Privacy, Security, and GDPR FAQs - Static IP's from QuotaGuard

Privacy, Security and GDPR FAQ's

QuotaGuard Pricing Separator
Is QuotaGuard GDPR Compliant?

Please read our Privacy Policy to understand our privacy compliance for all global privacy regulations, to include GDPR and CaCPA. All users need to read and acknowledge this Privacy Policy to use our service.

What Personal Information do you collect for my account?

If you are part of our direct service (, then we collect your email address (for your account “user name”) and billing information (to be processed and kept at Stripe, we do not have access to your credit card information).

If you are part of our service from Heroku, then we collect your “app_name” and “owner_email” address from Heroku.

If you are part of our IBM or AppDirect service, then we collect the “creator_email” address.

When you contact us via Support, we collect your email address and IP address to verify the authenticity of the requester. Obviously, any details you send us about your account is stored in the Support software and can be deleted upon request.

What Personal Information do you collect when my data uses your proxies?

First of all, our proxy is just that, a proxy. It sends data on behalf of another endpoint. To ensure proper security, you should be using an end to end encryption technology, which means that our proxy servers would only have access to the encrypted packets. HTTPS, TLS, or the like should be employed where necessary.

For HTTP or SOCKS outbound proxies, we store just enough details about the request to provide you the logs you see in the dashboard and for billing purposes (request and bandwidth limits). We store the time of each request, the account (username), the source (IP), the destination (URL or IP), and the status code for the request.

For inbound proxies, we store the time of the request, the account (username), the source (IP), the destination (generally a URL), the HTTP status code, the HTTP request type (GET, POST), and the number of bytes in the request.

How long do you store log data?

We store the above data for what you see in the QuotaGuard dashboard for one month. After that we move it to long term storage, for a full year. No log information should be kept beyond that one year date and we are unable to retrieve any data past that one year time frame.

What do you share with marketers or other advertising and non essential companies?

We do not sell or rent your personal data to third parties for marketing purposes. However, for data aggregation purposes we may use your non-personal data, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your personal data. We may give your personal data to third-party service providers whom we hire to provide services to us. These third-party service providers may include but are not limited to payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies.

Do you see our data as it goes through the proxy?

No, we do not see or save your data in your requests.
Please keep in mind that you should secure your data in transit because other malicious third party actors may try and view your data or steal it. We very highly recommend always using HTTPS, TLS, or similar for your requests.

What data do we store in the clear / unencrypted?

We store your email and proxy credentials unencrypted. Direct login passwords are encrypted.

How do we request to have our information deleted or ported to another service?

Simple, send us an email at and we’ll verify your identity (we don’t want your competitors tricking us into deleting your account now, do we?) and either port or delete your data as requested.

If I want to request to be ‘forgotten’ or deleted, what data would we delete and would we have to likely keep for legal reasons?

We mark all of your data as “removed” in our database and it will be deleted within 30 days. Your payment information and transactions (if relevant) is kept at Stripe for tax and reporting purposes.

Do you collect any private data that you don’t need to run your service?

We collect personal data sufficient to run the service for you, improve it over time, and service our customers successfully. That means we don’t collect any additional or unnecessary private data other than the information listed above.

Specifically, we do not store or log request or response bodies.

We store a small amount of metadata about requests – the account (username), the source (IP), the destination (generally a URL), the HTTP status code, the HTTP request type (GET, POST), and the number of bytes in the request. We use this data to provide logs to you, and this data is deleted after one year. This data is only identifiable to you (the data controller) and not to any of your end users.

Finally, we store no PII about your users – the only user data we store is about you, the data controller, and it is minimal – if you are using QuotaGuard via Heroku, for example, it is just the Heroku app name and the contact email address provided by the Heroku API.

Describe the journey of my packets via your QuotaGuard system from my application to its destination. What services does it touch and what is left behind after my request has pass through your system?

Each request goes through a proxy on Amazon Web Services ELB (with no logging) and goes to AWS Server (with logging) then to the remote server dictated by your request. We store metadata of the packet, which includes the account (username), the source (IP), the destination (URL or IP), and the status code for the request.

If I'm based in the EU, does my data leave the EU?

We are a global company serving customers around the world and our infrastructure reflects that mission. As a reflection of this mission, a majority of our services are outside the EU.

Even if you choose a EU-based proxy, there is a chance that your data may leave the EU in order for us to adequately provide our service to you and your clients.

Additionally, we obviously have no control over whether a company or customer chooses to send data via our proxies outside the EU.

What is the relationship between my Heroku account and QuotaGuard?

If you are using our service via a Heroku Addon, Heroku only “assists with the provisioning and billing of the add-ons“. They do not make any contractual representations for third-party add-ons as they do not manage them (for example, QuotaGuard) directly, therefore “we (Heroku) direct customers to work with third-party add-on providers to negotiate any contractual terms (including GDPR)”.

If you need a Data Processing Agreement with QuotaGuard as a Heroku user, please email us at Support.

Can you send us a Data Protection Agreement?

Of course! Just email us at Support and we can get the process started for your company.

Is this the same when we use SSL?

Yes, apart from the URL will only have a hostname not the actual URL.

Got a different question?

Got a different question, send us an email at Support!

Ready to Get Started?

Get in touch or create a free trial account

We use cookies to understand how you use our site and to improve your experience. This includes personalizing content and advertising. To learn more, click "more information" link. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.