Client area Sign in

Privacy policy

This policy explains how we handle personal data when you visit cloakproxy.com, use the client dashboard, or consume the proxy Service.

Effective date: 12 May 2026.

Controller. The controller for personal data described in this policy is the operator of Cloak Proxy identified in your account materials or, where applicable, in a written agreement with your organisation, trading as Cloak Proxy (“we”, “us”). Privacy requests: sales@cloakproxy.com with subject line “Privacy request”. We verify identity before disclosing or deleting account-level information. Registered office and company identifiers are supplied on request where required for regulatory correspondence.

1. Scope

This policy does not describe how you process personal data of your own end users when you route their traffic through our network. In that situation you are typically an independent controller (or processor to your own customers) and our Data processing agreement may apply where GDPR requires a processor contract.

We are not responsible for your decisions about what traffic to send, what personal data may be contained in that traffic, or disputes between you and third parties about that processing. Your relationship with your own users and regulators is separate from our role as described here and in our Terms of service.

2. Data we collect

Depending on how you interact with us, we may process:

  • Account and authentication data: email address, password hash, optional profile fields you supply, session tokens, security logs.
  • Commercial and account records: identifiers and metadata our systems or checkout partners create to evidence account activity (for example transaction references or status flags), where applicable.
  • Service usage and technical data: timestamps, source IP addresses connecting to our gateways, protocol metadata, bytes transferred, error codes, targeting headers you voluntarily send (for example country or session identifiers), and similar telemetry needed to meter, secure, and operate the Service.
  • Support and communications: messages you send via chat, email, or Telegram, including attachments you choose to provide.
  • Website analytics (if enabled): limited device and usage data through cookies or similar technologies, as described in any cookie banner or consent tool we deploy.

We do not seek special categories of personal data through support channels. Do not submit such information unless you are legally required to do so and have coordinated the transfer in advance.

3. Purposes and lawful bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on one or more of the following:

  • Performance of a contract — to open and maintain your account and deliver the Service.
  • Legitimate interests — to secure networks, prevent fraud and abuse, improve reliability, analyse aggregate usage, and communicate service messages; balanced against your rights.
  • Legal obligation — to comply with court orders, lawful requests from public authorities, accounting rules, or sanctions screening where required.
  • Consent — where we ask for consent (for example non-essential cookies or marketing), you may withdraw it without affecting lawful processing on other bases.

4. Sharing and processors

We use service providers who process personal data on our instructions, including for example hosting, email delivery, payments-related infrastructure where used (for example cryptocurrency gateways such as NOWPayments), customer chat (for example Tawk.to if enabled on the site), logging, and security monitoring. We require them to implement appropriate confidentiality and security measures.

We may disclose information if we reasonably believe disclosure is required by law, to enforce our Terms or Acceptable use policy, or to protect the rights, property, or safety of us, our customers, or the public.

We do not sell personal data for monetary consideration. Where U.S. state privacy laws classify particular disclosures as a “sale” or “sharing,” we maintain notices and, where required, opt-out mechanisms consistent with those laws.

5. International transfers

Our infrastructure and subprocessors may be located outside your country, including outside the EEA or UK. Where required, we implement appropriate safeguards such as the UK or EU Standard Contractual Clauses and supplementary measures consistent with regulator guidance.

6. Retention

We retain personal data only as long as necessary for the purposes described in this policy and to meet legal, regulatory, tax, and security obligations. Retention periods vary by data category; security and telemetry logs may be held on rolling cycles. Aggregated or de-identified statistics may be retained without limitation.

7. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where applicable, and monitoring. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object, data portability, and to lodge a complaint with a supervisory authority. To exercise rights, email sales@cloakproxy.com with “Privacy request” in the subject. We respond within the timeframe required by law (typically within one month for EEA/UK requests, subject to extension for complex requests).

9. Children

The Service is not directed to individuals under 18, and we do not knowingly collect their personal data. If you believe we have collected such data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy periodically. Material changes will be reflected in the effective date and, where appropriate, supplementary notice through the Service.