Privacy, Security and GDPR FAQs

If you are part of our direct service (Subscribed directly via our QuotaGuard site), then we collect your email address (for your account “user name”) and billing information (to be processed and kept at Stripe, we do not store full credit card numbers.).

If you are part of our service from Heroku, then we collect your “app_name” and “owner_email” address from Heroku, no billing information.

If you are part of our IBM or AppDirect service, then we collect the “creator_email” address.

When you contact us via Support, we collect your email address and IP address to verify the authenticity of the requester.

Any details you send us about your account may be stored in our support software and can be deleted upon verified request, subject to legal or operational retention requirements.

We collect personal data sufficient to run the service for you, improve it over time, and support our customers successfully.

That means we don’t collect additional or unnecessary private data beyond the information described above. We do not intentionally store or log request or response bodies.

We store limited operational metadata needed to operate, secure, troubleshoot, and bill for the service.

For QuotaGuard Shield HTTPS traffic, this metadata may include account identifier, source IP, destination host and port, proxy identifier, timestamp, status code, method, proxy type, byte counts, and related routing information. Shield HTTPS traffic does not expose request paths, query strings, headers, cookies, authorization headers, response headers, or bodies to the proxy in ordinary operation.

For plain HTTP proxy requests, the proxy may need to read and log the full destination URL, including path and query string, as part of normal HTTP proxy operation.

Customers must not transmit PHI or other sensitive payloads over plain HTTP.

Finally, we do not intentionally store PII about your end users.

The personal data we collect is limited to the customer/account information needed to provide the service, such as account email, billing records, support communications, and marketplace account details such as Heroku app name and owner email when applicable.

Requests are routed through QuotaGuard proxy infrastructure running on AWS.

Depending on the product and configuration, traffic may pass through AWS load balancing and QuotaGuard proxy servers before reaching the destination selected by the customer.

QuotaGuard stores limited operational metadata needed to operate, secure, troubleshoot, and bill for the service.

The exact metadata depends on whether the customer is using QuotaGuard Static, QuotaGuard Shield, inbound traffic, outbound traffic, HTTPS, or plain HTTP.

For QuotaGuard Shield HTTPS traffic, customer application payload contents are not decrypted at the proxy in ordinary operation.

For QuotaGuard Shield HTTPS traffic, QuotaGuard does not decrypt customer application payload contents in ordinary operation and does not receive customer private keys or certificates required to decrypt those payloads.

For QuotaGuard Static and plain HTTP proxy traffic, the proxy architecture is different. Customers should use HTTPS, TLS, QuotaGuard Shield, or equivalent encryption where sensitive data is involved.

Please keep in mind that customers are responsible for securing their applications, endpoints, credentials, certificates, and data in transit.

For proxy traffic, QuotaGuard stores limited operational metadata needed to operate, secure, troubleshoot, and bill for the service.

For QuotaGuard Shield inbound HTTPS traffic, the proxy operates at the TCP/TLS routing layer.

We log operational metadata such as frontend, backend, server identifier, byte counts, termination state, session time, client IP and port, and SNI hostname used for routing. Shield inbound HTTPS traffic does not expose request paths, query strings, HTTP methods, headers, cookies, or bodies to the proxy in ordinary operation.

For QuotaGuard Shield outbound HTTPS traffic, the proxy uses CONNECT semantics. We log the destination host and port and related operational metadata. Request paths, query strings, headers, cookies, authorization headers, response headers, and bodies remain inside the TLS session between the customer’s application and the destination and are not visible to the proxy in ordinary operation.

For plain HTTP proxy traffic, the proxy may need to read and log the full destination URL, including path and query string, as part of normal HTTP proxy operation.

Customers must not transmit PHI or other sensitive payloads over plain HTTP.

Customers should not place PHI or other sensitive information in hostnames, domains, proxy labels, endpoint labels, account names, URLs, query strings, headers, support tickets, screenshots, or other metadata fields. Hostnames and domains are customer-controlled metadata and may be visible to QuotaGuard and other infrastructure providers as part of normal routing.

We store account information needed to authenticate users, operate the service, and provide support.

Direct login passwords are stored using password hashing.

Proxy credentials are stored in a form required for proxy authentication and should be treated as sensitive credentials by customers.

For QuotaGuard Shield traffic logs, we retain operational metadata for approximately 60 days in AWS DynamoDB and do not archive those logs into long-term storage unless separately agreed in writing.

Other account, billing, support, and administrative records may be retained for longer where needed to operate the service, meet legal obligations, resolve disputes, prevent abuse, or maintain business records.

Customers should not place PHI or other sensitive information in hostnames, domains, proxy labels, endpoint labels, account names, URLs, query strings, headers, support tickets, screenshots, or other metadata fields.

Hostnames and domains are customer-controlled metadata and may be visible to QuotaGuard and other infrastructure providers as part of normal routing.

We may use aggregated, de-identified operational data to understand service usage, improve reliability, plan capacity, and operate the business.

We do not sell or rent personal data to third parties for marketing purposes.

Please read our Privacy Policy to understand our privacy compliance for all global privacy regulations, to include GDPR and CCPA. All users need to read and acknowledge this Privacy Policy to use our service.

We are a global company serving customers around the world and our infrastructure reflects that mission.

As a reflection of this mission, a majority of our services are outside the EU.

Even if you choose a EU-based proxy, there is a chance that your data may leave the EU in order for us to adequately provide our service to you and your clients.

Additionally, we obviously have no control over whether a company or customer chooses to send data via our proxies outside the EU.

If you have specific data residency requirements, contact us to discuss approved configurations designed to keep covered routing and applicable operational metadata within selected regions.

Simple, send us an email at Support and we’ll verify your identity (we don’t want your competitors tricking us into deleting your account now, do we?) and either port or delete your data as requested.

We mark all of your data as “removed” in our database and it will be deleted within 30 days.

Your payment information and transactions (if relevant) is kept at Stripe for tax and reporting purposes.

Of course! Just email us at Support and we can get the process started for your company.

If you are using our service via a Heroku Addon , Heroku only “assists with the provisioning and billing of the add-ons“.

They do not make any contractual representations for third-party add-ons as they do not manage them (for example, QuotaGuard) directly, therefore “We (Heroku) direct customers to work with third-party add-on providers to negotiate any contractual terms (including GDPR)”.

If you need a Data Processing Agreement with QuotaGuard as a Heroku user, please contact us at Support.