FalconProxy
Log inGet Started
Back to home

Privacy Policy

Last updated: May 12, 2026

1. Who We Are

FalconProxy (operated by <ENTITY_TBD>, "we", "our", or "us") is the controller of the personal data described in this policy. FalconProxy provides technology that lets you turn your own Android device into a proxy reachable through our relay infrastructure. Because all egress traffic exits your own device over your own carrier connection, we do not have visibility into the content of your proxied requests — the relay sees only destination IP/port and byte counts at the connection layer. The content of your proxied traffic is not covered by this policy; you are the controller for it.

2. What We Collect

Account & billing. Email address, full name (provided on the signup form), hashed credentials or OAuth identity (managed by Neon Auth), Stripe customer ID, billing address, payment-method metadata (last 4 digits, brand, expiry), invoice history, subscription state, and support correspondence. We do not store full card numbers.

Device telemetry (Android app). On device registration and refresh, the FalconProxy app collects a verbose snapshot for debugging and abuse detection: manufacturer/model/build fingerprint, OS version and security patch level, memory and storage totals, display metrics, battery state, carrier and SIM information (carrier name, MCC, MNC, ISO country), network interfaces and local IPs, sensor and camera metadata, timezone and locale, root-detection heuristics, and Settings.Secure.ANDROID_ID (used as the stable device identifier in our database). If you grant location permission, the app also reads WiFi SSID, BSSID, link speed, frequency, and signal strength.

Exit IP information. The Android app performs HTTPS GETs against api.ipapi.is and api.ipify.org to learn the device's public IP and its ASN / geographic location.

Server logs. The relay streams connection metadata to Grafana Cloud Loki via Alloy: timestamps, source IP (truncated where possible), destination host:port, byte counts, and tunnel identifier. Request and response bodies are never logged. The webapp also captures standard platform access logs from Vercel.

Crash reports. The webapp, Android app, and relay binary use Sentry to capture exceptions and runtime context. The authenticated user ID and email are attached to crash events; source IP is scrubbed in the SDK before transmission.

Metrics. Prometheus scrapes aggregate counters from the relay (tunnel counts, byte totals, per-device aggregates) into Grafana Cloud. No request content is included.

3. How We Use It (Legal Bases)

We process your data to (a) provide and operate the service, including device registration and proxy connectivity — performance of our contract with you; (b) bill and collect payment, and maintain tax and accounting records — contract performance and legal obligation; (c) detect and prevent abuse, fraud, and AUP violations — our legitimate interests in protecting our infrastructure and other customers; (d) maintain security, monitor health, and debug incidents — legitimate interests; (e) respond to your support requests — contract performance; and (f) respond to lawful requests from authorities — legal obligation. Any optional product analytics added in the future will be opt-in (consent).

4. Sub-Processors

We share data only as needed with sub-processors who are contractually bound to protect it.

  • Neon — Postgres database and Neon Auth (AWS us-east-1).
  • Vercel — webapp hosting and serverless functions (multi-region).
  • Stripe — payment processing and subscription management.
  • Resend — transactional email (signup, password reset, billing).
  • Sentry — error tracking and crash reporting (EU region).
  • Hetzner — relay VPS hosting (EU — DE / FI).
  • Cloudflare — DNS and edge for falconproxy.com (relay subdomains are DNS-only, not proxied).
  • Grafana Cloud — metrics, logs, and alerts (EU region).
  • Google Play — Android app distribution.
  • ipapi (api.ipapi.is) — public-IP geo and ASN lookup.
  • ipify (api.ipify.org) — public-IP discovery.

5. Retention

We keep account profile data (email, name, credentials) while your subscription is active and for 30 days after cancellation. Billing records are retained for 7 years to meet tax and accounting obligations. Device telemetry snapshots are kept while the device is registered; older snapshots are pruned after 90 days. Relay logs in Loki are retained for 30 days. Crash events in Sentry are retained for 90 days. Support correspondence is retained for 24 months from the last reply. Backups roll on a 30-day schedule. Records subject to legal hold are retained until the hold is lifted.

6. International Transfers

We operate infrastructure in the US and EU. Personal data of EU and UK data subjects may be transferred to the US (Vercel, Stripe, certain Grafana / Sentry instances, the IP-lookup APIs). We rely on EU Standard Contractual Clauses, the EU-US Data Privacy Framework where the sub-processor participates, and applicable adequacy decisions. To request a copy of the relevant transfer mechanism, email contact@falconproxy.com.

7. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to receive it in a portable format. You may withdraw consent for any consent-based processing without affecting the lawfulness of prior processing. EU and UK residents have the right to lodge a complaint with a supervisory authority. To exercise any of these rights, email contact@falconproxy.com. We aim to respond within 30 days and may need to verify your identity before fulfilling a request.

8. Children

FalconProxy is not intended for, and we do not knowingly collect personal data from, anyone under 16 years old. If we learn that we hold data about a child under 16, we will delete it.

9. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified by email to the address on file at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance.

10. Contact

Privacy questions and data-subject requests can be sent to contact@falconproxy.com.

Privacy Policy | FalconProxy | FalconProxy