Legal

Privacy Policy

Last updated: April 1, 2026

In plain terms: Serveproxy CDN is a paid service that requires an account. We collect the data necessary to operate the service, process payments, and communicate with you. We do not sell your data or use it for advertising. Payment processing is handled by Stripe. All data is stored securely and retained only as long as necessary.

1. Who We Are

Serveproxy CDN is a content delivery network service operated by Serveproxy, accessible at dashboard.serveproxy.com. This Privacy Policy explains how we collect, use, and protect personal data in connection with the dashboard, CDN service, and billing system.

If you have questions about your data, contact us at [email protected].

2. Data We Collect

2.1 Account data

  • ·Email address — used for login, two-factor verification codes, billing notifications, and transactional emails.
  • ·Password — stored as a bcrypt hash. We never store or transmit your password in plain text.

2.2 Payment data

  • ·Card information — full card numbers are never stored by Serveproxy. Stripe processes and stores card details. We retain only the card brand (e.g. Visa), the last four digits, and a Stripe-issued fingerprint for fraud prevention.
  • ·Stripe customer ID — a reference that links your account to your Stripe customer record.
  • ·Invoice records — invoices including billing period, bandwidth consumed, amount charged, and Stripe invoice ID are stored indefinitely for accounting purposes.

2.3 CDN usage data

  • ·Bandwidth usage — bytes transferred per CDN location per month, reported by CDN edge nodes. Used for billing calculation.
  • ·CDN location configuration — origin URL, custom domain, CDN domain, and creation/deletion timestamps.
  • ·API keys — cryptographically generated keys per location, stored in hashed form where applicable.

2.4 Technical and security data

  • ·IP addresses — collected during login and registration for rate limiting and abuse prevention. Not retained beyond session or rate-limit window.
  • ·Verification codes — short-lived one-time codes sent to your email for login and password reset. Marked as used and not retained in usable form after expiry.
  • ·Server logs — standard HTTP logs including request paths, status codes, and timestamps. Retained for up to 30 days for debugging.

2.5 What we do not collect

  • ·We do not use tracking cookies or advertising pixels
  • ·We do not build behavioural profiles or track you across other websites
  • ·We do not collect your name, phone number, or physical address
  • ·We do not inspect or log the content your CDN locations serve to end users

3. How We Use Your Data

We use the data we collect for the following purposes:

  • ·Account management — creating and authenticating your account, sending verification codes, and processing password resets.
  • ·Billing — calculating monthly charges based on bandwidth usage, generating invoices, and charging your card via Stripe.
  • ·Service delivery — provisioning CDN locations, routing traffic, and enabling cache management via API.
  • ·Security and fraud prevention — rate limiting, detecting abuse, blocking prohibited content and domains, and preventing card sharing across multiple accounts.
  • ·Communication — transactional emails including invoices, payment failure notifications, and account changes. We do not send marketing emails.
  • ·Legal compliance — retaining invoices and financial records as required by applicable law.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal data under the following legal bases:

  • ·Contract performance — processing your account data and payment information is necessary to provide the service.
  • ·Legitimate interests — security measures, rate limiting, fraud prevention, and server logging.
  • ·Legal obligation — retaining financial records such as invoices.

5. Data Sharing

We do not sell your data. We share data only with the following parties and only to the extent necessary:

  • ·Stripe — your email address and payment card details are shared with Stripe for payment processing. Stripe acts as an independent data controller for its own services. See Stripe's Privacy Policy.
  • ·Cloudflare — CDN traffic is served through Cloudflare's network. Cloudflare may process request metadata. See Cloudflare's Privacy Policy.
  • ·Law enforcement — we may disclose data when required by law, court order, or to protect the rights and safety of others.

6. Data Retention

Data type Retention period
Account data (email, password hash)Until account deletion
Payment method (card brand, last 4, fingerprint)Until account deletion
Invoice records7 years (legal requirement)
Bandwidth usage recordsUntil account deletion
Verification codes10 minutes (auto-expiry)
IP addresses (rate limiting)Up to 1 hour
Server logsUp to 30 days

When you delete your account, all personal data listed as "until account deletion" above is permanently removed. Invoice data is retained for the legally required period.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • ·Access — request a copy of the personal data we hold about you.
  • ·Correction — update your email address or password from within the dashboard.
  • ·Deletion — delete your account from the account settings page. This removes all personal data except invoice records retained for legal reasons.
  • ·Portability — request an export of your data in a machine-readable format.
  • ·Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • ·HTTPS on all dashboard and API endpoints
  • ·Bcrypt password hashing
  • ·Email-based two-factor authentication for all logins
  • ·Rate limiting on authentication and sensitive endpoints
  • ·Card data handled exclusively through Stripe; not stored on our servers
  • ·Webhook signature verification for all incoming Stripe events

No system is completely secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

9. International Transfers

The service is operated from Sweden. CDN traffic is distributed globally through Cloudflare's network. Payment data is processed by Stripe, which may store data in the United States and other jurisdictions. Stripe maintains Standard Contractual Clauses for international transfers where required.

10. Cookies

The dashboard uses a session cookie to maintain your logged-in state. This cookie is strictly necessary for the service to function and is deleted when you log out or close your browser session. We do not use advertising or analytics cookies.

Cloudflare Turnstile, used on the registration and login pages, may set its own cookies for bot protection purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact

For privacy-related questions, data requests, or to report a concern:

[email protected]

We aim to respond to all privacy requests within 30 days.