Skip to main content
Privacy Policy

What we collect, what we use, and what we do not inspect.

This policy describes the data collected when you visit the site, open the portal, purchase a plan, or use the proxy and MTProto services. Written to reflect actual data practices, not a generic template.

At a glance
Data minimization

We log the minimum account, security, billing, and connection data needed to operate the product. We do not inspect trade content, account balances, or broker identity beyond the destination host.

Operational note

Checkout is handled by ThriveCart; payments are processed by PayPal and Stripe. Card data never touches our servers. Operational logs roll after 30 days. Billing records are kept 7 years for tax compliance.

Quick posture
  • Card data processed by PayPal and Stripe, never stored on our servers.
  • Operational logs: 30-day rolling window.
  • Billing records: 7 years for tax/compliance.
  • No data sales. No marketing partners.
  • Breach notification within 72 hours of discovery.

1. Who we are

TradersProxy operates the website at tradersproxy.com, the client portal at portal.tradersproxy.com, the associated billing flows, the proxy relay service, and the MTProto relay service. References to "we," "us," or "our" in this policy mean TradersProxy and any entities through which it operates.

By using the service, you acknowledge that we may process the categories of data described below for account management, security, billing, support, abuse prevention, and legal compliance.

2. Data we collect

We collect the following categories of information depending on how you use the service:

  • Account data: email address, username, hashed password, password-reset and recovery state, plan type, device limit, route preferences, and profile settings.
  • Payment and billing data: checkout is handled by ThriveCart; payments are processed by PayPal and Stripe. We receive and store billing identifiers, order or invoice references, subscription status, purchase email, plan name, renewal state, and billing history. Raw card numbers and payment credentials are handled exclusively by the payment processors and are never stored on our servers.
  • Security and login data: IP address at login, user agent string, session cookie state, CSRF token state, a browser-bound device cookie, failed login attempts, and recovery or claim token hashes.
  • Connection and service data: IP addresses used during proxy sessions, connection counts, bandwidth totals, session timing, node-level latency and jitter measurements, and session lifetimes. This data is operational — used to run the service, enforce plan quotas, detect abuse, and diagnose issues.
  • Operational and support data: account-recovery events, billing-flow records, service diagnostics, and administrative notes generated in the course of running the platform.
  • Technical data: browser type and version, and request metadata necessary to operate the service securely.

3. What we do not inspect

Our proxy and relay services forward network traffic at the TCP layer without inspecting packet payloads. In normal operation, we do not read, store, or log:

  • the content of your trading orders or positions;
  • your account balance or equity at any broker;
  • your broker identity beyond the destination hostname and port used by your trading platform;
  • trade details, strategy parameters, or EA configuration data.

Diagnostic exception: We may temporarily enable enhanced connection-level logging for abuse investigation, troubleshooting, or service recovery. This may capture additional metadata on a limited, time-bound basis. Payload content is never part of diagnostic logging.

4. How we use data

We use the information we collect to:

  • create and manage accounts, subscriptions, and portal access;
  • authenticate users and protect accounts from unauthorized access;
  • provision and operate routing, proxy, and MTProto relay services;
  • measure usage, enforce plan quotas, and manage billing;
  • detect fraud, abuse, credential stuffing, and policy violations;
  • investigate service problems and maintain platform reliability;
  • improve routing quality, performance, and security;
  • comply with legal, tax, audit, and enforcement obligations.

5. Cookies

The portal and site use cookies for the following purposes:

  • Session cookies: required to keep you authenticated in the portal. Expire when you close your browser or after a configured idle period.
  • CSRF tokens: required for security on form submissions and API requests. Not used for tracking.
  • Browser-bound device cookie: an opaque random identifier used to bind your session to a specific browser, reducing session-hijacking risk. It is not a hardware fingerprint and is not shared across sites.
  • Proxy-password cache: a short-lived, encrypted cookie set when linked-mode portal access is active. Scoped to the portal domain only.

We do not use advertising cookies, marketing pixels, or third-party tracking scripts on the site or portal. If we add analytics in future, we will update this section to identify the provider and the data collected. You can manage cookies through your browser settings; disabling necessary cookies may break portal functionality.

