Privacy Policy

Last updated: July 5, 2026

1. Introduction

Pineapple Proxy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our website, API, proxy lists, validation tools, and related services (the "Service").

Important: This policy applies to personal data we collect about you as a user of our Service. It does not cover data you transmit through, access via, or process using proxy servers listed on our Service. We have no visibility into, do not monitor, and do not log the content of traffic transmitted through third-party proxy servers that we list or validate.

2. Data Controller

Pineapple Proxy is the data controller for personal data processed through the Service. For privacy-related inquiries, you may contact us at privacy@pproxy.tech.

3. Information We Collect

We practice data minimization. We collect only the personal data necessary to provide, secure, and improve the Service.

3.1 Information You Provide

  • Account data: email address and a hashed password. You may optionally provide a display name or other profile information.
  • Payment information: billing address (if required by our payment processor) and transaction records. Full payment card details and cryptocurrency wallet addresses are processed directly by our payment processors (Stripe, NowPayments) and are never stored on our servers.
  • Communications: messages you send us via contact forms, support requests, or email.

3.2 Information Collected Automatically

  • Usage data: pages visited, features used within the Service's web interface.
  • API usage data: number of API calls, endpoints accessed, timestamps, and authentication tokens used. This data is used solely for billing, rate limiting, and abuse prevention.
  • Connection data: IP address, browser type, operating system, referring URLs, and device identifiers — standard web server log data collected automatically for security monitoring, debugging, and aggregated analytics.
  • Cookies and similar technologies: as described in our Cookie Policy.

3.3 Information We Do NOT Collect

We do not collect, monitor, inspect, or log:

  • The content of any web pages, API responses, or other data you access through proxy servers
  • The specific URLs or IP addresses you connect to via proxies
  • The nature, purpose, or subject matter of your proxy usage
  • Any personal data of third parties whose sites or services you may access through proxies

4. How We Use Your Information

We use the collected data for the following purposes:

  • Service delivery: to provide, maintain, and secure the Service, including account management, authentication, and proxy data delivery.
  • Billing and payments: to process payments, manage subscriptions, and maintain financial records.
  • Service communication: to send essential service-related notices, updates, security alerts, and support responses. These are not marketing communications.
  • Security and abuse prevention: to detect, prevent, and investigate fraud, abuse, unauthorized access, and violations of our Terms of Service and Acceptable Use Policy.
  • Service improvement: to analyze aggregated, anonymized usage patterns to improve the Service experience.
  • Legal compliance: to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

5. Legal Basis for Processing (GDPR)

For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

  • Contractual necessity (Article 6(1)(b) GDPR): processing necessary to perform our contract with you — providing the Service, managing your account, processing payments, and communicating about your account.
  • Legitimate interests (Article 6(1)(f) GDPR): processing necessary for our legitimate interests in securing the Service, preventing fraud and abuse, analyzing aggregated usage for service improvement, and enforcing our Terms of Service — provided these interests are not overridden by your data protection rights.
  • Legal obligation (Article 6(1)(c) GDPR): processing required to comply with applicable law, such as retaining financial records for tax purposes or responding to lawful requests from authorities.
  • Consent (Article 6(1)(a) GDPR): for processing activities where we specifically request your consent (e.g., analytics cookies). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. We may share data only as follows:

  • Service providers: third-party vendors who assist us in operating the Service, under strict contractual obligations to process data only on our documented instructions and with appropriate security measures. These include:
    • Infrastructure hosting providers
    • Payment processors (Stripe, Inc., NowPayments)
    • Authentication and identity management services (self-hosted within the EU)
    • Analytics platforms (only with your consent where required by law)
  • Legal requirements: when disclosure is required by law, court order, subpoena, or other valid legal process from a governmental authority with jurisdiction. Where permitted by law, we will attempt to notify you before such disclosure.
  • Protection of rights: when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
  • Business transfers: in connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, or similar corporate transaction involving all or a portion of our business. In such event, the acquiring entity will be bound by this Privacy Policy or a policy providing equivalent protection.

A current list of sub-processors with their locations is maintained in our Data Processing Agreement.

7. Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Account data: retained while your account is active. Upon account deletion, personal data is deleted within 30 days, except as needed for legal obligations.
  • Payment and transaction records: retained for the period required by applicable tax, accounting, and anti-money laundering regulations (typically 5–7 years).
  • API usage logs: retained for up to 90 days for billing verification and abuse investigation.
  • Server and security logs: retained for up to 90 days for security monitoring and incident investigation.
  • Communications: retained for up to 2 years for reference and quality assurance.

When data is no longer needed, we securely delete or anonymize it. Retention periods may be extended where required by law, legal proceedings, or ongoing investigations.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you, along with information about how it is processed.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to our legal retention obligations.
  • Right to restriction of processing: request that we limit how we process your data in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to object: object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent: withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@pproxy.tech. We will verify your identity before processing requests and will respond within 30 days (or the timeframe required by applicable law). You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

9. International Data Transfers

Your data is primarily processed on infrastructure located within the European Union (Germany). Where data is transferred to service providers in countries outside the EEA, we ensure that appropriate safeguards are in place, including:

  • European Commission Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission for the recipient country
  • EU-US Data Privacy Framework certification (where applicable)

10. Data Security

We implement and maintain appropriate technical and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of data in transit using TLS 1.3 and encryption of data at rest (AES-256)
  • Multi-factor authentication for administrative access
  • Network segmentation and firewall protection
  • Regular security assessments, vulnerability scanning, and penetration testing
  • Security monitoring, logging, and incident response procedures
  • Access controls based on the principle of least privilege

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for, and we do not knowingly collect personal data from, individuals under the age of 18. If we learn that we have collected personal data from a minor without verifiable parental consent, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services, including payment processors and external resources. This Privacy Policy applies solely to data collected by Pineapple Proxy. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Material changes will be communicated via email to the address associated with your account or through a prominent notice on the Service. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you do not agree, you must stop using the Service and close your account.

14. Contact

For privacy-related inquiries or to exercise your rights: contact page or email privacy@pproxy.tech.