FeaturesMarketplaceTeamWhitepaperStar on GitHub

Legal

Privacy Policy

Version 1.0Effective March 19, 2026

Draft notice: This is a pre-launch draft. Jurisdiction and legal entity details are placeholders pending incorporation. This document does not constitute legal advice.

1. Scope & Controller

This Privacy Policy applies to all services operated by ProxyGate ("we", "us"), including the web application at proxygate.ai, the gateway at gateway.proxygate.ai, and the @proxygate/sdk package.

ProxyGate acts as the data controller for personal data collected through the platform. This policy does not cover data processed by upstream API providers on behalf of Buyers.

2. Data We Collect

Account Data

  • Social login profile: email address, display name, and avatar from your login provider (Google or GitHub).
  • Solana wallet address: your public key, used for authentication, payments, and on-chain settlement.

Transaction Data

  • Credit deposits, withdrawals, and reservation amounts.
  • On-chain transaction signatures for USDC deposits and settlements.
  • Usage metadata: timestamps, service names, token counts, response status codes.

Technical Data

  • IP addresses (for rate limiting and abuse prevention only — not stored long-term).
  • Browser user-agent and device type (web app analytics).
  • Gateway request metadata: method, path, latency, status code. Request and response bodies are never logged.

Seller Data

  • Listing details: service name, description, pricing, capacity limits.
  • API keys — stored encrypted at rest, never logged or exposed.
  • Earnings, settlement history, and reputation scores.

3. Data We Do Not Collect

ProxyGate is designed to minimise data collection:

  • We do not read, log, or store the content of proxied API requests or responses.
  • We do not sell, rent, or share personal data with advertisers.
  • We do not use cookies for advertising or behavioural profiling.

5. How We Use Your Data

  • Authenticate your identity and authorise proxy requests.
  • Process credit transactions (deposits, reservations, settlements).
  • Route requests to optimal sellers based on pricing, capacity, and reputation.
  • Calculate and display usage analytics in your dashboard.
  • Enforce rate limits and abuse prevention.
  • Compute seller reputation scores and trust badges.
  • Send transactional notifications (settlement confirmations, security alerts).

6. Data Storage & Security

Infrastructure

  • Application data is stored in a managed database with row-level security policies.
  • Real-time data (credits, capacity, rate limits) is stored with encryption in transit.
  • Seller API keys are stored in a dedicated secrets vault, encrypted at rest. Keys are only decrypted in memory during request handling.

Security Measures

  • All traffic is encrypted via TLS.
  • Wallet authentication uses cryptographic signatures with single-use nonces.
  • Platform transaction signing uses hardware-backed key management (keys never leave secure hardware).
  • Seller API keys are never included in logs, error messages, or API responses.
  • Audit logging for all security-sensitive operations.

7. Data Sharing

We share data only in the following circumstances:

  • Upstream API providers: your proxy request is forwarded to the seller's API provider. We inject the seller's key server-side — your identity is not disclosed to the provider.
  • Solana blockchain: deposit and settlement transactions are recorded on-chain. Wallet addresses and transaction amounts are publicly visible.
  • Infrastructure providers: our hosting, database, and caching providers process data on our behalf under data processing agreements.
  • Legal requirements: we may disclose data if required by law, court order, or regulatory request.

We do not sell personal data. We do not share data with advertisers or data brokers.

8. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion.
  • Transaction records: retained for 7 years to comply with financial record-keeping obligations.
  • Usage metadata: aggregated after 90 days, individual records deleted after 1 year.
  • IP addresses: rate-limit counters expire automatically (typically within minutes). IP addresses may be retained in security event logs for fraud prevention and are subject to the retention periods described above.
  • Seller API keys: deleted immediately upon seller request or listing removal.
  • On-chain data: blockchain transactions are immutable and cannot be deleted. Only wallet addresses and amounts are recorded on-chain.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data (subject to legal retention obligations and blockchain immutability).
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: limit how we process your data.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@proxygate.ai. We will respond within 30 days.

10. Cookies & Local Storage

  • Authentication cookies: session tokens (strictly necessary, cannot be disabled).
  • Local storage: wallet connection state and UI preferences.
  • Analytics: we use anonymised usage analytics to improve the platform. No advertising or behavioural profiling cookies are used.

11. International Data Transfers

Our infrastructure is hosted in the EU (Europe West). If you access ProxyGate from outside the EU, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for any international transfers in compliance with applicable data protection laws.

12. Children's Privacy

ProxyGate is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at privacy@proxygate.ai and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform dashboard or email. The "Effective" date at the top of this page indicates when the current version took effect.

Continued use of ProxyGate after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions or to exercise your data rights, contact us at: privacy@proxygate.ai.

ProxyGate Privacy Policy — Version 1.0 — Effective March 19, 2026

This document is subject to change. Always check /privacy for the current version.