6. Sharing and disclosures

We share information only in the following circumstances:

  • ThriveCart (checkout platform): manages the order flow and checkout pages. ThriveCart receives your name and email at purchase and manages billing records on our behalf. Their privacy practices are governed by the ThriveCart Privacy Policy.
  • PayPal and Stripe (payment processors): process card and payment transactions through the ThriveCart checkout. Your payment credentials are handled directly by these processors and are never stored on our servers.
  • Cloudflare (CDN and security): sits in front of our web infrastructure for DDoS protection and CDN delivery. Cloudflare may process request metadata including IP addresses and user agents in the course of providing these services.
  • Hosting and infrastructure providers: the servers and networks running the service are hosted with third-party providers. These providers process data incidental to running the platform (such as server logs) under data processing arrangements where applicable.
  • Legal and enforcement: we may disclose data when required to comply with law, respond to lawful process, protect our rights or the rights of others, investigate abuse, or respond to a verified government or regulatory request.
  • Business transfer: in the event of a merger, acquisition, or asset sale, user data may transfer as part of that transaction. We will notify affected users by email or posted notice if this occurs.

We do not sell personal data. We do not share personal data with advertising networks, data brokers, or marketing partners.

7. Retention

We retain data for as long as needed to operate the service, prevent abuse, resolve disputes, comply with law, and enforce our agreements. Specific periods:

  • Operational and connection logs (bandwidth totals, session counts, node metrics, IP addresses during proxy sessions): 30-day rolling window. Data outside this window is deleted or aggregated by automated maintenance jobs.
  • Security and login data (login events, failed attempts, session records): retained for the life of your account, and for a reasonable period after closure to support abuse prevention and dispute resolution.
  • Account data (email, plan, profile settings): retained for the life of your account. Deleted on verified account-closure request, subject to the compliance caveat below.
  • Billing and payment records: retained for 7 years from the date of the transaction for tax, accounting, and legal compliance obligations. We may retain enough to respond to chargeback and dispute processes beyond this period where required.

Some data that must be retained for legal or compliance reasons cannot be deleted on request. We will inform you if that applies to a specific deletion request.

8. Security and breach notification

We use technical and organisational safeguards designed to protect personal data, including access controls, secret management, signed and device-bound sessions, CSRF protections, and rate limiting. No system is perfectly secure, and you use the service at your own risk.

If you believe your account has been compromised, use the portal recovery and credential-rotation flows immediately.

If we become aware of a personal data breach that is likely to result in a risk to your rights or freedoms, we aim to notify affected individuals within 72 hours of discovering the breach, to the extent we can identify them and consistent with our legal obligations. We will also notify relevant supervisory authorities as required by law.

9. International transfers

TradersProxy operates with infrastructure and service providers in multiple countries. Your data may be processed in a country other than your own. Those countries may have data protection laws that differ from your jurisdiction.

Where we transfer data outside the European Economic Area or the United Kingdom, we aim to do so under appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, to the extent required by applicable law.

10. Your rights

You can update certain profile details directly through the portal. Depending on where you live, you may also have additional rights under applicable law:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to correct inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to retention obligations described in Section 7.
  • Restriction or objection: request that we restrict or stop certain processing, where applicable law permits.
  • Portability: receive certain data in a portable format, where applicable.

GDPR and UK DPA rights (EEA and UK residents): if you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation or UK GDPR respectively, including those listed above. You may also lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA): if you are a California resident, you may have rights to know what personal information we collect and how we use it, to delete personal information, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. To exercise your rights, contact us using the details in Section 13.

To submit a rights request, use the portal or contact us at the address in Section 13. We will respond within the timeframe required by applicable law.

11. Children

The service is not intended for persons under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account or provided us information, contact us and we will investigate and remove the data where appropriate.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top of this page and post the updated version on the site. For material changes, we will notify users by email or by a prominent notice in the portal. Continued use of the service after an update means you accept the revised policy to the extent permitted by law.

13. Contact

For privacy-related questions, rights requests, or concerns about how we handle your data, use the support channel in the client portal at portal.tradersproxy.com.

We aim to respond to privacy requests within the timeframe required by your jurisdiction.