Privacy Policy

1. Who we are

ProxFarm is the data controller for the personal information described in this Policy. You can contact our privacy team at privacy@prox.farm.

2. What we collect

• Account data: your email address, display name, phone number (if provided), and a hashed password or magic-link identifier.
• Financial activity: deposits, withdrawals, transfers, session activations, streak data, and balances. No card or bank credentials are ever stored by us.
• Device & usage data: IP address, browser type, pages visited, and timestamps, collected via standard server logs and first-party analytics.
• Communications: messages you send to our support and the content of emails we exchange with you.

3. How we use it

• To operate and secure your account and the Services.
• To calculate daily-session returns and apply streak multipliers.
• To detect and prevent fraud, abuse, and money-laundering.
• To comply with legal and regulatory obligations.
• To contact you with transactional emails (sign-in, password resets, security alerts).
• To improve the product through aggregated, de-identified analytics. We do not sell or rent personal data.

4. Legal bases (GDPR)

If you are in the European Economic Area or the UK, our legal bases are:

• Contract — processing needed to provide the Services.
• Legal obligation — AML/KYC and tax reporting.
• Legitimate interest — securing the platform, preventing fraud, and improving features.
• Consent — for optional analytics or marketing emails; you may withdraw consent at any time.

5. Who we share data with

We share personal data only with:

• Infrastructure providers (Vercel for hosting, Supabase for database and auth, SendGrid for transactional email) — under strict data-processing agreements.
• Regulators and law enforcement when legally required.
• Professional advisors (accountants, auditors, lawyers) under confidentiality.

We never sell your data. We never share it with advertisers.

6. International transfers

Our infrastructure spans multiple regions. When we transfer data outside the EEA/UK/Tunisia, we rely on Standard Contractual Clauses or equivalent safeguards to protect your rights.

7. Retention

We keep your account data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting, or fraud-prevention obligations (typically 5–7 years for financial records). After this, we anonymise or delete it.

8. Your rights

You have the right to:

• Access a copy of your personal data;
• Correct inaccurate data;
• Delete your data (subject to legal retention obligations);
• Object to or restrict processing based on legitimate interest;
• Data portability in a structured, machine-readable format;
• Lodge a complaint with a supervisory authority (e.g. the Tunisian INPDP or your local EU authority).

To exercise these rights, email us at privacy@prox.farm. We respond within 30 days.

9. Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed using Argon2. We follow industry-standard controls including least-privilege access, logging, and quarterly security reviews. No system is perfectly secure — if we learn of a breach that affects you, we will notify you without undue delay.

10. Cookies & tracking

We use strictly necessary cookies for authentication and session management, and first-party analytics cookies to understand product usage. You can opt out of analytics from your account settings. We do not use third-party advertising cookies.

11. Children

ProxFarm is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

12. Changes

We may update this Policy periodically. Material changes will be communicated at least 14 days before they take effect via email and in-app notice.