FlashProxy B.V.
FlashProxy B.V. ("FlashProxy", "we", "us", "our") is the data controller responsible for your personal data. FlashProxy B.V. is registered in the Netherlands under Chamber of Commerce (KvK) number 93923198.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the FlashProxy website at flashproxy.com (and flashproxy.io) and our related services (collectively, the "Services"). It applies to all visitors, registered users, and customers of FlashProxy.
If you have any questions about this Privacy Policy or our data practices, you can contact us at [email protected].
When you create an account, we collect your email address, display name, and account credentials. Authentication is managed via Firebase Authentication.
Payment transactions are processed by our payment providers (Paddle and TheDex). We receive and store the following payment-related data:
We do not store full card numbers or CVVs.
When you visit our website, we automatically collect the following technical information:
We use a persistent session cookie and related technologies to maintain session continuity and protect against payment fraud. This includes:
See Section 5 (Cookies and Similar Technologies) for full details.
We collect usage data including page views, feature usage within the dashboard, and service configuration data.
When identity verification is required, we collect the following:
Identity verification is conducted through ComplyCube, our certified identity-verification provider, acting as a data sub-processor under a data processing agreement. You complete the check on a secure ComplyCube-hosted link; your ID and biometric data are captured, processed, and stored within ComplyCube's encrypted infrastructure. FlashProxy itself receives and retains only the verification result (pass/fail) and a reference identifier — not copies of your identity documents or biometric data. We do not collect KYC documents by email.
We use your data to detect and prevent payment fraud, chargeback abuse, and unauthorized account usage. We link technical identifiers (IP addresses, session cookies, device characteristics, payment identifiers) to build security profiles that help identify users who engage in payment fraud across multiple accounts. This processing is essential to protect our service and legitimate customers from financial fraud.
To send service-related notifications, support responses, and (with your consent) promotional materials.
To comply with applicable laws, respond to legal requests, and enforce our Terms of Service.
We use KYC data solely to verify your identity for fraud prevention, to comply with account security requirements, and to respond to payment disputes. KYC data is not used for marketing, profiling, or any purpose unrelated to account verification and security.
Under GDPR Article 6, we rely on the following legal bases for processing your personal data:
Processing your account data, payment data, and usage data is necessary to deliver the services you purchased.
We process technical identifiers, session data, and security data for fraud prevention. Our legitimate interest is protecting our business and customers from payment fraud.
We have conducted a balancing test and determined that:
This assessment is consistent with GDPR Recital 47, which explicitly recognizes fraud prevention as a legitimate interest.
For promotional communications only. You may withdraw consent at any time.
Processing of KYC data is based on:
You may withdraw your consent at any time by contacting us. However, withdrawal of consent may result in the suspension or termination of your account if identity verification is required.
Special Category Data Notice: Identity verification involves biometric data: ComplyCube, our certified verification sub-processor, performs an automated biometric liveness and anti-spoofing check (certified to ISO/IEC 30107-3) to confirm you match your ID document. This biometric processing is carried out by ComplyCube on our behalf under Art. 9(2)(a) GDPR with your explicit consent, and is used solely for identity verification and fraud prevention.
Card payments are processed by Paddle (paddle.com), which acts as our Merchant of Record. Paddle is certified to PCI-DSS Level 1 (the highest card-data security standard) and is GDPR-compliant; full card numbers and CVVs are handled by Paddle and never reach our systems. TheDex processes cryptocurrency payments. These providers receive the payment details necessary to complete transactions and are subject to their own privacy policies.
When identity verification (KYC) is required, it is performed by ComplyCube (complycube.com), acting as our data sub-processor under a data processing agreement. ComplyCube is independently certified to ISO/IEC 27001 and UK DIATF, and processes your identity documents and biometric data to verify your identity. See Section 2.6 for what we collect and retain.
Firebase (Google Cloud) provides authentication and data storage services. Server hosting providers support our proxy infrastructure. These providers process data on our behalf under data processing agreements.
We do not sell, rent, or trade your personal data to any third party for their own purposes.
We may disclose information if required by law, regulation, legal process, or governmental request.
Retained for the duration of your account plus 2 years after account closure.
Retained for 7 years as required by Dutch tax and commercial law.
Support correspondence is retained for 2 years after resolution.
Your identity documents and biometric data are held by ComplyCube, our identity-verification sub-processor, in line with their retention controls and our data processing agreement. FlashProxy retains only the verification result (pass/fail) and a reference identifier for the duration of your active account plus 12 months after closure or termination, after which it is permanently deleted.
You may request earlier deletion of your identity data by contacting us, subject to any legal obligations requiring us to retain certain records.
Under GDPR Chapter III, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Note: Certain data may be exempt from erasure requests where retention is required by law or necessary for the establishment, exercise, or defence of legal claims (including fraud prevention).
Your data may be processed by service providers located outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
We implement appropriate technical and organizational measures to protect your data, including encrypted data transmission (TLS), access controls, and secure infrastructure.
No method of electronic storage is 100% secure, and we cannot guarantee absolute security.
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy periodically. We will notify registered users of material changes via email. Continued use of our Services after changes constitutes acceptance.
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
FlashProxy B.V.
Softbalplein 8
2492 VR 's-Gravenhage, Netherlands
KvK: 93923198 | VAT: NL866574566B01
Email: [email protected]
You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
The FlashProxy Browser Extension does not collect, store, or transmit any personal data to external servers. Specifically:
All data stored by the extension remains locally on your device within Chrome's secure storage. Uninstalling the extension will remove all locally stored data.
© 2026 FlashProxy B.V. All rights reserved.