En
Ru
En

Privacy Policy

Effective Date: May 19, 2025

Mango Proxy is a legal entity duly registered under applicable law.

This Privacy Policy is drafted in consideration of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), consumer protection laws (CCPA/CPRA) to the extent applicable to relevant data subjects, applicable international data protection laws, and other applicable jurisdictions governing the collection, processing, protection, and use of personal data. The Policy defines the procedure for processing personal data and the security measures applied by Mango Proxy (hereinafter, the Operator).

1.1. The Operator’s primary objective is to respect the rights and freedoms of individuals in processing their personal data, including the right to privacy and the protection of personal and family life.

1.2. This Policy applies to all information that the Operator may obtain about visitors to the website https://mangoproxy.com and https://mangoproxy.ru and related resources.

Key terms used in the Policy

2.1. Automated processing of personal data means processing using computer technologies.

2.2. Blocking of personal data means a temporary suspension of processing (except where processing is necessary to clarify personal data).

2.3. Website means a set of graphic and informational materials, as well as programs and databases that provide access at https://mangoproxy.com and https://mangoproxy.ru.

2.4. Personal data means any information or set of information relating to an identified or specifically identifiable person.

2.5. Personal data information system means a set of personal data contained in databases and the technologies/tools used to process them.

2.6. Anonymization of personal data means actions that render it impossible, without additional information, to determine the association of personal data with a specific data subject.

2.7. Processing of personal data means any action or set of actions on personal data: collection, recording, systematization, accumulation, storage, rectification, retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction.

2.8. Personal data permitted by the subject for dissemination means personal data to which access is granted to an unlimited circle of persons based on a separate consent of the subject in the manner prescribed by applicable law.

2.9. User means any website visitor and/or a registered Mango Proxy client.

2.10. Provision of personal data means actions aimed at disclosing personal data to a specific person or group of persons.

2.11. Dissemination of personal data means disclosure to an indefinite circle of persons or providing access to them in another way.

2.12. Cross‑border transfer of personal data means the transfer of personal data to the territory of a foreign state to an authority, an individual, or a legal entity.

2.13. Destruction of personal data means actions resulting in the irreversible destruction of personal data without the possibility of restoration.

Operator’s main rights and obligations

3.1. The Operator has the right to:

  • receive accurate information and/or documents containing personal data from the data subject;
  • continue processing personal data without separate consent where legal bases under applicable law (including GDPR) exist, for fulfilling legal obligations, protecting legitimate interests, or performing a contract;
  • independently determine the scope and list of measures necessary and sufficient to comply with applicable legal requirements.

3.2. The Operator is obliged to:

  • provide the data subject, upon request, with information about the processing of their personal data;
  • organize personal data processing as prescribed by current legislation;
  • respond to requests and inquiries from data subjects and their representatives within statutory timeframes;
  • interact with competent data protection authorities within established timeframes;
  • publish and ensure unrestricted access to this Policy;
  • take legal, organizational, and technical measures to protect personal data;
  • cease processing and destroy personal data in cases provided by law;
  • fulfill other obligations under applicable law, including the GDPR.

Data subjects’ main rights and obligations

4.1. Data subjects have the right to:

  • access their personal data and information about its processing;
  • request correction of inaccurate data and completion of incomplete data;
  • request deletion of personal data where grounds exist (including the “right to be forgotten,” subject to legal exceptions);
  • object to processing for marketing and other purposes where permitted by law;
  • restrict processing in prescribed cases;
  • data portability (where applicable);
  • obtain compensation in cases provided by law.

4.2. Data subjects must provide accurate data to the Operator and promptly report changes.

4.3. Persons who have provided false data or third‑party data without proper rights are liable under applicable law.

Categories of personal data processed by the Operator

5.1. Identification and contact data: last name, first name, patronymic (if provided), email address, phone numbers.

5.2. Account and service interaction data: profile settings, order and payment history, support requests.

5.3. Technical data: IP address, browser type and version, device data, timestamps, access logs, cookies, analytics data.

5.4. Payment data: processed by third‑party payment providers (e.g., Stripe, crypto providers) in accordance with their policies; Mango Proxy does not store full payment card details.

5.5. KYC data for payments via Stripe (only when needed to complete payment through Stripe): name, date of birth, citizenship, address, images/scans of an identity document (passport/ID/driver’s license), selfie for biometric checks; for legal entities—registration documents, ultimate beneficial owner (UBO) information, proof of address. KYC is not required at the account registration stage.

5.6. The Operator does not process special categories of personal data (racial/ethnic origin, political opinions, religious or philosophical beliefs, intimate life) and biometric data outside procedures initiated by the payment provider for KYC.

Principles of personal data processing

6.1. Lawfulness, fairness, and transparency of processing.

6.2. Purpose limitation and data minimization.

6.3. Accuracy and timeliness.

6.4. Storage limitation.

6.5. Integrity and confidentiality; security by default and by design.

6.6. Availability of legal bases: consent of the subject; performance of a contract or pre‑contractual measures; fulfillment of the Operator’s legal obligations (including KYC/AML); protection of vital interests; performance of a task in the public interest; legitimate interests of the Operator or third parties while maintaining a balance of rights.

