The Operator publishes transparency updates periodically to provide visibility into our operations, data practices, and compliance activities. This report covers the most recent reporting period available. We believe transparency is essential for building trust with our customers and the broader internet community.

The Operator processes the following categories of data:

Collected and Processed: • Account information (email, display name): for service delivery • Payment records: for billing and tax compliance • IP assignment records: for service delivery and abuse prevention • Bandwidth usage metrics: for billing and fair use • Login/session metadata: for security monitoring • Cookie consent records: for GDPR compliance

Never Collected (Mere Conduit): • Traffic content (HTTP request/response bodies) • DNS queries made through proxies • Browsing history or destination URLs • Credentials or authentication tokens in transit • Content of communications

The Operator operates as a mere conduit under the EU Digital Services Act and does not inspect, store, or log customer traffic content.

Current subprocessors engaged by the Operator (summary):

• Cloud Authentication Provider — User authentication and identity management (US/Global) • Payment Processor — Payment processing and subscription management (via PCI-certified providers) • Database Provider — Structured data storage and real-time queries (region varies) • Infrastructure Host — Server hosting and network connectivity (region varies) • Edge Network Provider — CDN, DDoS protection, and edge caching (region varies) • Communication Platform — Internal admin notifications only, no customer data processed (US)

All subprocessors operate under Data Processing Agreements. Changes to subprocessors are notified to customers in advance where feasible.

Reporting period metrics:

• Total abuse reports received: [Reported when available] • Reports acknowledged within 24 hours: [Reported when available] • Reports resulting in enforcement action: [Reported when available] • Accounts suspended: [Reported when available] • Accounts terminated: [Reported when available] • Average resolution time: [Reported when available]

Reporting period metrics:

• Total law enforcement requests received: [Reported when available] • Requests complied with (full): [Reported when available] • Requests complied with (partial): [Reported when available] • Requests rejected (insufficient legal basis): [Reported when available] • Emergency disclosure requests: [Reported when available] • Preservation requests: [Reported when available]

The Operator reviews all requests for legal validity before responding. Users are notified where permitted by law.

Reporting period metrics:

• Data export requests (GDPR Article 20): [Reported when available] • Consent modification requests: [Reported when available] • Data rectification requests: [Reported when available]

Requests are processed within applicable statutory timeframes (typically 30 days where required).

Reporting period summary:

• Security incidents detected: [Reported when available] • Incidents requiring customer notification: [Reported when available] • Mean time to detection: [Reported when available] • Mean time to resolution: [Reported when available] • Breaches reported to supervisory authorities: [Reported when available]

Reporting period:

• Overall service availability: [Reported when available] • Planned maintenance windows: [Reported when available] • Unplanned outages: [Reported when available]

Summary of policy changes during reporting period:

[Reported when available with any changes to Terms, Privacy Policy, AUP, DPA, or other legal documents]