This policy explains what personal data Chilly Proxy processes when you create an account, purchase plans, use the dashboard, or contact support — and what choices you have.
Effective May 28, 2026Public — indexed for transparency
Data controller & contact
Controller
Chilly Proxy (operator of chillyproxy.com / chillyproxies.com)
Service
Digital proxy subscriptions — billing, provisioning, and support via web dashboard
Chilly Proxy (“we”, “us”, “our”) provides proxy subscription services for lawful business and research use. This Privacy Policy applies when you visit our marketing site, create an account, purchase plans, use the customer dashboard, or contact support.
It also applies to optional channels such as our Telegram bot, where Telegram ID and message content may be processed to deliver the same services.
It applies to our optional browser extension (Chrome, Edge, Firefox) described in Optional browser extension below — only if you choose to install it.
We do not sell your personal information. We use data to operate the service, secure accounts, process payments, and comply with law. This policy is written to meet transparency requirements for advertising platforms (including Google Ads), payment partners, and privacy regulations such as GDPR and CCPA where they apply to you.
2. Data we collect
Account & identity
Email address, name, and contact details you provide at signup or in your profile.
Password hash (we never store plain-text passwords).
Affiliate or reseller application details when you apply for partner programs.
Billing & transactions
Wallet balance, top-up history, invoices, and order records.
Payment status from processors (e.g. crypto gateway confirmations) — not full card numbers when card payments are used.
Promo codes, coupons, and refund request correspondence.
Service delivery
Proxy credentials, pack IDs, usage limits, and provisioning metadata required to activate your plans.
Support tickets, chat messages, and attachments you submit.
Technical & security
IP address, browser type, device signals, and session identifiers for fraud prevention and session management.
API request logs for reseller partners (timestamps, endpoints, response codes — not full payload bodies by default).
Cookies and similar technologies for login sessions and trusted-device flow (see section 5).
3. How we use data
Create and authenticate your account; enable 2FA and password recovery.
Provision, renew, and manage proxy subscriptions you purchase (immediate digital delivery).
Process wallet debits, crypto checkouts, and generate invoices or receipts.
Measure advertising performance and site usage (see section 7).
Detect abuse, policy violations, chargeback fraud, and unauthorized access.
Provide customer support and communicate service or policy updates.
Improve reliability using aggregated statistics where possible.
Meet legal, tax, and regulatory obligations where applicable.
4. Legal bases (EEA / UK)
If you are in the European Economic Area or United Kingdom, we process personal data on these bases:
Contract — to provide the proxy service you purchased.
Legitimate interests — security, fraud prevention, service improvement, and B2B support, balanced against your rights.
Legal obligation — records required by tax, anti-fraud, or court order.
Consent — where we ask for optional marketing or non-essential cookies; you may withdraw consent anytime.
Optional Chilly Proxy browser extension
The extension is optional and separate from your Chilly Proxy account. You install it only if you want to switch proxies in the browser or use our Bandwidth Estimator on URLs that block normal website requests (CORS). Download: Chrome / Edge ZIP · Firefox ZIP · install guide.
Why we offer it
Proxy switching — save multiple proxy endpoints you already use and connect/disconnect in one click (traffic routes through the proxy you configure; we do not provide the proxy IPs inside the extension).
Bandwidth Estimator helper — on chillyproxy.com/tool-bandwidth-estimator only, the extension can measure response size for URLs the webpage cannot fetch because of CORS. The page asks the extension to run the same HEAD/GET size check from your browser; measurement results are shown on the page you are viewing, not uploaded to Chilly servers for storage.
What the extension stores (on your device only)
Proxy list — host, port, optional username/password, and labels you enter, in browser storage.local on your computer. We do not sync this list to our backend unless you separately use dashboard credentials elsewhere.
Session auth cache — short-lived proxy login credentials in storage.session while connected, cleared when you disconnect.
Connection state — which proxy is selected and whether it is enabled (so the extension does not auto-reconnect without your Connect action).
What we do not collect via the extension
We do not receive your full browsing history, bookmarks, or passwords from websites you visit.
We do not sell extension data or use it for advertising profiles.
We do not send your Bandwidth Estimator URLs, headers, or response bodies to Chilly Proxy servers — fetches run in your browser via the extension when you trigger a measure.
