Privacy Policy

Last updated: July 1, 2026

Last updated: July 1, 2026

This Privacy Policy explains how Linus Labs, Inc. d/b/a Proxy (“Proxy,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our websites, dashboard, documentation, APIs, SDKs, hosted handoff pages, payment request pages, and related services.

Proxy provides delegated checkout infrastructure for merchants. Proxy helps merchants route a checkout or payment request from one person to another person who can approve or pay for it.

Proxy is not the seller of the merchant’s products or services. Proxy is not the merchant of record. Proxy is not a payment processor, payment service provider, money transmitter, bank, card issuer, or financial institution. Payments are processed by the merchant’s payment service provider, such as Stripe or another provider selected by the merchant.

If you do not agree with this Privacy Policy, do not use Proxy.

This Privacy Policy explains how Linus Labs, Inc. d/b/a Proxy (“Proxy,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our websites, dashboard, documentation, APIs, SDKs, hosted handoff pages, payment request pages, and related services.

Proxy provides delegated checkout infrastructure for merchants. Proxy helps merchants route a checkout or payment request from one person to another person who can approve or pay for it.

Proxy is not the seller of the merchant’s products or services. Proxy is not the merchant of record. Proxy is not a payment processor, payment service provider, money transmitter, bank, card issuer, or financial institution. Payments are processed by the merchant’s payment service provider, such as Stripe or another provider selected by the merchant.

If you do not agree with this Privacy Policy, do not use Proxy.

  1. Who this policy applies to

This Privacy Policy applies to information we collect from or about:

  • visitors to our websites;

  • merchant employees, contractors, and administrators who use the Proxy dashboard or documentation;

  • developers who use Proxy SDKs, APIs, or integration tools;

  • buyers or users who start a delegated checkout handoff;

  • payers who receive, open, approve, or complete a payment request;

  • other people who contact us, request support, or interact with Proxy.

If you use Proxy through a merchant, that merchant’s own privacy policy also applies. The merchant controls its products, checkout, payment provider, fulfillment, subscriptions, refunds, and customer relationship.

This Privacy Policy applies to information we collect from or about:

  • visitors to our websites;

  • merchant employees, contractors, and administrators who use the Proxy dashboard or documentation;

  • developers who use Proxy SDKs, APIs, or integration tools;

  • buyers or users who start a delegated checkout handoff;

  • payers who receive, open, approve, or complete a payment request;

  • other people who contact us, request support, or interact with Proxy.

If you use Proxy through a merchant, that merchant’s own privacy policy also applies. The merchant controls its products, checkout, payment provider, fulfillment, subscriptions, refunds, and customer relationship.

  1. Our role

Proxy may process information in different roles depending on the context.

For website visitors, dashboard users, developer users, and people who contact Proxy directly, Proxy generally controls how we use that information.

For information a merchant provides to Proxy so that Proxy can operate a delegated checkout handoff, Proxy generally processes that information to provide services to the merchant, subject to our agreement with that merchant.

Merchants are responsible for providing appropriate notices and obtaining appropriate permissions from their users, buyers, and payers where required.

Proxy may process information in different roles depending on the context.

For website visitors, dashboard users, developer users, and people who contact Proxy directly, Proxy generally controls how we use that information.

For information a merchant provides to Proxy so that Proxy can operate a delegated checkout handoff, Proxy generally processes that information to provide services to the merchant, subject to our agreement with that merchant.

Merchants are responsible for providing appropriate notices and obtaining appropriate permissions from their users, buyers, and payers where required.

  1. Information we collect

3.1 Information you provide directly

We may collect information you provide directly to us, such as:

  • name;

  • email address;

  • company name;

  • job title;

  • login credentials;

  • support messages;

  • feedback;

  • billing or invoicing information;

  • information submitted through forms, early access requests, demo requests, or support requests.

We may collect information you provide directly to us, such as:

  • name;

  • email address;

  • company name;

  • job title;

  • login credentials;

  • support messages;

  • feedback;

  • billing or invoicing information;

  • information submitted through forms, early access requests, demo requests, or support requests.

3.2 Merchant account and integration information

If you are a merchant or developer using Proxy, we may collect:

  • merchant account information;

  • dashboard configuration;

  • API keys and related credential metadata;

  • webhook endpoint URLs;

  • allowed domains and forwarding hosts;

  • branding settings, such as merchant display name, logo, colors, and link preview settings;

  • payment provider configuration metadata;

  • order form, pricing, usage, and billing information;

  • SDK, API, and integration logs.

