Pools Pricing How It Works FAQ Login Get Started Free
Legal

Privacy Policy

netnow LLC  ·  Effective: January 1, 2025  ·  Last updated: April 2025

netnow LLC is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service, you agree to this policy.

1 Scope

This Privacy Policy applies to all information collected by netnow LLC ("netnow," "we," "us," or "our") through the netnow.net website, the app.netnow.net dashboard, the api.netnow.net API, and any other services we operate (collectively, the "Service").

It does not apply to third-party websites, applications, or services that may be linked to or from the Service, or to the websites of our Upstream Providers. We encourage you to review the privacy policies of those third parties separately.

2 Information We Collect

Because netnow operates on a token-based, no-account model, we collect significantly less personal information than traditional services. However, we do collect the following categories of information:

2.1 Information You Provide

  • Payment information: When you purchase data or deposit credit, our payment processors (Stripe, Cryptomus) collect your payment card details or cryptocurrency wallet address. We do not store full card numbers — Stripe provides us with a tokenized reference. For cryptocurrency transactions, the blockchain transaction hash and wallet address are retained.
  • Support communications: If you contact us via email or live chat, we retain the contents of that communication including any information you voluntarily provide.
  • Phone number (SMS verification): If you opt in to the free trial via SMS verification, we collect your phone number solely for the purpose of sending a one-time verification code and preventing trial abuse. This number is hashed and not used for marketing.

2.2 Information Collected Automatically

  • IP address: We log the client IP address associated with authenticated account activity (proxy usage, dashboard actions, API calls) for security monitoring, abuse prevention, and service integrity. IP addresses are retained for up to 90 days.
  • Browser fingerprint: When generating a Token or claiming a free trial, we collect a browser fingerprint (device attributes, screen resolution, timezone, etc.) to prevent fraud and duplicate trial claims. This fingerprint is hashed and not used to identify you for marketing purposes.
  • Usage data: We collect metadata about your use of the Service, including data volumes consumed per pool, proxy request counts, API call timestamps, and account activity logs. This data is used for billing accuracy, rate limiting, and service improvement.
  • Log data: Our servers automatically record standard log data including timestamps, request paths, HTTP response codes, and referring URLs. These logs are retained for up to 30 days.
  • Cookies & session tokens: We use session cookies to maintain your authenticated state in the dashboard. See Section 9 for full details.

2.3 Information We Do Not Collect

We do not collect your name, email address, physical address, date of birth, or any government-issued identification unless you voluntarily provide it in a support communication. Proxy traffic routed through our infrastructure is not inspected, logged at the content level, or stored.

3 How We Use Information

We use the information we collect for the following purposes:

  • Service delivery: To provision your proxy access, process payments, calculate usage, and operate the Service;
  • Billing and accounting: To accurately track Credit balances, data consumption, and transaction history;
  • Security and fraud prevention: To detect abuse, prevent credential stuffing, identify unauthorized access, enforce trial limits, and protect the integrity of the Service and our Upstream Providers;
  • Customer support: To respond to your inquiries and resolve technical issues;
  • Legal compliance: To comply with applicable laws, respond to lawful government requests, and enforce our Terms of Service;
  • Service improvement: To analyze aggregate usage patterns, diagnose technical problems, and improve performance;
  • Communications: To send transactional notifications (e.g., payment confirmations, service announcements). We do not send marketing emails unless you have explicitly opted in.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5 Information Sharing

We do not sell your personal information. We may share information with the following categories of recipients:

  • Upstream Proxy Providers: To route your proxy requests, your proxy credentials (username/password derived from your Token) are transmitted to the relevant Upstream Provider. These providers may log connection metadata (IP, timestamp, bytes transferred) in accordance with their own policies.
  • Payment processors: Stripe and Cryptomus receive payment information necessary to process transactions. Their handling of that data is governed by their respective privacy policies.
  • Infrastructure providers: We use cloud hosting and CDN providers who process data on our behalf subject to data processing agreements;
  • Law enforcement & legal process: We may disclose information when required by a valid court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to prevent imminent harm, fraud, or illegal activity;
  • Business transfers: In the event of a merger, acquisition, asset sale, or bankruptcy, user information may be transferred as part of the transaction. We will notify users of any such change via a notice on the Service.

6 Third-Party Services

The Service integrates the following third-party services that may independently collect data:

We recommend reviewing the privacy policies of each of these providers.

7 Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

  • Account & usage data: Retained for the life of the Token plus 12 months, or until the Token is terminated;
  • Payment records: Retained for 7 years to satisfy accounting and tax obligations;
  • IP address logs: Retained for up to 90 days;
  • Server access logs: Retained for up to 30 days;
  • Support communications: Retained for up to 2 years from the date of the last communication;
  • Hashed phone numbers (SMS verification): Retained indefinitely to prevent trial re-claiming, but only in hashed form.

After the applicable retention period, data is securely deleted or anonymized.

