Privacy Policy

This Privacy Policy is issued by Soni's World LLC, a New York limited liability company, doing business as ResiFactory ("Soni's World", "ResiFactory", "we", "us", or "our"). It describes how we handle personal information in connection with our website at resifactory.net, our customer dashboard, our network and infrastructure services, and our customer support channels (collectively, the "Service").

The Service provides network infrastructure, including residential, mobile, and ISP proxies and dedicated servers, on a pay-as-you-go basis. This policy applies to information we collect from and about account holders, prospective customers, and visitors to our website.

What This Policy Covers and Does Not Cover

This policy covers personal information that we, as a controller (or, where applicable, business), determine the purposes and means of processing for. It does not cover:

• The content of the traffic you route through our network, or the websites, applications, and services you access using the Service. You control and are responsible for that activity, and you act as the controller of any personal data contained in it. Your responsibilities are described in our Terms of Service and Acceptable Use Policy.
• Third-party services with their own privacy policies, including Discord (login and support) and our payment processors. See Third-Party Services and Links below.

By using the Service, you acknowledge the practices described in this policy. If you do not agree, do not use the Service.

We collect information that you provide, information that is generated automatically as you use the Service, and a limited amount of information from the third parties that authenticate and bill you. We deliberately minimize what we collect and do not ask for more than the Service requires.

Account Data (via Discord Login)

You sign in using Discord OAuth rather than a password you create with us. When you authorize the login, Discord shares a limited set of identifiers with us, which typically includes your Discord user ID, username, avatar, and the email address associated with your Discord account. We use this to create and secure your account and to identify you in support. We do not receive your Discord password.

Billing and Payment Records

All prices are in US Dollars (USD) and the Service is pay-as-you-go: you add funds to an account balance and consume bandwidth or server time against it. Card payments are processed by Stripe and cryptocurrency payments are processed by a third-party crypto payment processor. We do not collect or store full card numbers or crypto wallet credentials; those are handled by the processors. We retain transaction records such as amount, currency, date and time, payment method type, processor transaction or reference identifiers, account balance changes, and (for card payments) limited details returned by Stripe such as the card brand, last four digits, and result. For cryptocurrency payments, we receive only limited confirmation and reference data from the crypto processor, such as the transaction or reference identifier, the amount and currency, and the payment status; we do not receive your wallet credentials.

Service-Usage Data

To operate the Service, meter consumption, and bill accurately, we record:

• Bandwidth consumed, measured in gigabytes (GB), and remaining account balance;
• Proxy generation events (for example, when you create endpoints, sessions, or credentials);
• Domain-level accounting (the destination hosts associated with your traffic, recorded for usage measurement, billing accuracy, and abuse prevention; we do not log the content of your traffic). Destination-host data is used only for these purposes, is retained for a limited period, and is not sold, shared, or used to build marketing or behavioral profiles of you;
• Session metadata and timestamps, including session identifiers, region or targeting selections, session duration, and connection counts;
• Dedicated-server provisioning and lifecycle records (for example, server identifiers, billing period, and start/stop events).

Technical and Log Data

Our systems automatically generate logs for security, fraud prevention, reliability, and abuse handling. These may include the IP address you connect from, a hashed (one-way) form of your IP used for abuse and fraud-prevention matching without retaining the raw address indefinitely, device and browser information such as user agent, request timestamps, authentication and error events, and similar diagnostic data.

Communications

When you contact us through Discord tickets, by email, or otherwise, we retain those communications and their contents, including any information you choose to provide, so that we can respond, keep a record of the request, and improve support.

This section summarizes, for transparency and for purposes of US state privacy laws (including the California Consumer Privacy Act as amended by the CPRA), the categories of personal information we collect, the sources, the purposes, and the categories of recipients. The specific data points within each category are described in Information We Collect above.

