Privacy Policy

Version No 4. Effective date: February 12, 2026.

This IPRoyal Services FZE LLC Privacy Policy (the “Privacy Policy“) strives to protect user privacy and information when using any system of IPRoyal Services FZE LLC or being in contractual relationship between IPRoyal Services FZE LLC as a service provider and any natural or legal person as a service user.

BY USING THIS WEBSITE www.iproyal.com (the “System“), YOU AGREE TO THE PRIVACY POLICY, WHICH MAY GET UPDATED WITHOUT PRIOR NOTIFICATION.

1. General provisions and definitions

1.1. IPRoyal Services FZE LLC is a legal entity, incorporated in the United Arab Emirates, license No 4387, address BLB-BC5-641 (5th floor), AMC - BOULEVARD-B Building, 143 AL HASSAN AL BASRI STREET, JURF 2, Ajman, United Arab Emirates (the “Company” / “us” / “we”).

1.2. Any person using Company’s services/systems is considered to be a client of the Company (the “Client” / “You”).

1.3. The Company and the Client are legally bound by the Terms and Conditions (the “Agreement”) which governs the contractual relationship between the Company as a service provider and the Client, as any natural or legal person, as a service user, or a user of System prior to/without logging-in/creating an account (Account).

1.3.1. The Company provides multiple IP address proxy infrastructure solutions, including IP addresses for the Clients to connect to the internet, and access to the Company’s data gathering and proxy management solutions (the “Services”). The Services can be reached and used via System.

1.3.2. The latest version of Agreement shall be available at https://iproyal.com/terms-of-service/ .

1.4. This Privacy Policy shall be applicable and interpreted in line with Agreement. The definitions set out in the Agreement shall be applicable to this Privacy Policy.

1.5. You can contact the Company using a popup chat box in the System, filling a question box in the System in the “About us” section, as well as by sending an email. For the matters regarding this Privacy Policy, as well as regarding any privacy matter, we recommend contacting the Company via email, by sending Your inquiry to [email protected] .

1.6. The Company shall have the right to unilaterally modify and/or update the Privacy Policy at any time without notice. The continuous use of the Services/System by the Client shall be deemed as acceptance of Privacy Policy in the last and most updated version. Any Client shall periodically check and assess the Privacy Policy. Any update of this Agreement comes in force at the moment it is published at the System.

1.7. The latest version of the Privacy Policy shall be available at https://iproyal.com/privacy/ .

1.8. By agreeing to the Agreement as per the rules set forth in the Agreement, You are automatically agreeing to the Privacy Policy. For the avoidance of doubt, You acknowledge understanding that by using System in any way prior to creating an Account (Clause 2 of the Agreement) or without logging-in to the System (for example, when browsing the Blog section of the System), You are also bound by this Privacy Policy and Your data/information may be collected by the Company automatically.

1.9. If You disagree to be bound by the Privacy Policy in any scope or way, You must not use or must immediately cease Your use of the Services, System or any part of it, as well as its features and functionalities.

1.10. The Company values the trust that You place in the Company when using Services/System. For this reason, privacy and data security are extremely important to the Company. It is very important to the Company that You feel safe when You visit our System and use our Services, as well as in all other business transactions with the Company. As soon as You use Company’s System/Services, You entrust Company with the processing of Your personal data. The Company wants to offer You the best possible experience with the System to ensure that You can enjoy using Services now and in the future. That is why the Company wants to understand user behavior on the System in order to continuously improve it. The processing of Your personal data is therefore not only necessary for the provision of Services, but also to improve user-friendliness. Therefore, in this Privacy Policy You are informed which personal data the Company collects from You, how the Company processes it and to whom the Company passes it on in detail. In addition, the Company informs you about the precautions it takes to protect Your personal data, what rights You have in this context and who You can contact regarding data protection issues.

1.11. In the light of the above, the Company strives to protect Your privacy and obliges to process Your personal data in accordance with the following rules and principles:

1.11.1. Processing shall be performed lawfully, fairly, and in a transparent manner.

1.11.2. Personal data must be adequate and limited to what is necessary in relation to the purpose for which it is processed.

1.11.3. Personal data shall be accurate and, where necessary, kept up to date.

1.12. This Privacy Policy is prepared in accordance with the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (the “PDPL“) and other relevant legal acts, as well as with the best practices and principles of data protection. You can find information on applicable legal acts here: https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws .

1.13. With regard to the terms used in this Privacy Policy, such as “Processing” or “Controller”, we refer to the definitions of the PDPL.

2. Applicability

2.1. This Privacy Policy applies to all persons who use the System/Services or otherwise interact with the Company (e.g. business partners, interested parties, service providers, etc.); generally those persons who are hereinafter referred to as “Client” or “You”.

2.2. Company’s System and Services are not meant for anyone under the legal age. Only people of legal age are allowed to use System, Services and register for an Account. The Company therefore does not knowingly collect personal data from minors. So, if You are under 18 years of age / under legal age under the laws imperatively applicable to You, please do not use the System/Services and do not provide us with any personal data.

2.3. If You are a representative of a legal person, which is a user of the Company’s System/Services, You shall be aware that Your personal data will be collected too in accordance with this Privacy Policy.

