This Data Retention Policy defines how long the Operator retains different categories of data collected through the Service, the legal or operational justification for each retention period, and the deletion methods used when data is no longer needed.

The Operator follows the principle of data minimization as established by Article 5(1)(c) of the GDPR — Personal Data is retained only as long as necessary for its stated purpose. When the retention period expires, data is deleted or anonymized in accordance with the methods described in this policy.

This policy applies to all data processed by the Operator in connection with the provision of proxy infrastructure services, whether stored in primary databases, caches, logs, or backup systems. It is designed to support compliance with applicable GDPR/UK GDPR, CCPA/CPRA, and Australian Privacy Act requirements, including minimum retention and purpose limitation obligations. Retention decisions are reviewed at least annually.

The following schedule details typical retention periods, justifications, and deletion methods for each category of data processed by the Operator. Retention windows may vary by product, region, contractual requirements, or legal obligations:

Account Profile Data (email address, display name, company name) Typical retention period: Account lifetime + 30 days after account closure Justification: Service delivery, contract performance under Article 6(1)(b) GDPR Deletion method: Anonymization — PII replaced with non-reversible placeholder values

Authentication & Session Logs (login timestamps, session IDs, IP addresses used for authentication) Typical retention period: 90 days Justification: Security monitoring, fraud prevention under Article 6(1)(f) GDPR Deletion method: Hard delete from all primary storage

Payment & Transaction Records (invoices, payment amounts, last four digits of card number, billing address) Typical retention period: 7 years Justification: Tax law compliance, accounting obligations under applicable fiscal regulations Deletion method: Secure archive with encryption for the retention period, then permanent deletion

Wallet & Billing Metadata (wallet balances, top-up history, bonus credits, and billing references) Typical retention period: 7 years Justification: Billing disputes, anti-fraud monitoring, and financial audit requirements Deletion method: Secure archive for required period, then permanent deletion

IP Assignment Records (mapping of which customer was assigned which proxy IP addresses) Typical retention period: Service term + 90 days after termination Justification: Billing reconciliation, abuse investigation, legal compliance Deletion method: Hard delete from all primary storage

Bandwidth Usage Metrics (volume of data transferred per IP address, per session) Typical retention period: 90 days Justification: Billing reconciliation, fair use policy enforcement Deletion method: Hard delete from all primary storage

Support Tickets (messages, file attachments, metadata) Typical retention period: 2 years from ticket resolution Justification: Service quality assurance, dispute resolution Deletion method: Anonymization — PII replaced with placeholder values, aggregated trends retained

Abuse Reports & Investigation Records (reports received, investigation findings, actions taken) Typical retention period: 3 years from case closure Justification: Legal defense, repeat offender pattern detection Deletion method: Secure archive for the retention period, then permanent deletion

GDPR Consent Records (cookie consent preferences, marketing opt-in/opt-out records) Typical retention period: 3 years from last consent change Justification: GDPR audit trail compliance under Article 7(1) GDPR Deletion method: Hard delete from all primary storage

Referral & Loyalty Program Data (referral codes, reward balances, tier history) Typical retention period: Account lifetime Justification: Reward program administration, contractual obligation Deletion method: Anonymization upon account closure

API Access Logs (endpoint called, request timestamp, HTTP response code, request origin) Typical retention period: 90 days Justification: Security monitoring, rate limit enforcement, debugging Deletion method: Hard delete from all primary storage

The Operator does not routinely collect, store, inspect, or log the following categories of data as a standard operating practice:

- Traffic payload content (for tracking or profiling) — HTTP request bodies, response bodies, or payload data are not retained for analytics, profiling, or advertising. - DNS logs for broad surveillance — Domain name lookups are not used for behavioral profiling or user targeting. - Browsing destination logs for profiling — We do not create user-facing browsing or destination history for advertising or monitoring. - Credentials or authentication tokens in transit — Usernames, passwords, API keys, or session tokens transmitted by customers are not retained in plaintext. - Content of communications — Private message content or application payload content is not retained for profiling.

The Operator operates with defined intermediary controls under applicable law. Network traffic is transmitted and routed for service delivery, while operational metadata is retained only as required for security, abuse prevention, support, and legal obligations. The Operator does not retain full packet payloads for profiling, content analysis, or targeted advertising.

