Privacy Policy

1.1Account information. When you sign up we collect your email address. Authentication uses a magic-link flow; we do not store a password.

1.2Billing information. When you purchase a bundle we collect and store the UPI transaction reference number (UTR), the amount, the GST component, the bundle reference and any payment screenshot you upload. We do not store your UPI ID, bank account number, card details or VPA.

1.3GST information. If you provide a GSTIN for B2B invoicing, we store it together with the legal name and registered address derived from it.

1.4Service-generated data. We assign each customer a system username, and each leased IP a unique listener username and password. These are stored in our database and shown to you on your dashboard.

1.5Connection metadata. While you use the proxies we record connection logs containing timestamp, source IP, destination host and port, and bytes transferred. We do not record, inspect or retain payload contents.

1.6Technical data. Standard web-server access logs (IP, user-agent, request path, response status) are kept for up to 7 days for operational diagnostics.

2.1To provide and operate the Service: provisioning IPs, authenticating proxy connections, displaying your subscription on the dashboard, sending magic-link sign-in emails, and generating GST-compliant invoices.

2.2To process payments: verifying UTRs against bank statements before activating a bundle, and reconciling payments for accounting and tax purposes.

2.3To detect and respond to abuse: investigating complaints about traffic leaving our IPs, suspending accounts in breach of the Acceptable Use clause of our Terms, and cooperating with valid law-enforcement requests.

2.4To send service communications: bundle activation, expiry reminders, suspension notices, security advisories and material policy changes. We do not send marketing emails without separate, explicit opt-in.

2.5To comply with statutory obligations under Indian tax, telecommunications and data-protection law.

We process your personal data on the following grounds under the DPDP Act:

• Your consent, given when you create an account and confirm payment.
• The performance of the contract between you and us under the Terms of Service.
• Compliance with legal obligations to which we are subject (tax, audit, lawful interception requests).
• Legitimate interest in operating, securing and improving the Service, where this does not override your rights.

4.1We do not sell or rent personal data. We share it only as described below.

4.2Sub-processors. We rely on the following third parties to operate the Service. Each processes only the minimum data needed for its function:

• Supabase (database, authentication, edge functions) — account email, hashed session tokens, billing rows.
• Our datacenter and infrastructure provider (Indian region) — connection metadata generated by your use of the proxies.
• Vercel (frontend hosting, TLS termination, and Vercel Analytics for aggregate page-view counts) — request metadata for the dashboard and marketing site. Vercel Analytics is cookieless and does not collect persistent identifiers; it samples request URL, user-agent, country and referrer.
• ImprovMX (inbound email forwarding for our published support address) — your email address and the contents of any email you send us.
• Resend (transactional and outbound email delivery) — your email address and the contents of service notifications and contact-form replies addressed to or from us.
• Meta Platforms, Inc. (Pixel and Conversions API for ad-measurement only) — hashed email address, hashed user identifier, IP address, user-agent, page URL, and a small set of standard event names (page view, signup completion, checkout initiation, payment-submission, purchase). PII fields are SHA-256 hashed before transmission. Used solely to measure ad performance for campaigns we operate on Meta's platforms; never to enable third-party advertising on this site.
• Our banking and UPI service providers — payment metadata required for settlement and reconciliation.

4.3Legal disclosure. We may disclose personal data to law enforcement, regulators or courts in response to a valid Indian legal process, and to upstream network providers and abuse desks to the extent necessary to investigate complaints about traffic from our IPs.

4.4Business transfers. If we undergo a merger, acquisition, reorganisation or sale of assets, personal data may be transferred to the successor entity, subject to this policy continuing to apply or to your prior notification.

5.1Connection logs are retained for 30 days, after which they are deleted or aggregated to non-identifying counters.

5.2Account, billing and invoice records are retained for 8 years from the end of the relevant financial year, as required under the GST Act and Income-Tax Act.

5.3Proxy credentials (listener username and password) are retained while the IP remains reserved to the customer's account, and are deleted within 60 days of the address being released under Section 6.4 of our Terms, or of account closure.