2.4. You shall be responsible for making sure You are applicable to use the Company‘s System and/or Services.

3. Controller, its obligations and scope

3.1. For the purposes of applicable data protection law, the Company is typically the “data controller” of any personal information provided to the Company. Very occasionally, the Company might act on specific retainers as a “processor” (by processing personal data only in accordance with the directions of a data controller, or as otherwise permitted by law).

3.2. Privacy Policy shall be applied to the processing of personal data by data controller (the Company) located in the United Arab Emirates processing the personal data of data subjects (You) residing or working within or outside the United Arab Emirates.

3.3. If You have any questions regarding the processing of Your personal data and the exercise of Your rights under the PDPL, You can contact us: [email protected] .

3.4. The Company might require additional identification data from You for certain inquiries (e.g. Passport, ID card, etc.) in order to ensure that Your personal data is only passed on to You.

3.5. The Company, as a data controller (or in some cases – data processor), has the following obligations:

3.5.1. Data transfers. The Company shall not transfer personal data to country or territory outside the United Arab Emirates unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

3.5.1.1. Where adequate level of protection is not ensured, an exemptions shall be made by a) creating adequate protection through appropriate safeguards (for example, by using adequacy decisions, Standard Contractual Clauses), or 2) by getting data subject‘s explicit consent and making sure the transfer does not conflict with the public security interests of the United Arab Emirates.

3.5.2. Data processing records. The Company shall keep data processing records upon its own decision, unless such record keeping is mandatory legal requirement.

3.5.3. Data breach notification. The Company strives to protect Your personal data in the best way possible. However, sometimes data breaches occur and such events can happen for various reasons.

3.5.3.1. In the case of a data breach that would prejudice the privacy, confidentiality and security of the personal data of a data subject, the Company, as a data controller, immediately upon becoming aware of such breach, shall notify the Data Office of such data breach.

3.5.3.2. The required notification shall include details such as: the nature, category, reasons, approximate number and records of the data breach, a description of the likely consequences of the data breach; and a description of the measures and remedial action taken by the controller to address the data breach.

3.5.4. Sensitive personal data protection. As a general rule, the Company does not itself collect or process special categories of personal data, including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or biometric data.

In limited cases described in Section 4.2.2 (Verification data), biometric data (such as facial photograph(s)) may be collected and processed directly by the Company’s identity verification provider, Idenfy UAB, solely for the purpose of verifying a user’s identity.

The Company does not collect or store copies of identity documents or biometric data. The Company receives only the identity verification result and limited verification-related information from the verification provider, which does not include copies of identity documents or biometric identifiers, and processes such information solely for the purposes of verifying a user’s identity and preventing duplicate or abusive identity verification attempts.

3.5.5. Proper agreements between controller and processor. The processor shall perform and implement the processing of personal data based on the instructions of the controller and in accordance with the contracts and agreements entered into between them, which shall specifically set out the scope, subject-matter, purpose and nature of the processing, the type of personal data, and categories of data subjects. The Company, either acting as a controller or the processor, shall make sure beforehand that such agreements are concluded and are proper for planned data processing.

4. Data categories and sources

4.1. The Company may collect personal information from You in the course provision of Services, when You use the System, contact us or request information from us, or as a result of Your relationship with any of our personnel or clients. In certain circumstances, the Company may also collect Your personal data from third parties. This may include the Company’s service providers or other entities with whom the Company collaborates. We may also obtain information about You from publicly available sources (such as online platforms), as well as from third parties that are connected to You or otherwise interact with the Company. Such collection will only take place where it is lawful and relevant for the purposes for which the personal data is processed.

4.2. The personal information that we might process includes:

4.2.1. Contact data. When creating a new user Account or communicating with the Company (for example, by contacting our support team), we may process basic details, such as Your name, date of birth, role/title, employer/s, Your relationship to a person, and Your contact information (such as Your email address, physical address, contact numbers).

4.2.2. Verification data. If an Account or other details are verified, verification data (such as images or scans of identity documents and the identification data contained therein) are processed directly by the Company’s identity verification provider, Idenfy UAB, solely for identity verification purposes.

The Company does not collect or store copies of identity documents or biometric data and receives only the verification result and limited verification-related information, which does not include copies of identity documents or biometric identifiers.

For fraud prevention purposes, the Company may process limited verification-related information, solely to detect and prevent duplicate or abusive identity verification attempts in connection with the identity verification process.

The Company processes identity verification results and limited verification-related information in order to verify identity and to prevent fraud, abuse, and the creation or use of multiple Accounts verified using the same identity document. An identity document may be used to verify only one Account in the System. Where an identity document has already been used to successfully verify another Account, any subsequent verification attempt using the same document will not be approved, and the user will be required to complete identity verification again using a different valid identity document. This processing is carried out on the basis of the Company’s legitimate interests in ensuring platform security and integrity.

In certain cases, such as when You request a change of email address or a reset of two-factor authentication (2FA), the Company may require You to provide additional information to confirm Account ownership. If Your Account has been verified via Idenfy, You may be asked to provide the expiration date of the document used for verification. If Your Account has not been verified, You may be asked to provide Your full name, phone number (if available), details of Your last deposit (including amount and the last four digits of the payment card used), and screenshots demonstrating that Your email account is blocked or inaccessible. This information is processed solely to confirm Account ownership and prevent unauthorized access or fraud and is not used for any other purpose.