8 Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • TLS/HTTPS encryption for all data in transit;
  • Encryption at rest for sensitive data fields;
  • Access controls restricting data access to authorized personnel on a need-to-know basis;
  • Regular security reviews of our infrastructure and dependencies.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. If you believe your Token has been compromised, cease using it immediately and contact us at [email protected].

In the event of a data breach that materially affects your rights, we will notify affected users as required by applicable law.

9 Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Session cookies (strictly necessary): Used to maintain your authenticated state in the dashboard. These are deleted when you close your browser or log out. They are required for the Service to function and cannot be disabled.
  • Preference cookies: May be used to remember display preferences. These can be cleared via your browser settings.
  • Third-party cookies: Google reCAPTCHA may set its own cookies. These are governed by Google's privacy policy.

We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. You can control or delete cookies through your browser settings. Disabling session cookies will prevent you from logging into the dashboard.

10 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you;
  • Rectification: Request correction of inaccurate or incomplete data;
  • Erasure ("right to be forgotten"): Request deletion of your personal data, subject to our legal retention obligations and the limitations of our token-based architecture (we cannot identify a user without their Token);
  • Restriction: Request that we restrict processing of your data in certain circumstances;
  • Portability: Request a structured, machine-readable copy of data you have provided to us;
  • Objection: Object to processing based on legitimate interests;
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

Because our Service is token-based, exercising many of these rights requires you to present your Token as proof of account ownership. Without your Token, we cannot reliably identify your account in our systems. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11 International Data Transfers

netnow LLC is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your home country.

For users in the EEA, UK, or Switzerland, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) where applicable to ensure adequate protection of your data.

12 Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected information from a minor, we will take steps to delete it promptly. If you believe we have collected information from a child, please contact us at [email protected].

13 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell;
  • Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions;
  • Right to Correct: You may request correction of inaccurate personal information;
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required;
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise California privacy rights, contact us at [email protected] with the subject line "California Privacy Request."

14 EEA & UK Users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data. Our legal bases for processing are described in Section 4.

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law. A list of EEA supervisory authorities is available at edpb.europa.eu.

For UK users, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

15 Automated Decision-Making

We use automated processes (including browser fingerprinting via FingerprintJS and Google reCAPTCHA scores) to make decisions in the following contexts:

  • Token generation: Automated fraud scoring determines whether a Token can be generated or whether additional verification is required;
  • Free trial eligibility: Automated checks against hashed phone numbers and device fingerprints determine whether a user is eligible for a free trial;
  • Abuse detection: Automated systems flag usage patterns for review, which may trigger account suspension pending manual investigation.

These decisions may have a legal or similarly significant effect on you (e.g., denial of service access). If you are located in the EEA or UK, you have the right under Article 22 of the GDPR to:

  • Request human review of an automated decision that significantly affects you;
  • Express your point of view regarding the decision;
  • Contest the decision.

To request a human review of an automated decision, contact us at [email protected] with the subject line "Automated Decision Review." We will respond within 30 days.

16 Data Processors & Sub-processors

We engage the following categories of data processors that may process personal data on our behalf:

  • Cloud hosting providers: Servers and databases that store account and usage data;
  • Payment processors: Stripe and Cryptomus process payment information under their own privacy policies and applicable data processing agreements;
  • Communication providers: Mailgun (email) and Twilio (SMS) process communications data;
  • Fraud prevention: FingerprintJS and Google reCAPTCHA process device and behavioral signals;
  • Object storage: MinIO or equivalent providers for file storage;
  • Upstream Proxy Providers: BrightData, Smartproxy, and NetNut receive proxy credential metadata when routing your requests.

Where required by law (including GDPR Article 28), we enter into Data Processing Agreements (DPAs) with sub-processors that process personal data on our behalf. These agreements require sub-processors to implement appropriate technical and organizational security measures and to process data only on our documented instructions.

A current list of sub-processors is available upon request at [email protected]. We will notify you of material changes to our sub-processor list through the mechanisms described in Section 18 (Changes to This Policy).

17 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

  • Notify the relevant supervisory authority (where required under GDPR or applicable law) within 72 hours of becoming aware of the breach, where feasible;
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms;
  • Notifications will include: a description of the nature of the breach, the categories and approximate number of individuals and records concerned, the likely consequences, and the measures taken or proposed to address the breach.

Because the Service is token-based and we do not collect email addresses by default, breach notifications to users will be delivered via a prominent notice on the Service or, where feasible, via any contact information voluntarily provided. We strongly recommend maintaining a secure record of your Token and any contact information you have provided to us.

If you believe your personal data has been compromised, please contact us immediately at [email protected].

18 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the "Last updated" date at the top of this page.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you disagree with changes, your remedy is to stop using the Service.

19 Contact

For questions, concerns, or to exercise your privacy rights, please contact us:

Entity
netnow LLC — Delaware, United States