IPCloudIPCLOUD

Privacy Policy

Last Updated: April 16, 2026

1. Introduction

This Privacy Policy explains how IPCloud (“IPCloud”, “we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use our website, dashboard, and proxy services (collectively, the “Services”).

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and other applicable data protection laws. Where users are located in the EEA, the EU GDPR may also apply. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

IPCloud is the data controller responsible for the personal data collected and processed through our Services. For any privacy-related inquiries, you may contact us through our support channels available in the dashboard.

3. Personal Data We Collect

3.1 Account Information

When you register for an account, we collect:

  • Email address
  • Password (stored in hashed form)
  • OAuth provider identifiers (when signing in with Google or Discord)
  • Display name and profile image (when provided via OAuth)

3.2 Billing and Transaction Data

When you make a purchase, our payment processors collect:

  • Billing name and address
  • Payment method details (handled directly by the processor)
  • Transaction amounts, dates, and invoice records
  • Country and currency information

We do not store full payment card numbers or banking credentials. These are processed and tokenized by our PCI-compliant payment partners.

3.3 Identity Verification (KYC) Data

When KYC verification is required, we collect:

  • Full legal name
  • Residential address
  • Date of birth (where present on the ID document)
  • Photographs of a government-issued ID (passport, national ID card, or driver’s license)
  • Selfie video holding the ID document

KYC data is processed for fraud prevention and regulatory compliance purposes. See Section 7 for retention details.

3.4 Service Usage Data

When you use our proxy infrastructure, we automatically collect:

  • Bandwidth consumption and request counts
  • Proxy plan activity and configuration changes
  • Allowlisted IP addresses (when configured by you)
  • Authentication events and session metadata
  • Dashboard interaction logs

3.5 Technical Data

We collect technical information from your devices and browsers:

  • IP address
  • Browser type, version, and language
  • Operating system and device identifiers
  • Referring URLs and UTM parameters
  • Timestamps of access

3.6 Communications

When you contact our support team or interact with our communications, we retain the content of those messages, attachments, and the metadata of the exchange.

4. How We Use Your Data

We process your personal data to:

  • Create and manage your account
  • Provide, maintain, and improve our Services
  • Process payments, issue invoices, and manage subscriptions
  • Authenticate users and prevent unauthorized access
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal, tax, and regulatory obligations
  • Respond to support requests and customer communications
  • Send service-related notices and security alerts
  • Send marketing communications (with your consent or where permitted)
  • Analyze usage to improve product performance and reliability
  • Enforce our Terms of Service and resolve disputes

5. Legal Bases for Processing

Under the UK GDPR (and EU GDPR where applicable), we rely on the following legal bases:

  • Contractual necessity (Art. 6(1)(b)): to provide the Services you have requested and to fulfill our obligations under our Terms of Service.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, anti-fraud, and other regulatory requirements.
  • Legitimate interests (Art. 6(1)(f)): to secure our platform, prevent fraud, improve our Services, and pursue our business operations, balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)): for non-essential cookies, marketing communications, and any processing where consent is the appropriate basis.

6. Sharing of Personal Data

6.1 Service Providers

We share personal data with trusted third-party service providers who help us operate the Services. These include:

  • Authentication and database infrastructure: Supabase (authentication, user data storage)
  • Hosting and edge infrastructure: cloud hosting and content delivery providers
  • Payment processing: third-party payment providers handling card transactions and other payment methods
  • Bot protection: Cloudflare Turnstile (abuse and bot mitigation)
  • Email delivery: transactional and notification email providers
  • Analytics: privacy-respecting analytics tooling for aggregate product usage
  • Support tooling: systems used to triage and respond to support requests

All providers are contractually bound to handle your data in accordance with applicable data protection laws and to use it only for the purposes we authorize.

6.2 Legal Disclosures

We may disclose personal data when required by law, court order, or valid legal request, or where we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, ensure user safety, or comply with judicial or regulatory proceedings.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you of any such change and of any new choices you may have regarding your data.

6.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements:

  • Account data: retained for the duration of your account, plus a reasonable period after closure for fraud prevention and dispute resolution.
  • Billing and transaction records: retained for at least 6 years to comply with HMRC and other tax and accounting obligations under applicable UK law.
  • KYC documents: retained for as long as necessary to meet anti-fraud and regulatory obligations, and then securely deleted or anonymized.
  • Service usage logs: retained for limited operational and security periods, then aggregated or deleted.
  • Support communications: retained for a reasonable period to provide continuity of service and resolve future inquiries.

When data is no longer required, we securely delete or anonymize it.

8. International Data Transfers

Some of our service providers are located outside the United Kingdom and European Economic Area (EEA). When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where the EU GDPR applies
  • Adequacy regulations or decisions recognizing the destination country as providing an adequate level of protection
  • Additional technical and organizational safeguards where appropriate

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest where applicable
  • Hashed and salted password storage
  • Role-based access controls and least-privilege principles
  • Bot mitigation and CAPTCHA challenges on authentication endpoints
  • Regular security review of our infrastructure and dependencies
  • Logging and monitoring of access to sensitive systems

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. Cookies and Similar Technologies

10.1 Use of Cookies

We use cookies and similar technologies to operate our Services, remember your preferences, authenticate sessions, and understand how the product is used.

10.2 Categories

  • Strictly necessary cookies: required for core functionality such as authentication and security. These cannot be disabled.
  • Functional cookies: remember your preferences and settings to improve your experience.
  • Analytics cookies: help us understand aggregate usage and improve the product.
  • Marketing/attribution cookies: used in limited cases to measure referral and campaign performance.

10.3 Managing Cookies

You can manage non-essential cookies through your browser settings or via any cookie banner we may provide. Disabling certain cookies may affect the functionality of the Services.

11. Your Data Protection Rights

If you are located in the UK or EEA, you have the following rights regarding your personal data under the UK GDPR (and EU GDPR where applicable):

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction: request that we limit the processing of your data in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: withdraw any consent you have previously given, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint:file a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or with your local supervisory authority in the EEA.

To exercise any of these rights, please contact us through our support channels. We will respond within one month of receiving your request, subject to applicable extensions permitted by law.

12. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last Updated” date and, where appropriate, by providing additional notice through the Services. Your continued use of the Services after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our support team via the dashboard or our support channels. For information on our terms of use, please see our Terms of Service.

Return to Sign In