4.2.2.1. The Company may require identity or other verification from You in certain situations, and certain Services or features are enabled automatically on verification or other conditions. In particular:

4.2.2.1.1. Residential API. The Residential API will be automatically enabled for a Client when the Client either (a) successfully completes identity verification, or (b) makes deposits totalling USD 200 or more. The Company reserves the right to modify, add, or remove verification requirements for access to the Residential API at its sole discretion. Any such changes shall not automatically revoke access that has already been granted to a Client, unless otherwise required by law, regulation, or risk considerations.

4.2.2.1.2. ISP proxies. ISP proxies are available to all Clients. However, access via ISP proxies to certain high-risk or regulated websites (for example, government domains, banking/payment institution websites and similar sites) may be restricted for Clients who have not completed identity verification. A current non-exhaustive list of domains that are restricted for unverified Clients is maintained by the Company and may be updated from time to time (see here ).

4.2.2.1.3. Wants to get access to all Residential proxies IP pool.

4.2.2.1.4. Wants to access blocked websites on the Residential proxies pool (see here ).

4.2.2.2. The Company may change, add, or remove the requirements and conditions listed in Clause 4.2.2.1 at its sole discretion. You should always make sure whether the Service You are ordering / action You want to make in the System requires verification.

4.2.2.3. The Company is using third party service provider for identity verification Idenfy. More information about tool is available here: https://www.idenfy.com/identity-verification-service/ , information about Idenfy’s Privacy Policy is available here: https://www.idenfy.com/privacy-policy/ .

4.2.2.4. Consequences of non-verification. If You do not complete the required identity verification, certain Services, features, or functionalities may remain unavailable. In such cases, the Company will be unable to provide the full range of its Services. You should therefore be aware that access to some parts of the Services or System is conditional upon successful verification.

4.2.3. Order data. In the context of ordering Services, we might process information relating to the matter on which You are seeking our Services.

4.2.4. Financial data. In the context of ordering Services and accepting payments, as well as making refunds or processing withdrawals in relation to the Referral program (or any other applicable program/offer) we might process, for example: bank details (IBAN, BIC), information about the payment service provider, payment details, transaction-ID, etc.

4.2.5. Log data. During activities on the System (website) and while using Services, we might process, for example: IP-address, Your location, location data, traffic data, transaction data (like deposit, payment, refund withdrawal address), computer or mobile device information, frequency, time, length of visit and other page-related interaction data, operating system, browser type, device type, unique device identification number, identification cookies, optionally form data, crash reports, performance data, third-party cookies, etc.

At all times when using System / Services, we collect and process the following log data:

4.2.5.1. IP address of first or the last login.

4.2.5.2. Account credentials and other information as per Clause 2 of the Agreement, including date and time of Account creation, as well as log-in date and time.

4.2.5.3. Information collected by cookies and Google Analytics (see Clause 12), for example: browser type, the web pages You visited, and time spent on them, access time and dates, unique device identification number, referral source (e.g., referral link/banner), other. The mentioned data in this Clause might be collected without assigning it to the specific user. While Google Ads and Google Analytics may provide Us with certain demographic information, such as age range and gender, to help Us optimize Our advertising campaigns, We do not directly collect or store this information about You. We respect Your privacy and are committed to using Your data responsibly.

4.2.5.3.1. Referral Attribution. We may also store separate cookies specifically for identifying Your referral source for a limited period (60 days) when You click on a referral link/banner and visit our System, provided that You accept marketing cookies. This information helps Us reward the appropriate referrer for any resulting subscriptions You make. We are committed to using this information responsibly and ensuring it is only used for the purpose of accurately crediting referrers.

4.2.6. Company details. If You use a Services /enter into commercial agreement with the Company as a legal entity, we might process, for example: commercial register reports, data of or concerning beneficial owners, records or additional information about recent, past or planned business activities, other data required to determine / validate the structure, the beneficial ownership or any power of attorney from the company, etc.

4.2.7. Marketing data. If You visit System or our social media sites, we might process statistical and marketing data, for example: number of visitors, frequency, clicks, time, places, target groups, data from cookies and similar technologies (pixels, ClearGIFs, etc.), consumer’s behavior, interests and preferences, data on market research and target group surveys, etc.

4.2.8. Photo, video and audio data. When we attend or organize events or fairs or conduct interviews with people, or You visit our offices or our meetings and events, we may take photos and other recordings of such events and process photo, video and audio data, as well as data on time, location, participant list, etc. However, we will always inform You separately about any such recordings by photographic or video images and/or audio recordings.

4.2.9. Hiring data. If You apply for a job on our System, social media (for example, via LinkedIn), we may process data that is necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, national identity documents such as passport and the data from all of these documents, links to Your portfolio or social media platforms, etc.

In certain cases, the Company may conduct background and qualification verification procedures to confirm the accuracy of the information provided, assess professional suitability, and comply with information security or client requirements. Such verification may include contacting previous employers or clients, collecting references, or using third-party providers. Such verification will be carried out in accordance with applicable data protection laws.

