored with Stripe (our payment processor) and are not stored on our own servers.
You may want to look at our GDPR Compliance page which goes into more detail about what we store and where we store it.
We record how many queries you perform with your API Key if you have one, if you do not have an API Key, we record these stats with your querying IP address. We also store a list of your positive detections if you're an API key holder, this list is accessible within your dashboard. We also store for around 5 minutes the negative detections made by our API, we then run these through our machine learning engine to find more proxies to block, only proxies found this way are stored long term with the rest of the data being discarded.
Your usage statistics, CORS domains, custom rules, custom lists and positive detections will be stored for up-to one year since you last used the service unless a manual or automatic account deletion is scheduled.
You can select within the customer dashboard to close your account and have all held information related to you erased.
A warrant canary is a piece of information we publish before we receive any kind of warrant or court order to hand over user information. If at any time we were to receive such valid warrants or court orders we would remove the warrant canary warning you that our service is no longer safe for your data. You can view our warrant canary here: https://proxycheck.io/canary.txt
Apart from these two relationships we don't share your information with any other entity.
When you protect your account with a password we hash it using bcrypt. This means a unique hash is stored by us and not your password itself. These hashes cannot be reversed back into your password and to further complicate attacks we supply a unique salt to your password prior to hashing. In real terms it means we follow industry best practices and your password is still safe in the event our database is breached.