The Operator uses the following deletion methods, applied according to the retention schedule in Section 2:

Hard Delete Data is permanently removed from all primary storage systems, including databases, file storage, and application caches. Deletion is verified through automated integrity checks. Backup copies containing the deleted data are purged within 90 days of primary deletion (see Section 6).

Anonymization Personally identifiable information (PII) is replaced with non-reversible placeholder values (e.g., email addresses replaced with "deleted-[hash]@anonymized.local"). The anonymization process is irreversible — original data cannot be reconstructed from the placeholder values.

Aggregated, non-identifying statistics derived from the original data may be retained for a maximum of 24 months for legitimate operational and audit analytics, with annual review and documented manager approval for any extension.

Secure Archive Data is encrypted and moved to restricted-access cold storage systems. Archived data is accessible only to authorized personnel for specific legal or tax compliance purposes. Access to archived data requires documented justification and management approval. At the end of the archive retention period, data is permanently deleted using the Hard Delete method.

All deletion operations are logged for audit purposes. Deletion logs themselves are retained for a limited period (typically up to 1 year).

Data subjects have the right to request early deletion of their Personal Data, even before the scheduled retention period expires. Requests can be submitted through:

- Account Settings — Data export and privacy preferences (where available) - Email — By contacting privacy@hex.gg with the subject line "Data Deletion Request"

Processing timeline: Data deletion requests are acknowledged within 5 business days where possible and processed within applicable statutory timeframes (typically within 30 calendar days). For California and other U.S. state rights requests, processing may follow a 45-day timeline where authorized by law, with a possible extension where permitted.

Exceptions: Some categories of data may be retained beyond the deletion request if required by law. Specifically: - Payment and transaction records must be retained for 7 years under applicable tax and accounting regulations - Abuse investigation records may be retained where required for ongoing legal proceedings or regulatory obligations - GDPR consent records may be retained as evidence of prior consent where legally necessary - Wallet and billing metadata may be retained as needed for fraud review, chargeback investigations, and payment audit obligations

Where an exception applies, the Operator will inform the data subject of the specific legal basis for continued retention, the categories of data affected, and the expected retention period.

Jurisdiction-specific notices: - EU/UK requests may rely on GDPR/UK GDPR rights pathways. - California and other U.S. state privacy jurisdictions may receive additional statutory notice and rights pathways where applicable. - Australia requests may be handled consistent with APP 6 (use and disclosure), APP 11 (security), and APP 12 (access/correction) handling requirements.

Verification: The Operator may require identity verification before processing a deletion request, to prevent unauthorized access to or deletion of another person's data.

Automated backup schedule: The Operator maintains automated backups of all primary data stores. Backup snapshots are created daily and retained on a rolling basis.

Backup retention period: Backup copies are retained for a limited period (typically up to 30 days) from the date of creation. Older backups are automatically overwritten or deleted.

Post-deletion backup purge: After Personal Data is deleted from primary storage (whether through scheduled retention expiry, Data Subject request, or account closure), any backup copies containing that data will be purged within a limited period (typically up to 90 days). During this interim period, backup data is not used for any operational purpose and is accessible only for disaster recovery.

Backup encryption: Backup data is encrypted at rest where supported by our storage providers. Backup encryption keys are managed separately from production encryption keys and are rotated periodically.

Backup access controls: Access to backup systems is restricted to authorized infrastructure personnel only, with all access logged and auditable.

This Data Retention Policy is reviewed at least annually by the Operator's data protection and compliance team. Reviews assess whether retention periods remain appropriate in light of:

- Changes to applicable data protection law or regulatory guidance - Changes to the types of data processed or the purposes of processing - Outcomes of data protection impact assessments - Findings from internal or external audits - Industry best practices and evolving security standards

Notification of changes: Material changes to this policy will be communicated to affected users via email notification and an in-dashboard announcement with advance notice where feasible.

Version history: Previous versions of this policy are archived and available upon request. The "Last updated" date at the top of this page reflects the most recent revision.

Questions and feedback: Data subjects and customers may direct questions about this policy to privacy@hex.gg. The Operator welcomes feedback and aims to respond within 10 business days.