Purposes of processing personal data

7.1. Provision and improvement of Mango Proxy services; account management and customer support; service security; research and analytics; communication via email and interface; creation and evaluation of relevant content and advertising materials.

7.2. Sending notifications about products, services, promotions, and events. Unsubscribing is available by emailing [email protected] or using the “Unsubscribe” link in an email.

7.3. Use of de‑identified data for analytics and improving site quality and content.

7.4. Performing KYC/AML procedures exclusively for payments via Stripe: payer identification, screening against sanctions and PEP lists, transaction risk assessment, fraud prevention, and compliance with payment systems’ and regulators’ requirements.

Legal bases for processing

8.1. Applicable legislation (including the GDPR), the Operator’s constitutive documents, and contracts with data subjects.

8.2. Personal data are processed when voluntarily provided by the subject via forms on the website/dashboard, in support correspondence, or while using the service. By completing forms and/or submitting data, the subject confirms awareness of this Policy and, where required, provides consent.

8.3. Processing of de‑identified data is permitted when browser settings are enabled (cookies, JavaScript, etc.).

Conditions for processing personal data

9.1. This Privacy Policy is a legally binding agreement between the user and the company. By accessing and using the system, and by providing information in other forms, the user agrees to this Privacy Policy, including periodic changes, and consents to the collection, use, and transfer of personal data for processing as described herein.

9.2. For performance of a contract with the data subject or to take pre‑contractual steps at their request.

9.3. To fulfill the Operator’s legal obligations, including financial monitoring requirements (KYC/AML) for payments via Stripe.

9.4. To protect the legitimate interests of the Operator or third parties while maintaining a balance of rights.

9.5. Regarding publicly available data—within the scope provided by the subject.

Collection, storage, transfer, and security

10.1. The Operator applies legal, organizational, and technical protection measures (encryption in transit and at rest, access control, security event monitoring, audit).

10.2. Personal data are not transferred to third parties except as required by law, for contract performance, with the subject’s consent, or to deliver services involving processors.

10.3. Data updates are carried out upon the subject’s request to [email protected].

10.4. The storage period is determined by processing purposes and legal requirements; upon achieving purposes, data are deleted or anonymized unless otherwise required by law.

10.5. Information collected by third‑party services (payment systems, communications providers, analytics) is stored and processed by them under their documents. It is recommended to review their terms and policies.

10.6. Restrictions on the transfer or processing of data permitted for dissemination do not apply if processing is carried out in state, public, or other public interests as provided by law.

10.7. The Operator ensures the confidentiality of personal data and grants access only to authorized persons.

10.8. Personal data are stored in a form that allows identification of the subject no longer than required by processing purposes or law/contract.

10.9. Processing ceases upon achieving purposes, expiration/withdrawal of consent, or identification of unlawful processing.

Transfer to third parties and KYC for Stripe

10.10. Payment providers. Third‑party payment providers (e.g., Stripe, crypto providers) are used to accept payments. They act as independent controllers or processors depending on role and contracts.

10.11. KYC is not required to register an account on the Mango Proxy service.

10.12. Security of KYC data. KYC data are protected by encryption in transit and at rest; access is restricted; principles of minimization and storage limitation apply. Access is provided only to authorized employees and vendors to the extent necessary for verification purposes.

List of actions on personal data

11.1. Collection, recording, systematization, accumulation, storage, rectification, retrieval, use, transfer (including granting access to processors), anonymization, blocking, deletion, destruction.

11.2. Automated processing may include transmission over communication networks subject to security measures.

Cross‑border transfer of personal data

12.1. Before cross‑border transfer, the Operator assesses the level of data protection in the relevant jurisdiction and applies necessary safeguards (e.g., standard contractual clauses, other legal mechanisms).

12.2. Transfers to countries without a recognized adequate level of protection are carried out with appropriate safeguards and/or with the subject’s consent, or when necessary for contract performance.

KYC only for payments via Stripe

13.1. KYC applies exclusively to payments processed through Stripe. KYC is not required for registration and basic access to functionality.

13.2. Failure to provide necessary KYC data for a Stripe payment may result in inability to complete the transaction, restriction, or delay of payment in accordance with the payment provider’s and legal requirements.

13.3. Retention periods for KYC data are determined by legal and payment system requirements; upon expiration of required periods, data are deleted or anonymized.

Confidentiality of personal data

The Operator and other persons who have gained access to personal data are obliged not to disclose or disseminate them without the subject’s consent, unless otherwise provided by law.

Exercising data subjects’ rights

15.1. Requests for rights of access, rectification, deletion, restriction, portability, objection to processing, as well as regarding KYC data, may be sent to [email protected]. Where data retention is required by law or financial regulators, deletion may be limited.

15.2. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal and may result in the inability to provide certain services (e.g., processing a Stripe payment).

Final provisions

16.1. For clarifications on personal data processing, contact [email protected].

16.2. All changes to this Policy are published in this same edition; the Policy remains in force indefinitely until replaced by a new version.16.3. The current version of the Policy is available at https://mangoproxy.com/privacy/