4.2.10. Review invitation data. After You use our Services, we may process limited personal data in order to invite You to provide feedback or leave a review on independent review platforms (e.g., Trustpilot). This data may include Your name and email address. The purpose of this processing is to collect genuine customer feedback and improve the quality of our Services. Review invitation data is transmitted securely through workflow automation tools (e.g., Zapier). Review invitations are not marketing communications. They are limited to customers who have used our Services and are intended solely to request genuine feedback about service quality.

5. Purpose and legal basis

5.1. All processing is carried out in accordance with the PDPL. We process Your personal data based on at least one of the legal bases mentioned below. If the Company requests the provision of other personal data not described above, this data as well as the purpose and legal basis for the collection and processing will be communicated to the Client at the point of collecting the personal data.

5.1.1. Performance of the contractual obligations under the Agreement. A controller (the Company) / processor may process personal data without the consent of the data subject (You) to which the data relates where processing is necessary for the performance of a contract (the Agreement) to which the data subject is party or in order to take steps at the request of the data subject for entering into, amending or terminating a contract.

5.1.2. Consent. We may ask You to provide Your freely given, specific, informed and unambiguous consent if the data subject’s (Yours) consent is relied upon as a lawful basis for the processing of Your personal data. For example, we may ask You to express consent prior to using the System before the Agreement is concluded or when You are using the System without logging-in, as well as before collecting / processing any other personal data not described in this Privacy Policy.

If You have given us Your consent to the processing of Your personal data, the processing will only occur for the defined purposes and to the extent agreed in the declaration of consent.

A given consent can be revoked at any time without giving reasons with effect for the future if You no longer agree to the processing.

With Your consent, we process data for the following purposes, for example:

Browser notifications (web push). When You access Your account, You may be invited to allow browser notifications. If You choose “Allow,” we may send service updates and occasional offers via Your browser. Browser notifications are sent only with Your consent, which You can withdraw at any time in Your browser settings. This feature is separate from email. You may still receive emails based on contract or our legitimate interests.
Website analysis and tracking for advertising purposes (including but not limited to tracking referral sources) (see also our Cookie Policy Clause 12).
Certain uses of audio, video, and photo data (e.g., commercials, interviews, etc.) for marketing and other representing purposes through various channels.

Revoking Your consent does not affect the legality of the processing carried out based on Your consent up to the point of withdrawal.

5.1.3. Compliance with legal obligations. Processing of personal data may also be necessary to abide by various legal obligations. Such legal obligations include, for example, the following data processing operations: contract management, accounting, and invoicing, monitoring to prevent fraud, misuse, money laundering, and terrorist financing, providing information to criminal authorities in the context of fiscal criminal proceedings or prosecution to official orders, assessing the working capacity of the employee or the provision of health/social care, etc.

5.1.4. Protection of legitimate interests. Where necessary, data processing can occur beyond the performance of the contract to ensure the legitimate interests of the Company or a third party. Such a legitimate interest includes the following data processing operations:

Prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing.
Identification and examination of potentially incorrect or suspicious business cases and access to our websites (e.g. website analysis via Sift Science).
Data transfer within the Company for internal administrative purposes.
Account management and processing of general Client requests and inquiries.
Measures to protect our customers and partners as well as to ensure network and information security; also measures to protect our employees and property, including external data centers and service providers.
Market research, business management and further development of services and products.
Processing of statistical data, performance data and market research data via the website, the app or social media platforms (e.g. Facebook, LinkedIn, YouTube etc.).
Processing of customer preferences (e.g. language, region) via cookies on our website.
Implementation of marketing and communication initiatives, including newsletters, updates, offers, and Services information.
Collection of customer feedback through invitations to leave reviews on independent review platforms (e.g. Trustpilot) and use of workflow automation tools (e.g. Zapier) to facilitate such invitations. For the avoidance of doubt, review invitations are not sent for marketing purposes but solely for service quality.

5.2. Marketing communications. We may use the contact information You provide (email) and, where You have enabled browser notifications, Your push subscription, to inform You about our Services, updates, special offers, and surveys. We may send You such communications based on Your consent or, where applicable, on our legitimate interests to inform You about our Services and closely related offerings.

You can opt out of marketing communications at any time by using the “Unsubscribe” link in our emails or by contacting us at [email protected] . Opting out of marketing will not affect Your receipt of important service-related communications.

You can also adjust subscription settings in Your account, where You can select or deselect specific categories of newsletters (e.g., Marketing emails, Service status emails, or Order information emails).

You can disable browser notifications at any time in Your browser settings.

5.3. The Company may also process personal data without the consent of the data subject to which the data relates where the data has been made public by the data subject (Article 4 of the PDPL).

Social media presence and other communication

6.1. The Company maintains social media presences on various platforms (see below) in order to communicate with its active customers, potential customers and interested social media users about Company’s services, products and other news. When accessing such social media platforms, the general terms and conditions and the privacy policies of these operators also apply. We would like to point out that user data can also be processed outside of the United Arab Emirates or the region/location You are in. This can result in risks for users due to different legal frameworks (e.g. the enforcement of data subject rights could be made more difficult).

