Privacy, Security and GDPR FAQ's
If you are part of our direct service (https://www.quotaguard.com/), then we collect your email address (for your account “user name”) and billing information (to be processed and kept at Stripe, we do not have access to your credit card information).
If you are part of our service from Heroku, then we collect your “app_name” and “owner_email” address from Heroku.
If you are part of our IBM or AppDirect service, then we collect the “creator_email” address.
When you contact us via Support, we collect your email address and IP address to verify the authenticity of the requester. Obviously, any details you send us about your account is stored in the Support software and can be deleted upon request.
First of all, our proxy is just that, a proxy. It sends data on behalf of another endpoint. To ensure proper security, you should be using an end to end encryption technology, which means that our proxy servers would only have access to the encrypted packets. HTTPS, TLS, or the like should be employed where necessary.
For HTTP or SOCKS outbound proxies, we store just enough details about the request to provide you the logs you see in the dashboard and for billing purposes (request and bandwidth limits). We store the time of each request, the account (username), the source (IP), the destination (URL or IP), and the status code for the request.
For inbound proxies, we store the time of the request, the account (username), the source (IP), the destination (generally a URL), the HTTP status code, the HTTP request type (GET, POST), and the number of bytes in the request.
We store the above data for what you see in the QuotaGuard dashboard for one month. After that we move it to long term storage, for a full year. No log information should be kept beyond that one year date and we are unable to retrieve any data past that one year time frame.
We do not sell or rent your personal data to third parties for marketing purposes. However, for data aggregation purposes we may use your non-personal data, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your personal data. We may give your personal data to third-party service providers whom we hire to provide services to us. These third-party service providers may include but are not limited to payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies.
No, we do not see or save your data in your requests.
Please keep in mind that you should secure your data in transit because other malicious third party actors may try and view your data or steal it. We very highly recommend always using HTTPS, TLS, or similar for your requests.
We store your email and proxy credentials unencrypted. Direct login passwords are encrypted.
Simple, send us an email at firstname.lastname@example.org and we’ll verify your identity (we don’t want your competitors tricking us into deleting your account now, do we?) and either port or delete your data as requested.
We mark all of your data as “removed” in our database and it will be deleted within 30 days. Your payment information and transactions (if relevant) is kept at Stripe for tax and reporting purposes.
We collect personal data sufficient to run the service for you, improve it over time, and service our customers successfully. That means we don’t collect any additional or unnecessary private data other than the information listed above.
Specifically, we do not store or log request or response bodies.
We store a small amount of metadata about requests – the account (username), the source (IP), the destination (generally a URL), the HTTP status code, the HTTP request type (GET, POST), and the number of bytes in the request. We use this data to provide logs to you, and this data is deleted after one year. This data is only identifiable to you (the data controller) and not to any of your end users.
Finally, we store no PII about your users – the only user data we store is about you, the data controller, and it is minimal – if you are using QuotaGuard via Heroku, for example, it is just the Heroku app name and the contact email address provided by the Heroku API.
Each request goes through a proxy on Amazon Web Services ELB (with no logging) and goes to AWS Server (with logging) then to the remote server dictated by your request. We store metadata of the packet, which includes the account (username), the source (IP), the destination (URL or IP), and the status code for the request.
We are a global company serving customers around the world and our infrastructure reflects that mission. As a reflection of this mission, a majority of our services are outside the EU.
Even if you choose a EU-based proxy, there is a chance that your data may leave the EU in order for us to adequately provide our service to you and your clients.
Additionally, we obviously have no control over whether a company or customer chooses to send data via our proxies outside the EU.
If you are using our service via a Heroku Addon, Heroku only “assists with the provisioning and billing of the add-ons“. They do not make any contractual representations for third-party add-ons as they do not manage them (for example, QuotaGuard) directly, therefore “we (Heroku) direct customers to work with third-party add-on providers to negotiate any contractual terms (including GDPR)”.
If you need a Data Processing Agreement with QuotaGuard as a Heroku user, please email us at Support.
Of course! Just email us at Support and we can get the process started for your company.
Yes, apart from the URL will only have a hostname not the actual URL.