Privacy Policy
Last updated: March 18, 2026
1. Introduction
RarxConnect ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DDoS protection proxy service for FiveM servers ("Service"). This policy applies to all users of our website (rarxconnect.com) and related services. By using the Service, you consent to the data practices described in this policy. RarxConnect is operated from Spain and complies with the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.
2. Data We Collect
We collect the following categories of personal data: Account Information: When you create an account, we collect your name, email address, and password (stored in hashed form). If you register via Discord OAuth, we receive your Discord user ID, username, and avatar. Payment Information: When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed directly by Stripe. We do not store full card numbers on our servers — only a Stripe customer ID and the last four digits of your card for display purposes. Server Configuration Data: The IP addresses and port numbers of your FiveM game servers, your chosen subdomain, and proxy configuration preferences. Usage & Traffic Data: Anonymized connection metrics, bandwidth usage, attack event logs, and proxy performance data associated with your account. Technical Data: IP address, browser type, operating system, and device information collected automatically when you visit our website. Communication Data: Any messages or information you send to us via email, Discord, or our contact form.
3. How We Use Your Data
We use your personal data for the following purposes: Service Delivery: To provision and manage your proxy, process connections, and provide DDoS protection. Account Management: To create and maintain your account, authenticate your identity, and manage billing. Payment Processing: To process subscription payments, issue invoices, and handle refunds through Stripe. Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the performance and reliability of our infrastructure. Communication: To send you service-related notifications (account alerts, attack notifications, maintenance schedules), respond to your support requests, and — only with your consent — send marketing communications. Security: To detect, prevent, and respond to fraud, abuse, and security incidents. Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Cookies & Tracking
We use the following types of cookies: Essential Cookies: Required for the Service to function. These include session cookies for authentication and CSRF protection tokens. You cannot opt out of essential cookies. Analytical Cookies: We may use privacy-respecting analytics (no third-party tracking scripts like Google Analytics) to understand how visitors use our website. These cookies do not track you across other websites. We do not use third-party advertising cookies or sell your data to advertisers. You can manage cookie preferences through your browser settings.
5. Third-Party Services
We share data with the following third-party service providers, each with their own privacy policies: Stripe (stripe.com): Processes all payments. Stripe receives your payment card details, billing address, and email. Stripe is PCI-DSS Level 1 compliant. See Stripe's privacy policy at stripe.com/privacy. Cloudflare (cloudflare.com): Provides DNS and CDN services for our website. Cloudflare may process your IP address and request metadata. See Cloudflare's privacy policy at cloudflare.com/privacypolicy. Discord (discord.com): If you choose to authenticate via Discord or join our community server, Discord processes your user data according to their privacy policy at discord.com/privacy. OVH (ovhcloud.com): Our proxy infrastructure is hosted on OVH dedicated servers. OVH provides the physical infrastructure and DDoS mitigation hardware. OVH may process network traffic metadata for mitigation purposes. We do not sell, rent, or trade your personal data to any third party for marketing purposes.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy: Account Data: Retained for the lifetime of your account and for 30 days after account deletion to allow for recovery. Payment Records: Retained for 7 years after the transaction date to comply with Spanish tax and accounting regulations. Traffic & Connection Logs: Anonymized traffic statistics are retained for up to 12 months. Raw connection logs are deleted after 30 days. Attack Logs: Records of DDoS attacks against your proxy are retained for up to 12 months. When data is no longer needed, it is securely deleted or anonymized.
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights: Right of Access: You may request a copy of the personal data we hold about you. Right to Rectification: You may request that we correct inaccurate or incomplete personal data. Right to Erasure: You may request that we delete your personal data, subject to legal retention obligations. Right to Restrict Processing: You may request that we limit how we process your data in certain circumstances. Right to Data Portability: You may request a machine-readable copy of your personal data to transfer to another service. Right to Object: You may object to our processing of your personal data for certain purposes, including direct marketing. Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, aepd.es).
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including: - Encryption of data in transit (TLS 1.3) and at rest - Hashed and salted passwords (bcrypt) - Regular security audits and vulnerability assessments - Access controls limiting data access to authorized personnel only - Secure hosting infrastructure with DDoS protection While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your data is primarily processed and stored within the European Economic Area (EEA) on servers located in France and Spain. Where data is transferred outside the EEA (e.g., to Stripe's US-based infrastructure), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the service provider's certification under an approved framework.
10. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a minor, please contact us at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or a prominent banner on the Service. We encourage you to review this Privacy Policy periodically.
12. Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: Email: [email protected] Discord: discord.gg/rarxconnect Address: RarxConnect, Spain For GDPR-specific inquiries, you may also contact the Spanish Data Protection Agency (AEPD) at aepd.es.