Categories Collected

• Identifiers. Discord user ID, username, avatar, and the email address associated with your Discord account; account identifiers we assign.
• Commercial information. Transaction and billing records, top-ups, account balance changes, products and services purchased, and dedicated-server provisioning records.
• Internet or other network activity information. Service-usage and accounting data, bandwidth consumed, proxy generation events, domain-level accounting, session metadata and timestamps, and technical and log data.
• Geolocation data. Coarse, IP-derived location and the region or targeting selections you choose; we do not collect precise device GPS location.
• Payment information (held by processors). Card and cryptocurrency payment details are collected and stored by our payment processors, not by us; we retain only the limited confirmation and reference data described above.
• Customer-communications content. The contents of Discord tickets, emails, and other communications with us.

Sources of Personal Information

• Directly from you (account setup, top-ups, support communications, and your configuration choices);
• Automatically from your use of the Service (usage, accounting, technical, and log data);
• From the third parties that authenticate and bill you (Discord for login identifiers; Stripe and the crypto payment processor for payment confirmation and reference data).

Business and Commercial Purposes

We use these categories for the purposes described in How We Use Your Information, namely providing the Service, metering and billing, fraud, abuse, security, and sanctions compliance, support and communications, operating and improving the Service, and legal and compliance.

Categories of Recipients

We disclose personal information to the categories of recipients described in How We Share Your Information, namely our service providers and processors, our payment processors (Stripe and the crypto payment processor), our identity and support provider (Discord), and, where applicable, legal, safety, and law-enforcement recipients and parties to a business transfer.

Sensitive Personal Information

We do not intentionally collect special categories of data under the GDPR (such as health, racial or ethnic origin, or biometric data). Account login identifiers and similar data may be treated as "sensitive personal information" under certain US state laws. We use such information only for the purposes of providing, securing, and supporting the Service, processing payments, preventing fraud and abuse, and complying with law. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit its use under applicable law (for example, we do not use it to infer characteristics or for cross-context behavioral advertising). Because we do not use sensitive personal information for those purposes, there is no use to limit; you may nonetheless contact us at [email protected] with any related request.

We use the information described above for the following purposes:

• Providing the Service. Creating and authenticating your account, provisioning proxies and dedicated servers, generating endpoints and sessions, and delivering the network functionality you request.
• Metering and billing. Measuring bandwidth in GB and server time, debiting your account balance, processing top-ups through Stripe and the crypto processor, and maintaining accurate transaction and usage records.
• Fraud, abuse, and security. Detecting and preventing fraudulent payments (including chargeback and stolen-payment-instrument abuse), account takeover, credential sharing, and prohibited use; using IP and hashed-IP data and usage patterns to investigate and stop abuse.
• Sanctions and trade compliance. Screening account, billing, and payment data against applicable sanctions, embargo, and export-control lists (including those administered by the US Office of Foreign Assets Control (OFAC)) and declining or restricting service where required by law.
• Support and communications. Responding to Discord tickets and emails, sending service, security, billing, and account-related notices, and notifying you of material changes to our policies.
• Operating and improving the Service. Monitoring performance, capacity, and reliability of our network and infrastructure using first-party, aggregate performance and reliability analytics, diagnosing problems, and improving features.
• Legal and compliance. Complying with applicable law, responding to lawful requests, enforcing our Terms of Service and Acceptable Use Policy, and establishing, exercising, or defending legal claims.

We do not use your information for third-party advertising and we do not engage in behavioral advertising or profiling that produces legal or similarly significant effects about you. Our analytics are first-party and aggregate, used to measure the performance and reliability of our own network; we do not use third-party behavioral or cross-site analytics.

We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, based solely on automated processing within the meaning of Article 22 of the GDPR, except in limited fraud-, abuse-, and sanctions-prevention contexts described below.

To protect the Service and comply with law, we use automated rules and signals to flag potentially fraudulent payments, account abuse, prohibited use, and sanctions or export-control concerns. These checks may, for example, temporarily limit or suspend a transaction or account, or require additional verification, while we investigate. Where such a measure significantly affects you, it is subject to human review, and you may contact us at [email protected] to express your point of view, request an explanation, and ask us to reconsider the outcome. We do not use automated profiling for advertising or to make solely-automated decisions outside of fraud, abuse, security, and legal-compliance purposes.