Do not submit secret keys, private credentials, or payment card data except through approved secure setup flows.

If you are a merchant or developer using Proxy, we may collect:

  • merchant account information;

  • dashboard configuration;

  • API keys and related credential metadata;

  • webhook endpoint URLs;

  • allowed domains and forwarding hosts;

  • branding settings, such as merchant display name, logo, colors, and link preview settings;

  • payment provider configuration metadata;

  • order form, pricing, usage, and billing information;

  • SDK, API, and integration logs.

Do not submit secret keys, private credentials, or payment card data except through approved secure setup flows.

3.3 Delegated checkout information

When a buyer starts a delegated checkout handoff, or a payer opens or completes one, we may collect or receive information such as:

  • Proxy session ID;

  • merchant ID;

  • buyer reference or merchant customer reference;

  • payer contact information, if provided by the merchant or buyer;

  • cart, product, plan, subscription, trial, amount, currency, discount, or checkout context;

  • handoff link status;

  • timestamps for session creation, link sharing, link opening, checkout opening, payment status, expiration, failure, cancellation, or completion;

  • browser, device, IP address, user agent, referral, and diagnostic information;

  • payment status metadata from the merchant’s payment provider, such as payment intent ID, checkout session ID, subscription ID, invoice ID, status, amount, currency, error status, or failure reason.

Proxy does not need and does not want raw payment card data. Do not send Proxy card numbers, CVV codes, bank account numbers, or similar payment credentials.

When a buyer starts a delegated checkout handoff, or a payer opens or completes one, we may collect or receive information such as:

  • Proxy session ID;

  • merchant ID;

  • buyer reference or merchant customer reference;

  • payer contact information, if provided by the merchant or buyer;

  • cart, product, plan, subscription, trial, amount, currency, discount, or checkout context;

  • handoff link status;

  • timestamps for session creation, link sharing, link opening, checkout opening, payment status, expiration, failure, cancellation, or completion;

  • browser, device, IP address, user agent, referral, and diagnostic information;

  • payment status metadata from the merchant’s payment provider, such as payment intent ID, checkout session ID, subscription ID, invoice ID, status, amount, currency, error status, or failure reason.

Proxy does not need and does not want raw payment card data. Do not send Proxy card numbers, CVV codes, bank account numbers, or similar payment credentials.

3.4 Payment-related information

Proxy may receive payment status evidence or transaction metadata from a merchant’s payment provider or from merchant systems so that we can update the Proxy session and send signed lifecycle events back to the merchant.

This may include:

  • whether a payment succeeded, failed, was canceled, is pending, or requires action;

  • whether a subscription was created, renewed, canceled, or failed;

  • whether a trial started or converted;

  • transaction IDs or provider object IDs;

  • amount and currency;

  • high-level failure or risk status.

Proxy does not process card payments directly and does not store full payment card numbers or CVV codes

Proxy may receive payment status evidence or transaction metadata from a merchant’s payment provider or from merchant systems so that we can update the Proxy session and send signed lifecycle events back to the merchant.

This may include:

  • whether a payment succeeded, failed, was canceled, is pending, or requires action;

  • whether a subscription was created, renewed, canceled, or failed;

  • whether a trial started or converted;

  • transaction IDs or provider object IDs;

  • amount and currency;

  • high-level failure or risk status.

Proxy does not process card payments directly and does not store full payment card numbers or CVV codes

3.5 Technical and usage information

We may automatically collect:

  • pages visited;

  • dashboard actions;

  • API calls;

  • SDK events;

  • browser and device information;

  • IP address;

  • approximate location inferred from IP address;

  • log data;

  • cookie and similar technology data;

  • error reports;

  • performance metrics;

  • security and fraud-prevention signals.

We may automatically collect:

  • pages visited;

  • dashboard actions;

  • API calls;

  • SDK events;

  • browser and device information;

  • IP address;

  • approximate location inferred from IP address;

  • log data;

  • cookie and similar technology data;

  • error reports;

  • performance metrics;

  • security and fraud-prevention signals.

  1. Information we do not want you to send

Unless we have expressly agreed in writing, do not send Proxy:

  • full payment card numbers;

  • CVV codes;

  • bank account numbers;

  • government ID numbers;

  • protected health information;

  • sensitive personal information;

  • student education records subject to special legal protection;

  • other data that would require special compliance handling beyond the Proxy services we agreed to provide.

If a merchant needs Proxy to process restricted or sensitive data, we may require a separate data processing addendum or other written agreement before doing so.

