New: Try Nitro free for 2 days β€” no credit card required! Start now β†’

Data Processor Privacy Policy

Last updated: February 2025

1. Introduction

This Data Processor Privacy Policy describes how Invictus Pro SRL ("DroidProxy", "we", "us", or "our") processes personal data on behalf of our customers ("Data Controllers") who use our mobile proxy service to provide proxy access to their end users.

When our customers share mobile proxy access with their end users, DroidProxy acts as a "Data Processor" under the General Data Protection Regulation (GDPR), while our customers remain the "Data Controllers" responsible for determining the purposes and means of processing.

2. Scope of This Policy

This policy applies specifically to:

  • End users of mobile proxies provided by DroidProxy customers
  • Data processed through the proxy infrastructure on behalf of customers
  • Customers who resell or share proxy access using our platform

For information about how we process data as a Data Controller (e.g., for our direct customers' account information), please refer to our Privacy Policy.

3. Data We Process

When processing data on behalf of our customers, we may collect and process:

3.1 Connection Data

  • Customer identifier
  • IP addresses (both source and destination)
  • Timestamps of connection activities (login, logout, requests)
  • Connection duration and session information

3.2 Device Data

  • Phone identifier and device model
  • Operating system information
  • Mobile carrier information
  • Traffic volume statistics

3.3 Usage Data

  • Bandwidth consumption
  • Protocol type (HTTP, SOCKS5)
  • Request metadata (excluding content)

4. Purpose of Processing

We process this data solely for the following purposes:

  • Providing and maintaining the proxy service
  • Ensuring service quality and performance
  • Preventing abuse and fraudulent activities
  • Complying with legal obligations
  • Supporting law enforcement investigations when legally required

5. Legal Basis for Processing

As a Data Processor, we process personal data based on instructions from our customers (Data Controllers). Our customers may rely on the following legal bases under Article 6 of the GDPR:

  • Contract Performance: Processing necessary to fulfill the service agreement
  • Legal Obligation: Processing required to comply with applicable laws
  • Legitimate Interests: Processing necessary for legitimate business purposes
  • Consent: Where end users have provided explicit consent

6. Data Retention

We retain processed data for a period of two (2) years from the date of collection. This retention period is necessary to:

  • Support law enforcement investigations when legally required
  • Prevent unlawful use of our proxy services
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements

After the retention period, data is securely deleted or anonymized.

7. GDPR Compliance Principles

We adhere to the seven core principles of GDPR:

  • Lawfulness, Fairness, and Transparency: Processing data lawfully and transparently
  • Purpose Limitation: Using data only for specified, legitimate purposes
  • Data Minimization: Collecting only data that is necessary
  • Accuracy: Keeping data accurate and up to date
  • Storage Limitation: Retaining data only as long as necessary
  • Integrity and Confidentiality: Ensuring appropriate security
  • Accountability: Demonstrating compliance with GDPR

8. Sub-Processors

We may engage third-party sub-processors to assist in providing our services. All sub-processors are:

  • Carefully vetted for data protection compliance
  • Bound by data processing agreements
  • Limited to accessing data only as necessary for service provision
  • Required to implement appropriate security measures

We maintain a list of our sub-processors and will notify customers of any changes to this list.

9. International Data Transfers

Data may be transferred to and processed in countries outside the European Economic Area (EEA). We do not transfer personal data outside the EEA/UK without ensuring adequate protections are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

10. Security Measures

We implement appropriate physical, technical, and administrative measures to protect personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Incident response procedures
  • Employee training on data protection

While we strive to protect personal data, no method of transmission over the Internet or electronic storage is 100% secure.

11. Disclosure to Authorities

We may disclose personal data to governmental bodies, regulatory authorities, judicial bodies, or investigation bodies when:

  • Required by law or valid legal process
  • Necessary to protect our rights or the rights of others
  • Required for the prevention or investigation of crimes

We will notify the relevant Data Controller of such requests unless prohibited by law.

12. Data Subject Rights

End users whose data we process on behalf of our customers have the following rights under GDPR:

  • Right of Access: Request information about data being processed
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of personal data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Request transfer of data
  • Right to Object: Object to certain types of processing

To exercise these rights, please contact us at [email protected]. We will respond within one month, with the possibility of extending by two additional months for complex requests.

13. Customer Responsibilities

As Data Controllers, our customers are responsible for:

  • Ensuring they have a valid legal basis for processing
  • Providing appropriate privacy notices to their end users
  • Obtaining necessary consents where required
  • Responding to data subject requests in a timely manner
  • Ensuring compliance with applicable data protection laws

14. Data Processing Agreement

Customers who require a formal Data Processing Agreement (DPA) for GDPR compliance purposes can request one by contacting us. Our DPA covers:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data processed
  • Categories of data subjects
  • Rights and obligations of both parties

15. Changes to This Policy

We may update this Data Processor Privacy Policy from time to time. We will notify affected parties of any material changes by posting the new policy on this page and updating the "Last updated" date.

16. Contact Information

For questions about this policy or our data processing practices, please contact: