Privacy Policy

Last updated: May 7, 2026

Shellroute ("we", "us", "our") operates the shellroute.com website, the shellroute CLI, and the shellroute API (collectively, the "Service"). This policy describes what data we collect, how we use it, and your rights.

1. Data we collect

Account data

When you create an account, we collect your email address. Authentication uses one-time email codes or API keys — we store only the cryptographic hash of API keys, never the key itself.

Session data

When you use the proxy service, we record: session start/end times, selected country, route type (residential/datacenter), bytes transferred (upload and download), and session cost. We need this for billing and abuse prevention.

Payment data

Payment processing is handled by third-party providers (e.g. Stripe). We store transaction references and top-up amounts. We do not store credit card numbers or bank details.

Usage data

We collect standard web analytics data (page views, referrer, browser type) on our website. We use cookies for essential functionality (theme preference, authentication session tokens) and analytics.

2. What we do NOT collect

  • We do not log, inspect, or store the content of your proxy traffic
  • We do not record destination URLs or domains you access through the proxy
  • We do not sell or share personal data with third parties for marketing

3. How we use your data

  • Provide the service: authenticate sessions, route traffic, meter usage, process billing
  • Prevent abuse: detect and respond to violations of our acceptable use policy
  • Improve the service: identify performance issues, optimize infrastructure
  • Communicate: account-related notices, service updates, security alerts

4. Data retention

Account data is retained while your account is active. Session metadata (timestamps, country, bytes, cost) is retained for 90 days for billing and dispute resolution. You can delete your account in your console settings or by contacting [email protected].

5. Data security

We use industry-standard measures to protect your data: encrypted connections (TLS), hashed API keys, and access controls on our infrastructure. No system is perfectly secure — if we become aware of a breach affecting your data, we will notify you promptly.

6. Third parties

We use third-party services for payment processing, hosting, and analytics. These providers are bound by their own privacy policies and only receive data necessary to perform their function.

7. Your rights

You can request a copy of your data, correction of inaccurate data, or deletion of your account and associated data. Contact [email protected] for any data-related requests.

8. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on our website. The "last updated" date at the top of this page indicates when the policy was last revised.

9. Contact

For privacy-related questions: [email protected]