Unless we have expressly agreed in writing, do not send Proxy:

  • full payment card numbers;

  • CVV codes;

  • bank account numbers;

  • government ID numbers;

  • protected health information;

  • sensitive personal information;

  • student education records subject to special legal protection;

  • other data that would require special compliance handling beyond the Proxy services we agreed to provide.

If a merchant needs Proxy to process restricted or sensitive data, we may require a separate data processing addendum or other written agreement before doing so.

  1. How we use information

We use information to:

  • provide, operate, maintain, and improve Proxy;

  • create and manage delegated checkout handoffs;

  • generate and serve hosted payment request links;

  • preserve checkout context for payers;

  • route payers to merchant checkout experiences;

  • receive and process payment status evidence;

  • send signed lifecycle events and webhooks to merchants;

  • authenticate dashboard and API users;

  • configure merchant accounts and integrations;

  • provide support;

  • troubleshoot bugs and technical issues;

  • monitor service performance;

  • detect, prevent, and investigate fraud, abuse, security incidents, and misuse;

  • enforce our Terms, Merchant Services Agreement, Acceptable Use Policy, and other agreements;

  • invoice merchants and manage billing;

  • communicate with merchants, developers, and users;

  • comply with legal obligations;

  • develop new features, analytics, benchmarks, and aggregate reporting.

We may use aggregated or de-identified information to understand and improve Proxy, including aggregate conversion rates, handoff performance, and checkout outcomes. We do not use aggregated or de-identified information to identify individual buyers or payers.

We use information to:

  • provide, operate, maintain, and improve Proxy;

  • create and manage delegated checkout handoffs;

  • generate and serve hosted payment request links;

  • preserve checkout context for payers;

  • route payers to merchant checkout experiences;

  • receive and process payment status evidence;

  • send signed lifecycle events and webhooks to merchants;

  • authenticate dashboard and API users;

  • configure merchant accounts and integrations;

  • provide support;

  • troubleshoot bugs and technical issues;

  • monitor service performance;

  • detect, prevent, and investigate fraud, abuse, security incidents, and misuse;

  • enforce our Terms, Merchant Services Agreement, Acceptable Use Policy, and other agreements;

  • invoice merchants and manage billing;

  • communicate with merchants, developers, and users;

  • comply with legal obligations;

  • develop new features, analytics, benchmarks, and aggregate reporting.

We may use aggregated or de-identified information to understand and improve Proxy, including aggregate conversion rates, handoff performance, and checkout outcomes. We do not use aggregated or de-identified information to identify individual buyers or payers.

  1. How we share information

We may share information with:

Merchants

If you use Proxy through a merchant, we may share information with that merchant so the merchant can operate checkout, fulfill purchases, manage subscriptions, provide support, handle refunds, and resolve disputes.

Service providers

We may share information with service providers who help us operate Proxy, such as hosting providers, infrastructure providers, analytics tools, email providers, support tools, security tools, and billing tools.

Payment service providers

Proxy may exchange limited payment status metadata with a merchant’s payment service provider or receive payment status evidence from that provider. The merchant’s payment service provider processes payments under its own terms and privacy policies.

Legal and safety purposes

We may share information if we believe it is necessary to:

  • comply with law, subpoena, court order, or legal process;

  • enforce our agreements;

  • protect Proxy, merchants, payers, buyers, or others;

  • investigate fraud, security incidents, abuse, or unauthorized activity;

  • prevent harm.

Business transfers

We may share or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

With consent

We may share information with your consent or at your direction.

We may share information with:

Merchants

If you use Proxy through a merchant, we may share information with that merchant so the merchant can operate checkout, fulfill purchases, manage subscriptions, provide support, handle refunds, and resolve disputes.

Service providers

We may share information with service providers who help us operate Proxy, such as hosting providers, infrastructure providers, analytics tools, email providers, support tools, security tools, and billing tools.

Payment service providers

Proxy may exchange limited payment status metadata with a merchant’s payment service provider or receive payment status evidence from that provider. The merchant’s payment service provider processes payments under its own terms and privacy policies.

Legal and safety purposes

We may share information if we believe it is necessary to:

  • comply with law, subpoena, court order, or legal process;

  • enforce our agreements;

  • protect Proxy, merchants, payers, buyers, or others;

  • investigate fraud, security incidents, abuse, or unauthorized activity;

  • prevent harm.

Business transfers

We may share or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

With consent

We may share information with your consent or at your direction.

  1. Cookies and similar technologies

We may use cookies, pixels, local storage, and similar technologies to:

  • keep users signed in;

  • remember preferences;

  • secure accounts;

  • understand website and dashboard usage;

  • improve performance;

  • measure product and marketing effectiveness;

  • detect fraud or abuse.