If you are in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar requirements, we rely on the following legal bases under the EU General Data Protection Regulation (GDPR) and the UK GDPR to process your personal information:

• Performance of a contract. Processing that is necessary to provide the Service you have signed up for, including account creation via Discord, provisioning proxies and servers, metering usage, and billing your account balance.
• Legitimate interests. Processing necessary for our legitimate interests, where these are not overridden by your rights and freedoms. This includes securing the Service, preventing fraud and abuse (including the use of IP and hashed-IP data), maintaining records, ensuring network reliability, and improving the Service.
• Consent. Where we rely on your consent, for example for any non-essential cookies (if introduced) or optional communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Compliance with a legal obligation. Processing necessary to meet our legal, tax, accounting, and regulatory obligations, to screen against applicable sanctions and export-control lists (including OFAC), and to respond to lawful requests from competent authorities.

If you have questions about the legal basis for a particular processing activity, contact us at [email protected].

We use a minimal set of cookies and similar technologies that are strictly necessary to operate the Service. We do not use third-party advertising trackers, cross-site behavioral advertising cookies, third-party behavioral analytics SDKs, or data brokers' tracking pixels.

Essential Cookies

We use essential session and authentication cookies to keep you securely logged in after you authenticate through Discord, to maintain your session, and to protect against cross-site request forgery and similar security risks. The Service will not function correctly without these cookies.

Controlling Cookies

Because our cookies are limited to those required for authentication, session security, and core functionality, we do not present an advertising consent banner. You can control or delete cookies through your browser settings, but disabling essential cookies will prevent you from logging in or using the Service.

Opt-Out Preference Signals

We recognize the Global Privacy Control (GPC) and similar browser-based opt-out preference signals as a valid request to opt out of the sale or sharing of personal information where applicable law requires. Because we do not sell or share personal information for cross-context behavioral advertising, there is nothing for these signals to opt out of, but we honor them where required.

We share personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Service Providers and Processors

We use third-party service providers and processors to operate our network and infrastructure, host systems, send communications, and support fraud prevention and first-party performance analytics. These providers process information only on our documented instructions, under contractual confidentiality and data-protection obligations, and only as needed to perform services for us. They are contractually prohibited from selling the information, from using it for their own purposes, and from using it for cross-context behavioral advertising. We describe these providers generically and do not name our network or infrastructure suppliers.

Payment Processors

Card payments are shared with and processed by Stripe, and cryptocurrency payments are processed by a third-party crypto payment processor, in each case to complete your transaction and add funds to your account balance. These processors handle your payment details under their own privacy policies, and we receive only limited confirmation and reference data, not full payment credentials.

Identity and Support Provider

Login and primary support are provided through Discord, which processes your information under its own privacy policy.

Legal, Safety, and Law-Enforcement Disclosures

We may disclose information when we believe in good faith that it is reasonably necessary to: comply with applicable law, regulation, legal process, or an enforceable governmental or law-enforcement request; meet sanctions and export-control obligations; enforce our Terms of Service and Acceptable Use Policy; investigate, prevent, or address fraud, security, abuse, or technical issues; or protect the rights, property, or safety of Soni's World, our users, or the public. Law-enforcement and abuse-related requests should be directed to [email protected].

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal information may be transferred as part of that transaction. We will require the recipient to honor this Privacy Policy or notify you of any material changes to how your information is handled.

No Sale of Personal Information

We do not sell your personal information for money or other valuable consideration, and we do not share it for cross-context behavioral advertising, as those terms are defined under applicable US state privacy laws. Disclosures we make to our service providers and processors under written contracts that restrict their use of the information to performing services for us are not "sales" or "shares" under those laws.