5.4Records of abuse investigations, suspensions and bans are retained for 3 years from resolution to enable re-signup screening and to comply with regulatory requests.

5.5On account closure we delete or anonymise all personal data for which there is no statutory retention requirement, within 30 days of the closure request.

5.6Aggregated and anonymised data. We may use connection-metadata counts and aggregate billing figures, with all customer-identifying fields removed, for capacity planning, internal reporting and public statistics. Such data is not subject to the retention limits in this section.

6.1We employ reasonable security practices and procedures commensurate with the sensitivity of the data, including transport encryption (HTTPS) for all dashboard and API traffic, encryption at rest of the underlying database, principle-of-least-privilege role separation between customer, admin and service roles, and network-level isolation of production infrastructure behind a default-deny firewall.

6.2Proxy listener passwords are stored in a form required by the underlying proxy software so that it can authenticate inbound connections. Access is restricted to you, our authorised operators, and the internal service role responsible for proxy configuration. Passwords are rotatable on demand from the dashboard.

6.3No security control is perfect. In the event of a personal data breach affecting your data we will notify you and the Data Protection Board of India in accordance with the timelines prescribed under the DPDP Act.

7.1We set a small number of strictly necessary cookies for authentication, session continuity and CSRF protection.

7.2Vercel Analytics, used to count aggregate page views on the marketing site and dashboard, is cookieless and does not store persistent identifiers in your browser.

7.3Meta Pixel. When we are running advertising on Meta's platforms (Facebook, Instagram), our pages load the Meta Pixel script from connect.facebook.net. The Pixel sets two first-party cookies on .ipv6-proxy.in(_fbp, a randomly-generated browser identifier scoped to our domain, and _fbc, present only if you arrived via a Meta ad — it stores the ad's click identifier). These cookies enable Meta to attribute conversions on our site back to ads you saw, but are not used by us for tracking on third-party sites.

7.4Server-side conversion events. In addition to the Pixel, we send a small set of conversion events (signup completion, checkout initiation, payment submission, purchase) to Meta's Conversions API directly from our servers. These events carry SHA-256 hashed identifiers and the standard request metadata described in Section 4.2. The purpose is identical to the Pixel — measuring ad performance — but the server-side channel is more reliable across browsers that block third-party scripts. You can opt out of the Pixel and CAPI channels together by emailing us; we will exclude your account from future ad-measurement events.

Some of our sub-processors store or replicate data outside India (notably Supabase and Resend). Such transfers are permitted under the DPDP Act unless restricted by notification of the Central Government. Where transfers occur, we rely on contractual safeguards with each sub-processor to maintain a comparable level of protection for your data.

9.1Subject to the DPDP Act and applicable law, you have the right to:

• access a summary of personal data we hold about you;
• correct or update inaccurate or incomplete data;
• request erasure of personal data no longer needed for the purpose for which it was collected, subject to statutory retention obligations;
• withdraw any consent previously given (this may require us to stop providing the Service);
• nominate another individual to exercise these rights in the event of your death or incapacity;
• lodge a grievance with us via the Grievance Officer in Section 12; and
• escalate to the Data Protection Board of India if you remain unsatisfied.

9.2We will respond to verified rights requests within 30 days, free of charge, unless the request is manifestly unfounded or excessive.

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact the Grievance Officer and we will delete it promptly.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be highlighted on the customer dashboard for at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, ipv6-proxy.in maintains a Grievance Officer reachable at:

• Email: support@ipv6-proxy.in (subject line: “Grievance”)
• Hours: Monday to Friday, 10:00 to 18:00 IST, excluding public holidays

We will acknowledge grievances within 48 hours and resolve them within 30 days of receipt.

This Privacy Policy is governed by the laws of India. The courts of Mumbai, Maharashtra shall have exclusive jurisdiction over any dispute arising out of or in connection with this policy.

For privacy questions or to exercise the rights described above:

• Email: support@ipv6-proxy.in