6.2. As part of the technical process of various social media platforms (e.g. Google, Facebook, Twitter etc.), when You click on a content or a website You are visiting, they find out whether You are logged into Your social media account at the same time. This information is collected by social media platforms and assigned to Your social media accounts, regardless of whether You click on the content of this platform or not. By logging out of Your accounts, You can prevent these companies from associating the collected information with Your accounts.

6.3. The activities of these companies are not controlled by the Company and therefore we do not accept any liability for any damage You may suffer because of the use of Your data by these companies.

6.4. The Company may only process personal data from social media users if they communicate directly with the Company via such platforms (e.g. visitors number, posted articles, likes, direct messages, customer inquiries, comments, etc.). In these cases, the Company is also responsible for processing the personal data collected thereby. In addition to data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it - the data processing takes place exclusively in the area of responsibility of the other providers.

6.5. For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights to data processing by other providers, we point out that these can be asserted with the providers listed below. Only the providers have access to the data of the users and can directly take appropriate measures and provide information.

6.6. The Company uses the following social media accounts in order to engage with You and other third parties:

6.6.1. Discord account – accessible using this link: https://discord.com/invite/asDe2Wb7Af . More information about data collected by Discord and Your preferences is available here: https://discord.com/privacy .

6.6.2. Twitter account – accessible using this link: https://twitter.com/IPRoyal_proxies . More information about data collected by Twitter and Your preferences is available here: https://help.twitter.com/en/rules-and-policies .

6.6.3. Facebook account – accessible using this link: https://www.facebook.com/IProyal . We use Page Insights function to process statistical data from users on Facebook ( https://www.facebook.com/legal/terms/page_controller_addendum ). More information about data collected by Facebook and Your preferences is available here: https://www.facebook.com/privacy/center/ .

6.6.4. LinkedIn account - accessible using this link: https://www.linkedin.com/company/iproyal . More information about data collected by LinkedIn and Your preferences is available here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy .

6.6.5. YouTube account – accessible using this link: https://www.youtube.com/@IPRoyalOfficial . More information about data collected by YouTube and Your preferences is available here: https://policies.google.com/privacy?hl=en .

6.7. The above indicated list is non-finite and the Company is entitled to change/add social media accounts. The latest and up-to-date list of Company’s social media accounts is always available through the social media icons displayed on our website.

6.8. You should always make sure that the social media account is Company’s before submitting or revealing any personal information of Yours while engaging in any social media communication (for example, exchanging messages or leaving a comment).

6.9. You should be aware that SMS / messaging and email services are susceptible to spoofing and phishing attacks and should be careful when reviewing messages that claim to be from the Company. You should always log into Your Account via https://iproyal.com/ , use communication tools in the System or contact us via email by sending an inquiry to the address [email protected] . If You are unsure about the authenticity of a communication or notice. Note that phishing attacks often occur despite SMS or email or equivalent services, via search engines or advertisements in search engines or other fraudulent links. The Company takes no responsibility for any loss due to spoofing, phishing, or other equivalent attacks.

7. Your Rights

7.1. You shall be entitled to the following rights:

7.1.1. Right to Object / Communication Preferences

You have the right at any time to stop receiving marketing or other communication materials from us. You can manage Your communication preferences by:

disabling browser notifications via Your browser’s notification or permission settings (You can revoke permission for iproyal.com and stop receiving push notifications immediately);
adjusting Your subscription settings in Your account, where You can select or deselect specific categories of newsletters (e.g., Marketing emails, Service status emails, or Order information emails);
using the “Unsubscribe” link provided in any email from the Company; or
contacting us directly at [email protected] .

If You withdraw Your consent or object to receiving marketing communications, we will stop sending you those communications. This will not affect the lawfulness of any processing carried out before your withdrawal or objection. Please note that opting out may limit Your access to optional updates about new features and offers.

This does not apply to messages necessary to provide Services (e.g., account, billing, or security-related notices).

7.1.2. Right prior to the start of processing activities, to get information on the purpose of the processing, sectors or entities inside or outside the United Arab Emirates with whom Your personal data will be shared, the appropriate safeguards used by the Company in the context of cross-border processing.

7.1.3. Right to obtain additional information upon request, including:

7.1.3.1. confirmation whether we are processing personal data related to You.

7.1.3.2. the types of personal data of the data subject being processed;

7.1.3.3. the decisions taken on the basis of automated processing;

7.1.3.4. the rules and criteria of the periods for which the personal data will be stored and kept; and

7.1.3.5. the measures to be taken upon the occurrence of a data breach.

7.1.4. Right to rectification. You are entitled to obtain the rectification of inaccurate personal data concerning You, and to have incomplete personal data completed.

7.1.5. Right to erasure. You are entitled to request the Company to delete Your personal information if:

7.1.5.1. The personal data is no longer necessary in relation to the purposes for which it was collected or processed; and/or

7.1.5.2. You withdraw Your consent or express objection to processing and there are no legitimate grounds for the Company to continue the processing.

7.1.5.3. The personal data have been illegally processed.

7.1.5.4. The deletion of personal data is necessary to fulfill a legal obligation under law to which the Company is a subject.