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include how long your account is active, the time needed to provide and support the Service, our legal, tax, and accounting obligations, the resolution of disputes, and the prevention and investigation of fraud and abuse. Our typical retention periods for key categories are:

• Account data is retained for as long as your account is active and for up to twenty-four (24) months after closure to handle reactivation, disputes, and our legal obligations, after which it is deleted or de-identified unless a longer period is required by law.
• Billing and transaction records are retained for as long as required for tax, accounting, audit, and anti-fraud purposes, typically up to seven (7) years from the date of the transaction in line with applicable record-keeping law. Your account balance does not expire while your account remains in good standing.
• Service-usage and accounting data (bandwidth, generation events, domain-level accounting, and session metadata) is retained for billing accuracy and dispute resolution, typically for up to twelve (12) months, with aggregated, de-identified data retained longer for capacity planning.
• Technical and log data (including connection logs and diagnostic data) is retained for a limited period sufficient for security, troubleshooting, and abuse and fraud prevention, typically up to ninety (90) days, after which it is deleted or aggregated. Where feasible, we retain a hashed (one-way) form of IP data for abuse and fraud matching for up to twelve (12) months, rather than retaining raw IP addresses.
• Communications (Discord tickets and emails) are retained for as long as needed to support you and maintain a record of the interaction, typically up to twenty-four (24) months after the interaction is resolved.

Where we are required to retain information to comply with a legal obligation, resolve a dispute, or enforce our agreements, we retain it for as long as necessary for that purpose. When information is no longer needed, we delete it or aggregate or de-identify it so it can no longer reasonably be associated with you.

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using industry-standard transport security (TLS/HTTPS) across our website, dashboard, and network endpoints;
• Access controls and the principle of least privilege, so that staff and systems can access only the information needed for their role;
• Authentication through Discord OAuth, so that we do not store account passwords ourselves;
• Tokenization of payment data through Stripe and our crypto processor, so that we do not store full payment credentials;
• One-way hashing of IP data used for abuse and fraud-prevention matching;
• Logging, monitoring, and segregation of systems to detect and respond to security events.

Security Incidents

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a personal-data breach that affects your information, we will, without undue delay and where feasible, take steps to contain and investigate the incident and will notify affected users and the appropriate supervisory authorities or regulators as and to the extent required by applicable law, including the GDPR and UK GDPR (Articles 33 and 34) and US state data-breach notification laws.

You are responsible for safeguarding access to your Discord account, since that is how you log in. If you believe your account has been compromised, contact us immediately at [email protected] or through Discord.

We are based in the United States, and our customers use the Service from around the world. When you use the Service, your information may be transferred to, stored in, and processed in the United States and in other countries where we or our service providers operate. These countries may have data-protection laws that differ from those in your country of residence.

Where we transfer personal information from the EEA, the United Kingdom, or other jurisdictions that restrict cross-border transfers, we rely on appropriate safeguards recognized under applicable law, such as the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant), together with supplementary measures as needed. By using the Service, you understand that your information may be processed in the United States and other jurisdictions. To request more information about the safeguards we use, contact [email protected].

Depending on where you live, you may have rights over your personal information. We honor these rights where and to the extent applicable law grants them to you, regardless of where you are located.

EEA and UK Rights

If you are in the EEA or the United Kingdom, then, where and to the extent applicable law grants you these rights, you have the right to: access your personal information; request correction of inaccurate data; request erasure; restrict or object to certain processing (including processing based on legitimate interests); request data portability; and, where we rely on consent, withdraw that consent. You also have the right to lodge a complaint with your local data-protection authority, although we encourage you to contact us first so we can try to resolve your concern.

California Rights (CCPA/CPRA)

If you are a California resident, then, where and to the extent applicable law grants you these rights, you have the right to: know what personal information we collect, use, and disclose (see Categories of Personal Information We Collect above); access a copy of that information; request correction of inaccurate personal information; request deletion of your personal information; limit the use of sensitive personal information; and opt out of the sale or sharing of personal information. As stated above, we do not sell or share personal information for cross-context behavioral advertising, so there is no sale or share to opt out of, and we do not use sensitive personal information for purposes that trigger the right to limit. We will not discriminate against you for exercising your rights, and we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.