Permissions & why they are needed
storage — save your proxy list locally.
proxy — apply the proxy you selected to browser traffic when connected.
webRequest / webRequestAuthProvider — supply proxy username/password to the browser when your proxy requires authentication.
host access (<all_urls>) — only used when you measure a URL (Bandwidth tool or future measure features); you may be prompted once to allow the target host. Not used to read unrelated pages in the background.
Content script on chillyproxy.com — a small script runs only on our official site so the Bandwidth Estimator can detect the extension and request a measure you initiated. It does not run on arbitrary websites.
Third parties
When you connect a proxy, traffic goes to your proxy provider (which may be Chilly Proxy or another host you entered). That provider’s policies apply to traffic passing through their network. The extension does not add hidden trackers.
Your choices
Uninstall the extension or clear its data in chrome://extensions / Firefox add-ons. Disconnect removes active routing and clears session auth cache. For account-related privacy requests (dashboard data), use section 9 below.
5. Who we share data with
We share limited data only when necessary to operate the service:
Proxy infrastructure partners — to create sub-users, allocate traffic, or provision upstream plans (e.g. account labels, traffic limits).
Payment processors — to confirm crypto or card payments (e.g. Cryptomus).
Hosting & database providers — to store account and order data securely.
Google — when you interact with our ads or we use Google Ads, Analytics, or Tag Manager on public pages (see section 7).
Support & email tools — when you contact us through ticket systems.
Law enforcement — only when legally required or to protect rights, safety, and integrity of the network.
We do not sell personal information for money. We do not share data with data brokers. Each processor is bound by contractual or standard safeguards appropriate to the service they provide.
6. Cookies & similar technologies
Essential (strictly necessary)
Session cookies and HTTP-only tokens keep you signed in, protect checkout and API calls, and prevent cross-site abuse. These are required; blocking them prevents login and purchases.
Functional
Preferences such as trusted-device or UI state may be stored locally or in cookies to improve your experience.
Analytics & advertising (public site)
On marketing and landing pages we or our partners may use cookies/pixels to understand traffic, measure ad conversions, and show relevant ads. Details are in section 7. You can control many non-essential cookies through your browser settings.
7. Advertising, analytics & Google
We may use Google Ads (including conversion tracking and remarketing), Google Analytics, and Google Tag Manager on public pages to measure campaigns and improve our website. Google may set cookies or read device identifiers when you visit our site after clicking an ad or when remarketing lists are used.
Data processed may include: pages viewed, approximate location (derived from IP), device/browser type, referral URL, and ad click identifiers. Google may combine this with other data in your Google account per Google’s Privacy Policy.
We do not run personalized advertising inside the authenticated customer dashboard. If we enable a cookie consent banner in your region, we will honor your choices for non-essential cookies before loading marketing tags.
8. Retention & security
We retain account and billing records while your account is active and for a reasonable period afterward for disputes, chargebacks, and legal compliance. Proxy credentials are removed or deactivated when subscriptions expire or are cancelled.
We apply administrative access controls, encryption in transit (HTTPS), hashed passwords, and monitoring for suspicious activity. No method of transmission over the Internet is 100% secure; we encourage strong passwords and enabling 2FA on your account.
9. Your privacy rights
Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of personal data we hold about you, and to object to certain processing or withdraw consent.
Submit requests via our contact form or a support ticket from your account email. We may verify identity before responding. We aim to respond within 30 days (or sooner where law requires).
Deletion may be limited where we must retain records for legal obligations, active disputes, fraud prevention, or unfinished subscriptions.
10. California residents (CCPA / CPRA)
California residents may request: (1) categories of personal information collected; (2) sources and business purposes; (3) categories shared; (4) specific pieces we hold about you; (5) deletion; (6) correction; and (7) opt-out of “sale” or “sharing” for cross-context behavioral advertising.
We do not sell personal information for money. If we use advertising technology that constitutes “sharing” under California law, you may opt out via browser controls and the Google links in section 7. We will not discriminate against you for exercising privacy rights.
11. EEA / UK — complaints
You may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can resolve your concern. For requests under GDPR, reference section 4 (legal bases) and section 9 (rights).
12. Children
Our services are directed to adults and businesses. We do not knowingly collect personal data from anyone under 16 (or under 13 where applicable law sets a lower age only with parental consent). If you believe a child provided data to us, contact us and we will delete it.
13. International transfers
We and our processors may store or process data in countries other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms approved under applicable law.
14. Changes & contact
We may update this policy; the effective date above will change. Material changes may be announced on the website or by email to account holders. Continued use after the effective date constitutes acceptance where permitted by law.