WonderProxy and Your Data
Using a Proxy Server
To understand the data you share when you use one of our proxy servers, let’s look at a user journey. Our user, Morgan, loads https://www.google.com/doodles through our proxy in London UK. Here’s what happens next.
- Morgan's browser makes a request to our London server to relay a request for a secure page hosted at www.google.com. Morgan's browser either accepts Morgan's username and password, or Morgan's IP address is already whitelisted.
The server passes the request to www.google.com, receives a response, and relays the response back to Morgan.
- At this point, our server records several pieces of information:
- The time
- The size of the request and response in bytes
- Morgan's IP address
- Morgan's username
- The port on the proxy server used
- The HTTP response code
- The domain
- The IP address of the server
- A couple of notes on the level of detail our server sees here. If the request is made to an HTTPS page, our server only ever sees the domain of the request. If the request is made to an HTTP page, our server sees and records the entire URL, MIME Type, and HTTP method (GET/POST/HEAD etc).
- Every hour our server in London uploads its logs to Amazon S3 via HTTPS, to the Canada Central Region for processing. Data in Amazon S3 is encrypted at rest using AES-256.
- Every hour our website uses Amazon Athena to summarize the number of bytes every user has transferred through every server that day. This summary data is pulled via HTTPS by our website infrastructure. Note this is just the username, server, and bytes transferred. E.g. 2020-03-03 01:00:00 UTC, Morgan, 53370 bytes, London Server.
- 43 hours after the request is made the London server deletes that access log.
- 183 days (6 months) after the request is made the access logs are deleted from Amazon S3.
- The summary usage information is retained indefinitely on our website infrastructure. To understand why, see the How We Use Your Data section below.
During a major server outage, processing and deletion may be delayed slightly.
The Legal Jurisdictions Involved
Several legal jurisdictions are in play when you use one of our proxy servers:
- The jurisdiction containing the proxy server. In our example it’s London, UK.
- Montreal, Quebec, Canada – for our data in Amazon S3.
- Toronto, Ontario, Canada, which is where our Webserver is.
WonderProxy is a Canadian corporation, incorporated Federally and registered provincially in Quebec and Ontario.
Note that this list is not necessarily complete. For all steps it’s possible the company providing a service (e.g. Amazon) maintains sufficient presence in other jurisdictions to have a vulnerability there too. For an example, see Microsoft vs United States
How We Use Your Data
We use the data we collect for three main purposes:
For billing purposes. We record how much traffic is used and through which servers to bill customers accurately.
To help users see their own usage, whether it’s in summary form for usage monitoring, or in detail so they can diagnose a problem. Only WonderProxy staff with a specific need have access to full access logs. Aggregate data about accounts (e.g. Morgan used 525MB last month) is available to all WonderProxy staff who handle support.
We look at data in aggregate for two purposes. Reporting - for example, how many bytes were transferred by all users yesterday? Planning - for example, how much traffic do we need to buy in Peru next year?
Only staff with a specific need have access to full access logs. Aggregate data about accounts (e.g. Morgan used 525MB last month) is available to all staff who handle support.
Deleting Your Account
If after using WonderProxy you wish to delete your account completely, you may. You will need to wait 183 days after your last proxy usage or billing transaction (whichever is later) to complete this request, as we have a legitimate business interest in waiting out credit card chargeback periods and possible abuse complaints.
To delete your account please email firstname.lastname@example.org
At that point:
- Detailed access logs will have already been deleted.
- We replace all user specified account metadata with nonsense, including:
- Email address
- Contract name
- We delete website audit logs (that record adding/removing servers, sending us that support request, etc).
- We delete your records from our billing providers.