7.1.6. Right to receive a copy and have Your personal data transmitted to another controller, if technically feasible. You shall have the right to receive the personal data concerning You that You have provided to us in a structured, commonly used and machine-readable format where the processing is based on Your consent, or is necessary to fulfill a contractual obligation and implemented by automated means. You also shall have the right to have this data transmitted directly to another controller named by You, insofar as this is technically feasible and the rights and freedoms of others are not impaired. The right to data portability can only be exercised if the processing is based either on Your consent or on a (pre)contractual necessity and where the processing is automated. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.1.7. The Company does not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on You. We may use limited automated processes to support the operation, maintenance, security, and integrity of our Services and System (for example, classifying whether an email domain is personal or business). These processes do not produce legal or similarly significant effects on You.

Additionally, You have the right to object to the processing of Your personal data at any time if the processing is based on Your legitimate interests. If You object to the processing, we will no longer process Your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh Your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection does not affect the legality of the processing of Your personal data based on legitimate interests carried out prior to the objection.

7.1.8. Right to restriction of processing. You shall have the right to request that we restrict processing if one of the following conditions is met:

7.1.8.1. You dispute the accuracy of the personal data (the restriction applies for a period of time that enables the Company to verify the accuracy of the personal data).

7.1.8.2. The processing of Your personal data was unlawful, and You refuse to delete Your personal data and instead request that its use is to be restricted.

7.1.8.3. The Company no longer needs your personal data for processing purposes, but You need them to assert, exercise or defend legal claims.

7.1.8.4. You have objected to the processing of Your personal data, and it has not yet been determined whether the Company’s legitimate grounds outweigh Your own.

7.1.9. Right to lodge a complaint with the Data Office. The United Arab Emirates Data Office acts as the federal data regulator in the United Arab Emirates. The authority was established under United Arab Emirates Federal Decree Law No. 44 of 2021 on the establishment of the UAE Data Office. More information and contact information is available at https://ai.gov.ae/personal-data-protection-law/ .

7.1.10. Right to contact. To exercise any of the above rights, You can send an email to [email protected] or a letter to IPRoyal Services FZE LLC, Business Club -BLB-BC5-641 (5th floor), AMC - BOULEVARD-B Building, Ajman Media City, Ajman, United Arab Emirates. Please note that for such inquiries we need further identification data from You (e.g. Passport, ID card, etc.) in order to ensure that Your personal data is only passed on to You. We shall respond to Your inquiry within 30 days from the day of receiving it (with the possibility of two 30-day extensions).

7.2. In all cases we encourage You to contact us directly. We at the Company believe that best decisions can be made by mutual agreement and effort.

7.3. As a general principle of the Company, we process personal data only for the purposes for which they were collected. In exceptional cases, however, we may process Your personal data that we have collected for another purpose. In this case, before the intended processing, we will inform You of this purpose, the duration of the storage of Your personal data, the exercise of data subject rights, the possibility of revoking consent, the existence of a right to complain to the data protection authority, whether the provision of the data was necessary on legal or contractual grounds and possible consequences of non-provision and whether automated decision-making or profiling is carried out.

8. Data security

8.1. The security of data is very important to us and we are committed to protecting the data we collect. We maintain comprehensive administrative, technical and physical measures to protect Your personal data from accidental, unlawful or unauthorized destruction, loss, modification, access, disclosure or use. These measures correspond to the highest international safety standards and are regularly checked for their effectiveness and suitability for achieving the desired safety requirements.

8.2. We have implemented the following technical, physical and organizational measures:

8.2.1. Ensuring compliance with applicable data protection laws.

8.2.2. SSL encryption on our System from which we transfer personal data.

8.2.3. Two-factor authentication (2FA) for System.

8.2.4. Ensuring the confidentiality, integrity, availability and resilience of our System and Services.

8.2.5. Use of encrypted systems.

8.2.6. Pseudonymization and anonymization of personal data.

8.2.7. Entry, access and transfer control for our offices and systems.

8.2.8. Measures of quick restoring of the personal data availability in the event of a physical or technical incident.

8.2.9. Measures for privacy by design and default on our platform such as preventing user enumeration.

8.2.10. Implementation of procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures, including periodic updates to our technology stack and responses to reported vulnerabilities.

8.2.11. Internal IT security practices and monitoring, internal communication and fast response approach.

8.2.12. Incident-response management.

8.3. While using System/Services, the Clients are recommended to use two-factor authentication (2FA) for the Account.

8.4. Your personal data may be accessed, transferred and / or stored by employees or suppliers at a destination outside the country in which You are located, whose data protection laws may be of a lower standard than those in the United Arab Emirates. However, we will in all circumstances protect personal data in accordance with this Privacy Policy.

8.5. Whenever personal data is transferred internationally (including, where applicable, to countries outside the European Economic Area (“EEA”) and the United Kingdom), including through third-party service providers, the Company ensures that appropriate safeguards are in place to protect the personal data and the rights and freedoms of individuals. Depending on the circumstances and applicable law, these safeguards may include: (i) a determination that the destination jurisdiction ensures an adequate level of protection (for example, an adequacy decision where available); (ii) contractual safeguards, such as standard contractual clauses or equivalent contractual measures approved or recognized by the relevant authority; and/or (iii) internal policies and procedures, technical and organizational security measures, and other supplementary measures where required.

