tool creativeStart a project
Back to site
Legal / RucheyProxy Privacy

Privacy Policy

Last updated · 18 May 2026

This Privacy Policy explains how TOOL CREATIVE LTD (“we”, “us”) handles personal data in the RucheyProxy application for iOS, iPadOS, macOS, tvOS (the “App”) and on the website toolcreative.ltd (the “Site”). It is written to comply with the UK GDPR and the Data Protection Act 2018.

1. Who we are

We are the data controller for the personal data described in this policy. Our registered office is 327 Tollgate Road, London, E6 5YF, England. You can reach the person responsible for data protection at privacy@toolcreative.ltd.

2. The short version

  • We do not run proxy or VPN servers. The App is a client; your traffic terminates on infrastructure provided by third parties you configure. We never see the contents of that traffic.
  • We do not log browsing activity. We do not store the websites you visit, the apps you use through the proxy, your DNS queries, or the IP addresses you connect to.
  • We keep what we need to run the service. A small amount of subscription verification data via Apple, anonymised crash reports (if you opt in), and aggregated counts of feature use.
  • Your rights apply. You can ask us what we have, ask us to delete it, or complain to the UK ICO.

3. Data summary — App Store Privacy Label

The tables below mirror the categories Apple uses in App Store Connect, so what we declare here is consistent with the “Privacy” nutrition label on the App Store listing of RucheyProxy.

3.1 Data Linked to You

Data we can associate with a user, account, or device through our backend.

CategoryData typePurpose
PurchasesPurchase History (Apple receipt and subscription state)App Functionality
IdentifiersDevice ID (random, App-generated install token)App Functionality
Contact InfoEmail Address (only if you write to support or send an enquiry)Customer Support

3.2 Data Not Linked to You

Data collected in a way that cannot be tied to your identity or device, or that is aggregated before we receive it.

CategoryData typePurpose
DiagnosticsCrash Data, Performance Data (opt-in)App Functionality
Usage DataProduct Interaction (aggregate counts of feature use)Analytics

3.3 Data Used to Track You

None. RucheyProxy does not use your data to track you across apps or websites owned by other companies, and we do not share data with data brokers or advertising networks.

3.4 Data Not Collected

We do not collect any of the following Apple data categories:

  • Location (precise or coarse)
  • Health and Fitness
  • Financial Info — purchase processing is handled by Apple; we never see your card or payment details
  • Sensitive Info
  • Contacts
  • User Content — emails or text messages, photos, videos, audio, gameplay content
  • Browsing History — the destinations of traffic routed through the proxy
  • Search History
  • Surveys
  • Environment Scanning
  • Body Data
  • Other Data Types

4. What we collect in detail

4.1 In the App

  • Subscription receipts — when you buy or renew a subscription, Apple gives the App a signed receipt that confirms your entitlement. We verify it on our servers and store the minimal identifiers needed (an opaque transaction ID and subscription state). We do not receive your Apple ID, name, address, or payment details from Apple.
  • Anonymous device identifier — a randomly generated token created on your device the first time you launch the App. It is used to associate your subscription with your installation and to allow you to restore purchases. It is not linked to your identity by us.
  • Diagnostics — if you opt in, the App sends anonymised crash reports and diagnostic events through a privacy-respecting provider. These do not include traffic content, destinations, or stable user identifiers.
  • Locally stored configuration — server profiles, credentials, and preferences are stored on your device only (using iOS/macOS Keychain and standard secure storage). We do not have access to them.

4.2 On the Site

  • Enquiry data — if you contact us by email or via a form, we receive the data you provide (name, email, message).
  • Technical data — IP address (truncated where possible), browser type, device type, referring URL, pages viewed.
  • Cookie data — see section 9 below.

5. What we do not collect or log

  • contents of network traffic routed through the App;
  • destination IP addresses, URLs, or domain names you connect to;
  • DNS queries made via the proxy;
  • connection timestamps tied to your identity;
  • your source IP address as a stable identifier;
  • browsing or app-usage history outside the App.

6. Why we use it (legal basis)

Under UK GDPR (Article 6) we must have a lawful basis for each purpose:

  • Provide and verify the subscription — basis: performance of the contract.
  • Keep the service secure and abuse-free (rate limits, fraud detection on receipt validation) — basis: legitimate interest.
  • Fix bugs and crashes (where you opted in) — basis: consent.
  • Respond to support and legal enquiries — basis: legitimate interest and, where applicable, legal obligation.
  • Comply with tax and accounting law — basis: legal obligation.

7. Who we share it with

We do not sell data. We share data only with:

  • Apple Inc. — App Store distribution, in-app purchase processing, and receipt validation. Apple’s privacy practices are described in Apple’s privacy policy.
  • Hosting and infrastructure — our backend and the Site are hosted on Vercel Inc. and on cloud infrastructure with regional presence in the UK / EEA where possible.
  • Crash and diagnostic services — a privacy-respecting provider that processes anonymised reports, if you opt in.
  • Email and productivity — a business email provider we use to handle enquiries and support tickets.
  • Accounting and tax — our accountant and HMRC, where required.
  • Authorities — if we receive a valid legal request. Because we do not log traffic, our ability to respond to such requests is intrinsically limited.

8. International transfers

Some of our processors are based outside the UK and the European Economic Area. Where this happens, we rely on either (a) a UK adequacy decision; (b) the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses; or (c) another lawful safeguard. You can request a copy of the relevant safeguard by writing to privacy@toolcreative.ltd.

9. Cookies (Site)

The Site uses a small number of cookies, grouped as:

  • Strictly necessary — required for the Site to work (e.g. preference storage). These do not need your consent.
  • Analytics — privacy-friendly measurement that does not set persistent identifiers, used to understand which pages get attention.

You can control cookies through your browser settings. Blocking non-essential cookies will not affect access to the Site’s content. The App itself does not use web cookies.

10. How long we keep it

  • Subscription state — for the life of the subscription and up to six (6) years after the last renewal, in line with UK tax and limitation periods.
  • Diagnostics — typically 30–90 days, then aggregated or deleted.
  • Enquiry data — up to two (2) years from last contact, then deleted.
  • Server logs and security data — typically 30–90 days.

11. Children

The App is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact privacy@toolcreative.ltd and we will delete it.

12. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion (the “right to erasure”);
  • request that we restrict processing in certain cases;
  • object to processing based on legitimate interests;
  • receive your data in a portable format and have it transmitted to another controller, where technically feasible;
  • withdraw consent where we relied on it.

To exercise any of these rights, email privacy@toolcreative.ltd. We respond within one month. We may ask for information to verify your identity before acting on the request. Because we keep very little identifying data, in some cases we may not be able to recognise you from the information we hold — in that case, we will say so and explain what (if anything) we can do.

If you are unhappy with how we have handled your data, you have the right to complain to the UK Information Commissioner’s Office at ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to put things right first.

13. Security

We apply organisational and technical measures appropriate to the risk: encrypted transport (TLS) for all client–server traffic, device-side secure storage for credentials, role-based access to backend systems, and regular review of our processors’ security practices. No system is fully immune to compromise; if a breach occurs that materially affects you, we will notify the ICO and affected users as required by UK GDPR.

14. Changes to this policy

We may update this policy from time to time. The current version is always published on this page with the “Last updated” date above. Material changes will be highlighted at the top of this page or communicated in-App.

15. Contact

Privacy questions: privacy@toolcreative.ltd. General contact: legal@toolcreative.ltd. Postal address: TOOL CREATIVE LTD, 327 Tollgate Road, London, E6 5YF, England.