Other US State Rights

Residents of other US states with comprehensive privacy laws may, where and to the extent applicable law grants them these rights, have similar rights to access, correct, delete, and opt out of certain processing, and to appeal a denied request. We extend comparable rights to these residents where and to the extent required by applicable law.

How to Exercise Your Rights

To exercise any of these rights, email [email protected] or contact us through Discord. We will verify your request, typically by confirming control of the Discord account or email associated with your account, before acting. You may use an authorized agent where the law permits, subject to verification. We respond within the timeframes required by applicable law.

Appeals

If we decline your request, we will explain why. Where applicable law (for example, in Colorado, Connecticut, Virginia, and other states) gives you the right to appeal, you may appeal our decision within the statutory window by replying to our decision or emailing [email protected] with the subject line "Privacy Appeal." We will review the appeal and inform you of the outcome, and our reasons, within the period required by applicable law. If your appeal is denied, we will also tell you how to contact the relevant regulator or attorney general.

The Service is intended solely for adults aged 18 and over and is not directed to children. We do not knowingly collect personal information from anyone under 18 (or under the age of majority in your jurisdiction, if higher). You must be at least 18 years old, and able to enter into a binding contract, to create an account or use the Service, as set out in our Terms of Service.

If you believe that a person under 18 has provided us with personal information, contact [email protected] and we will take reasonable steps to delete that information and close any associated account.

The Service relies on, links to, or interacts with third-party services that operate under their own privacy policies and terms. We are not responsible for the privacy practices of these third parties, and we encourage you to review their policies.

• Discord provides account login and primary support. Your use of Discord is governed by Discord's own terms and privacy policy.
• Payment processors. Stripe processes card payments and a third-party crypto payment processor handles cryptocurrency payments, each under its own privacy policy.
• Target websites and services. The websites, applications, and services you access through our proxies and servers are operated by third parties and have their own privacy policies and terms of use. You are solely responsible for complying with applicable law and with the terms of the websites and services you access through the Service, as described in our Acceptable Use Policy.

Any data you exchange with those third parties is between you and them, and is outside the scope of this Privacy Policy.

We offer the Service to customers worldwide, including in the European Economic Area (EEA) and the United Kingdom, and we process EEA and UK personal data in connection with the Service. We have assessed our obligations under Article 27 of the GDPR and the UK GDPR regarding the appointment of an EU and/or UK representative.

We have not appointed a separate Article 27 representative at this time. Where the appointment of an EU or UK representative becomes required, we will designate one and publish the representative's contact details in this policy. In the meantime, EEA and UK data subjects, and supervisory authorities, may direct all data-protection inquiries and requests to us at [email protected], and we will respond as required by applicable law. We have not appointed a separate Data Protection Officer; our data-protection inquiries are handled through this contact route.

We may update this Privacy Policy from time to time to reflect changes to the Service, our practices, or legal requirements. When we make changes, we will revise the "Last updated" date below and post the updated policy at resifactory.net/privacy. If the changes are material, we will provide additional notice, such as through the dashboard, by email, or via Discord, where appropriate.

Your continued use of the Service after an updated policy takes effect constitutes acceptance of the changes, to the extent permitted by applicable law. Where a change would introduce processing that requires your consent under applicable law (for example, certain new processing relying on consent under the GDPR or UK GDPR), we will obtain that consent separately rather than relying on your continued use. We encourage you to review this policy periodically. Last updated: June 6, 2026.

If you have questions, requests, or concerns about this Privacy Policy or how we handle your personal information, you can reach us at:

• Privacy and data-protection requests (including EEA/UK inquiries): [email protected]
• General, billing, and refund requests: [email protected] (see our Refund Policy)
• Legal notices, abuse reports, and law-enforcement requests: [email protected]
• Discord: through your Discord support ticket

The Service is operated by Soni's World LLC, a New York limited liability company doing business as ResiFactory. This Privacy Policy is governed by the laws of the State of New York, United States, without regard to its conflict-of-laws principles, except where overriding data-protection law in your jurisdiction applies. For related terms, see our Terms of Service and Acceptable Use Policy.