Where applicable, transfers may also rely on statutory derogations or other lawful transfer mechanisms permitted by applicable law. You may contact the Company for further information about the safeguards used for specific international transfers.

9. Recipients of personal data

9.1. The Company shall only transmit Your personal data to the extent described below or as part of an instruction at the time the data was collected from You. In addition, personal data that we collect about You will not be sold by us or otherwise passed on to third parties.

9.2. Within the Company, those departments or employees will receive Your personal data who need it to fulfill contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our day-to-day business operations such as account management and other processes You have requested, as well as for the efficient performance of internal administrative activities in a joint manner and for the maintenance and improvement of our products and services.

9.3. To a limited extent, we also may transfer personal data to processors who provide services for us such as video authentication services, IT services, legal services, customer support, improvement of our website, performance of contracts, account management, accounting, invoicing, application management, marketing services and sending marketing material. Processors may only use or pass on this data insofar as this is necessary to provide services for us or to comply with legal regulations. We contractually obliged these processors to guarantee the confidentiality and security of Your personal data that they process on our behalf.

9.3.1. Main service providers contracted by the Company that may process Your data:

Live chat and support service platform, e.g., Intercom (provided by Intercom, Inc.).

Marketing, application analytics and diagnostics, e.g., Facebook (provided by Meta Platforms, Inc.), Google (provided by Google), Impact (provided by Impact Tech, Inc.), Iterable (provided by Iterable, Inc.), Salesforce (provided by Salesforce, Inc.), LinkedIn (provided by Linkedin Corporation), X (provided by X Corporation), Baidu (provided by Baidu, Inc.), Microsoft Clarity (provided by Microsoft Corporation), Hotjar (provided by Hotjar, Ltd.), Quora (provided by Quora, Inc.), Cookiebot (provided by Usercentrics, A/S).

Payment processing / management providers, e.g. Bitlocus (provided by Bitlocus LT, UAB), , CoinGate (provided by Decentralized, UAB), SpectroCoin (provided by Spectro Finance Limited), Paddle (provided by Paddle.com Market Ltd.), Stripe (provided by Stripe, Inc.), AliPay (provided by Airwallex (Hong Kong) Limited).

Customer feedback (review) collection and review management workflow automation, e.g., Trustpilot (provided by Trustpilot A/S), Zapier (provided by Zapier Inc.).

Others, e.g. iDenfy (provided by iDenfy, UAB), Twillio (provided by Twillio, Inc.), hCaptcha (provided by Intuition Machines, Inc.), Sprinto (provided by Sprinto, Inc).

This list is subject to periodic review and may be updated accordingly.

9.4. We may also transfer Your personal data (i) if we are required to do so by law or during legal proceedings, (ii) if we believe that disclosure is necessary to avoid damage or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.

9.5. If the Company acts together with other parties as joint controller (e.g. processing of data for jointly defined purposes within a group of associated entities), we may provide those parties with personal data if applicable and based on at least one of the legal bases mentioned above under Clause 5. In case of a joint controllership, we transfer Your personal data only based on a sufficient agreement with our partners.

9.6. The Company may transmit Your personal data to another person at the request of the person concerned with Your consent for the transfer or for the purpose of fulfilling the contract or in order to take steps at the request of the data subject prior to entering into a contract.

10. Retention period

10.1. Unless otherwise indicated in the notice / consent form, the Company shall keep Your personal information only for as long as necessary to:

10.1.1. To provide You with the Services You have ordered and to ensure proper use of System/Account;

10.1.2. To comply with laws, including mandatory data collection periods.

10.1.3. To support a claim or defense in court or to act in other judicial proceedings.

10.1.4. To pursue the Company’s legitimate interests, as described in Clause 5.1.4, provided that such processing does not override Your rights and freedoms.

10.2. In all cases the log data (Clause 4.2.5.) shall be saved for at least 6 months from the moment such data was collected. Log data is kept by the Company after the Account is terminated or suspended for the same period starting from the termination or suspension moment. The Company shall be entitled to keep this data for a longer period if it is necessary for a legitimate purpose.

10.3. In all cases Account data as per Clause 2 of the Agreement, including identification data (if applicable) shall be saved for the whole duration of You being the Client, and for at least 6 month period from the day the Account was terminated.

11. Privacy notice to Clients residing in European Union and California

11.1. If You are a resident of European Union (“EU”), please note that:

11.1.1. We are striving to ensure Your rights under The European Union’s General Data Protection Regulation (“GDPR”). You can find more information on GDPR and Your rights here: https://gdpr.eu/ .

11.1.2. You are entitled to rights under GDPR, as Article 3.2. of GDPR states that the GDPR applies to organizations that are not in the EU if two conditions are met: the organization offers goods or services to people in the EU, or the organization monitors their online behavior. If You are using System/Services, such a situation falls into the scope of mentioned Article 3.2. of GDPR.

11.1.3. The obligations of the Company may be limited due to the exceptions indicated in the GDPR (like number of employees in the Company).

