Privacy Policy

1. Data Controller

The data controller for this website is:
Stefan Böck
Thalkirchner Str. 103
81371 Munich, Germany
Email: privacy@privacyproxy.dev

2. Data We Collect

We collect the following data:

  • Email address: When signing up for the waitlist or contacting us
  • Usage data: API calls, number of masked PII types (anonymized)
  • Technical data: IP address, browser type, access time (server logs)

3. No PII Storage

Important: PrivacyProxy does not store any personally identifiable information (PII) from your API requests. Masking happens in real-time in memory. Token mappings are only kept for the duration of a session and deleted afterwards.

4. Purpose of Processing

  • Providing the proxy service
  • Communication and support
  • Improving our service
  • Billing (for paying customers)

5. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR (contract performance)
  • Art. 6(1)(a) GDPR (consent, e.g., newsletter)
  • Art. 6(1)(f) GDPR (legitimate interest)

6. Your Rights

You have the right to:

  • Access your stored data
  • Rectification of inaccurate data
  • Erasure of your data
  • Restriction of processing
  • Data portability
  • Object to processing

7. Account Deletion

You can request deletion of your account at any time. Send an email to privacy@privacyproxy.dev with the subject "Delete account". We will delete your data within 72 hours and confirm the deletion by email.

Upon deletion, the following will be removed:

  • Your account data (email, registration data)
  • All API keys and provider connections
  • Active subscriptions will be cancelled

Invoice data must be retained for 10 years due to legal requirements (§ 147 AO German tax law).

8. Hosting

Our servers are operated by NOEZ GmbH, Germany. Server logs (IP addresses, access times) are automatically deleted after 7 days. A data processing agreement (DPA) according to Art. 28 GDPR has been concluded.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

9. Email Service

For sending system emails (magic links, notifications), we use Mailgun (Sinch Email) via EU servers. Only email addresses are transmitted. A data processing agreement (DPA) has been concluded.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

10. Payment Processing

We use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland) for payment processing. When subscribing to a paid plan, your email address is transmitted to Stripe. Payment information (credit card, SEPA) is entered directly at Stripe - we have no access to this data.

Stripe processes this data for payment handling. Stripe's privacy policy can be found at: stripe.com/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance)

11. Contact

For privacy questions: privacy@privacyproxy.dev

Last updated: December 2025