Privacy Policy

Última atualização:

1. Parties

Wergames OÜ, legal address: Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10120, Estonia, named as Froxy ("we", or "our") present you Privacy Policy. This Privacy Policy discusses the ways in which we collect, use, maintain and disclose information collected by us from our customers, visitors to our websites, and, in some cases, visitors to our customer's websites ("Users"). Capitalized terms used but not defined in this policy have the meaning given to them in our Terms of Use.

For the purposes of the General Data Protection Regulation (GDPR), Wergames OÜ acts as the Data Controller of personal data. Certain verification and monitoring functions, including identity, email, and device verification, are performed by trusted third-party processors under GDPR-compliant Data Processing Agreements (DPAs), as described in our KYC Policy.

2. Acceptance of the Policy

You accept this Privacy Policy by using our website (referred to herein as the "Site"), placing an order for Services (as defined in the Terms of Use) with us or joining our email list. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE STOP USING THE SERVICES IMMEDIATELY.

The General Data Protection Regulation (GDPR) provides various legal bases on which personal data can be legally processed. We base the processing of your data on the following legal principles:

  • your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR
  • the initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR
  • the fulfilment of a legal obligation (Art. 6 para. 1 lit. c) GDPR
  • the pursuit of our legitimate interests (Art. 6 para. 1 lit. f) GDPR, such as ensuring network security, preventing fraud and misuse, and improving our Services, provided that your interests or fundamental rights do not override those interests.

4. Security

We have implemented technical, physical and administrative safeguards designed to protect personal information against loss and against unauthorized access, use, and disclosure. Passwords are stored on our server in encrypted form. We have personal information retention processes designed to retain personal information as necessary for the purposes stated above or to otherwise meet legal requirements. Unless this Privacy Policy states otherwise, our employees are required to keep the information set out here confidential. We apply industry-standard safeguards including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access control, and audit logging. All processing follows the data minimization principle and least-privilege access policy.

5. Information that we collect

We collect different categories of personal data depending on how you interact with our Services:

  • Account and billing data: name, email, billing address, payment details, and contact preferences.
  • Technical and usage data: IP address, device/browser identifiers, session logs, account configuration, and usage metrics.
  • KYC and verification data: identity documents (e.g., passport or ID card), proof of address, liveness video, and beneficial ownership information.

KYC verification is performed by our trusted partner Sumsub, acting as an independent data processor under a GDPR-compliant Data Processing Agreement. Froxy does not store raw identity documents, biometric data, or video files; these remain securely hosted and processed by Sumsub under its own privacy and data-retention policy (available at https://sumsub.com). Froxy only retains the verification result (pass/fail status, decision timestamp, and risk score) necessary to manage account status and comply with AML/CTF obligations.

  • Third-party risk signals: data from our verification and fraud-prevention partners (e.g., email or device reputation providers) used to assess potential abuse or misuse of the Services.

We do not sell or lease personal data. We may share limited information with our affiliates, payment processors, and verification vendors strictly for the purposes of providing and securing the Services and fulfilling legal compliance duties.

6. Using your personal information

We use your information in order to provide you with the Service and to comply with our legal requirements and internal guidelines. This means that we will use the information to set up your account, provide you with support regarding the Service, communicate with you for updates, marketing offers or concerns you may have and conduct statistical and analytical research to improve the Service. We also process data to comply with anti-money laundering (AML) and counter-terrorist financing (CTF) obligations, to enforce sanctions regulations, and to detect, investigate, and prevent fraud or misuse of the Services in line with our KYC Policy.

7. Storage period

We store your data:

  • if you have consented to the processing at most until you revoke your consent;
  • if we need the data for the execution of a contract, at the most as long as the contractual relationship with you exists or legal retention periods run;
  • if we use the data on the basis of a justified interest, at the most as long as your interest in deletion or anonymization does not prevail;
  • if legal (e.g. commercial code, tax code) exist, until the end of these storage obligations.

In particular, KYC-related records and verification logs are retained for five (5) years after the end of the business relationship or completion of the transaction, unless a longer retention period is required by applicable law.

Froxy does not retain raw KYC documents or biometric data. Such materials are securely stored and managed by Sumsub as a data processor under EU data-residency. Froxy retains only verification logs and metadata (status, decision date, reviewer ID) for compliance and audit purposes.

8. International Data Transfers

Some of our service providers (for example, cloud hosting or payment processors) may process personal data outside the European Economic Area (EEA). In such cases, Froxy ensures that appropriate safeguards are in place, such as European Commission adequacy decisions, Standard Contractual Clauses (SCCs), or certification under the EU-US Data Privacy Framework, ensuring that your personal data remains protected to EU standards.

9. Customers' rights to collecting data

With respect to your personal data you have the following additional rights granted by the General Data Protection Regulation (GDPR):

  • to get familiar with your personal data and how it is processed;
  • to demand restricting the processing of your personal data when personal data is processed without complying with legal requirements or when there is another legal basis;
  • to demand to transfer your personal data to another data controller or provide it directly to you in a convenient format (applicable to that personal data that you submitted and that is processed by automated means on the basis of your consent);
  • to object to processing of your personal data, if it is processed on the basis of a legitimate interest, unless there are legitimate reasons for such processing or for the purpose of making, pursuing or defending legal claims;
  • in cases where your personal data is processed on a separate consent basis, you have the right at any time to withdraw your consent to processing of your personal data;
  • if you think that your data is processed unlawfully or your rights in connection with data processing are violated, you have a right to contact a relevant data protection authority of your habitual residence, place of work or of an alleged infringement and file a complaint. We recommend you to contact us before submitting a formal complaint in order to find the right solution to a problem. You may exercise these rights by contacting us at support@froxy.com. We will respond to your request within one (1) month as required by the GDPR.

10. Deleting personal information

You may request that we delete your personal information, and we shall attempt to accommodate such requests. However, we may retain certain personal data where retention is required by law - for example, under anti-money-laundering (AML), counter-terrorist financing (CTF), or tax regulations - or where it is necessary to establish, exercise, or defend legal claims.

11. Changes to the policy

Material changes to this Policy will take effect no earlier than 30 calendar days from the date we notify you by email and through your account dashboard. Non-material updates take effect upon publication on our website. You agree to our use of electronic communications with you for purposes of this Policy. If you do not agree to the changes to this Policy, we will continue to maintain and use personal information previously collected in accordance with the Policy in force as of that date.