11.1.4. You can contact the Company in case You have any questions or concerns related to this Privacy Policy or GDPR.

11.1.4.1. Please contact us via email, by sending Your inquiry to us at [email protected] .

11.1.4.2. Please contact us via mail, by sending us Your letter to IPRoyal Services FZE LLC, Business Club -BLB-BC5-641 (5th floor), AMC - BOULEVARD-B Building, Ajman Media City, Ajman, United Arab Emirates.

11.1.5. International transfers of personal data

If and when personal data of EU/EEA residents is transferred to a country outside the European Union (EU) or the European Economic Area (EEA), such transfer constitutes an international transfer to a “third country” under the GDPR and must comply with Chapter V of the GDPR. We only carry out such transfers where both a lawful basis for processing exists (for example, the performance of a contract, Your consent, a legal obligation, or our legitimate interests) and the GDPR conditions for lawful international transfers are met.

This means, for example, that a transfer is carried out on the basis of:

an adequacy decision of the European Commission (where applicable), or
appropriate safeguards such as compliance with a code of conduct or a certification mechanism, binding corporate rules, or Standard Contractual Clauses adopted by the Commission, together with supplementary technical and organizational measures where required, or
one of the specific derogations provided for in Art. 49 GDPR (such as Your explicit consent or where necessary for the performance of a contract with You).

In all cases, we take steps to ensure appropriate safeguards for the rights and freedoms of data subjects in relation to the processing and transfer of personal data.

11.2. If You are a resident of California, please note that:

11.2.1. To the extent of the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations issued by the California Attorney General, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), apply to our processing activities, we respect and enable Your rights under the CCPA.

11.2.2. Where the CCPA applies, You may be entitled to the following rights (subject to certain exceptions):

11.2.2.1. The right to know what personal information is being collected.

11.2.2.2. The right to know whether the personal information is sold or disclosed, and to whom such information is sold or disclosed.

11.2.2.3. The right to say “no” to the sale of personal information.

11.2.2.4. The right to delete.

11.2.2.5. The right to access personal information; and

11.2.2.6. The right to equal service and price;

11.2.2.7. The right to correct inaccurate personal information that a business has about them;

11.2.2.8. The right to limit the use and disclosure of sensitive personal information collected about them;

11.2.3. Upon receipt of a verifiable consumer request (where applicable), the Company shall provide information about the personal information collected, used, or disclosed about You during the preceding 12 months, including:

11.2.3.1. the categories of personal information collected;

11.2.3.2. the categories of sources from which personal information was collected;

11.2.3.3. the business or commercial purposes for collecting, disclosing, or selling personal information;

11.2.3.4. the categories of third parties with whom personal information is shared;

11.2.3.5. the specific pieces of personal information that the Company collected about You;

11.2.3.6. A copy of the personal information the Company holds about You, if requested.

11.2.4. In addition to above, the Company warrants that NO PERSONAL INFORMATION OF YOURS IS BEING SOLD IN ANY WAY BY THE COMPANY. Therefore, the Company does not provide a “Do not sell my personal information” box in the System.

11.2.5. You can contact us in case You have any questions or concerns related to this Privacy Policy or CCPA.

11.2.5.1. Please contact us via email, by sending Your inquiry to us at [email protected] .

11.2.5.2. Please contact us via mail, by sending us Your letter to IPRoyal Services FZE LLC, Business Club -BLB-BC5-641 (5th floor), AMC - BOULEVARD-B Building, Ajman Media City, Ajman, United Arab Emirates.

11.2.5.3. Additionally, You can contact us by using a popup chat box in the System ( https://iproyal.com/ ), filling a question box in the System in the “About us” section.

11.2.6. The Company shall provide the answer to Your inquiry within terms indicated in this Policy, but in all cases no later than within 45 days of the verifiable request (with the possibility of one 45-day extension).

11.2.7. The following is a list of the categories of personal information that the Company collected about the California residents for a business purpose within the last twelve months. NO COLLECTED DATA WAS SOLD.

11.2.7.1. Account data as per Clause 2 of the Agreement: (i) personal information of the Client / its representative; (ii) name of the company, if the Client is a legal entity; (iii) valid email address; (iv) valid phone number; (v) country of the residence; (vi) unique password, created by the Client; (vii) requirements for the Service (expected number of IPs a month, type of purchase, etc.). (viii) a confirmation that the Client agrees to the Agreement and Privacy Policy of the Company; (ix) A confirmation that the Client / its representative is a natural person.

11.2.7.2. Log data as per Clause 4.2.5., i.e.: (i) IP-address, Your location, location data, traffic data, transaction data (like deposit, payment, refund withdrawal address), computer or mobile device information, frequency, time, length of visit and other page interaction data, operating system, browser type, device type, unique device identification number, identification cookies, optionally form data, crash reports, performance data, third-party cookies, etc.; (ii) at all times when using System / Services, we collect and process the following log data: IP address of first or the last login; account credentials and other information as per Clause 2 of the Agreement, including date and time of Account creation, as well as log-in date and time; information collected by cookies and Google Analytics ((see Clause 12), for example: browser type, the web pages You visited, and time spent on them, access time and dates, unique device identification number, other. The mentioned data in this Clause might be collected without assigning it to the specific user.

11.2.7.3. Other information You may choose to insert in Your billing information.