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

For v0, this section can live inside the Privacy Policy. If we later use more advanced marketing or tracking tools, we can create a separate Cookie Policy.

We may use cookies, pixels, local storage, and similar technologies to:

  • keep users signed in;

  • remember preferences;

  • secure accounts;

  • understand website and dashboard usage;

  • improve performance;

  • measure product and marketing effectiveness;

  • detect fraud or abuse.

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

For v0, this section can live inside the Privacy Policy. If we later use more advanced marketing or tracking tools, we can create a separate Cookie Policy.

  1. Analytics and advertising

We may use analytics tools to understand how people use our website, dashboard, documentation, and services.

We do not sell personal information. We do not use buyer or payer personal information from delegated checkout handoffs for targeted advertising.

If this changes, we will update this Privacy Policy and provide any legally required choices.

We may use analytics tools to understand how people use our website, dashboard, documentation, and services.

We do not sell personal information. We do not use buyer or payer personal information from delegated checkout handoffs for targeted advertising.

If this changes, we will update this Privacy Policy and provide any legally required choices.

  1. Data retention

We keep information for as long as reasonably necessary to provide Proxy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes.

Retention periods may vary depending on the type of information, how it is used, merchant configuration, legal requirements, and operational needs.

When information is no longer needed, we may delete it, de-identify it, or aggregate it.

We keep information for as long as reasonably necessary to provide Proxy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes.

Retention periods may vary depending on the type of information, how it is used, merchant configuration, legal requirements, and operational needs.

When information is no longer needed, we may delete it, de-identify it, or aggregate it.

  1. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information processed by Proxy.

No system is perfectly secure. Merchants are responsible for securing their own systems, payment provider accounts, API keys, webhook secrets, access controls, and integrations.

If you believe your account, API key, webhook secret, or integration has been compromised, contact us promptly.

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information processed by Proxy.

No system is perfectly secure. Merchants are responsible for securing their own systems, payment provider accounts, API keys, webhook secrets, access controls, and integrations.

If you believe your account, API key, webhook secret, or integration has been compromised, contact us promptly.

  1. Children and teens

Proxy is designed for delegated checkout situations, including situations where a teen or student starts a payment request and a parent or other payer completes it.

Merchants are responsible for determining whether their products or services are appropriate for minors and for obtaining any required parental consent or other legal permission.

Proxy does not knowingly collect personal information from children under 13 directly for our own purposes. If we learn that we collected personal information from a child under 13 without appropriate permission, we will take reasonable steps to delete it or handle it as required by law.

If you believe a child provided information to Proxy improperly, contact us at privacy@proxycheckout.com.

Proxy is designed for delegated checkout situations, including situations where a teen or student starts a payment request and a parent or other payer completes it.

Merchants are responsible for determining whether their products or services are appropriate for minors and for obtaining any required parental consent or other legal permission.

Proxy does not knowingly collect personal information from children under 13 directly for our own purposes. If we learn that we collected personal information from a child under 13 without appropriate permission, we will take reasonable steps to delete it or handle it as required by law.

If you believe a child provided information to Proxy improperly, contact us at privacy@proxycheckout.com.

  1. Merchant responsibilities

Merchants using Proxy are responsible for:

  • providing appropriate privacy notices to their users, buyers, and payers;

  • obtaining any legally required consents;

  • configuring Proxy in a privacy-protective way;

  • sending only data that is necessary for Proxy to provide the services;

  • avoiding restricted or sensitive data unless agreed in writing;

  • complying with applicable privacy, consumer protection, payment, and data security laws.

Merchants should not send Proxy full payment card numbers, CVV codes, or unnecessary sensitive data.

Merchants using Proxy are responsible for:

  • providing appropriate privacy notices to their users, buyers, and payers;

  • obtaining any legally required consents;

  • configuring Proxy in a privacy-protective way;

  • sending only data that is necessary for Proxy to provide the services;

  • avoiding restricted or sensitive data unless agreed in writing;

  • complying with applicable privacy, consumer protection, payment, and data security laws.

Merchants should not send Proxy full payment card numbers, CVV codes, or unnecessary sensitive data.

  1. Your privacy choices

Depending on where you live and how you interact with Proxy, you may have rights to:

  • access information we hold about you;

  • correct inaccurate information;

  • delete information;

  • object to or restrict certain processing;

  • request a copy of information;

  • opt out of certain uses;

  • withdraw consent where processing is based on consent.

To make a request, contact us at privacy@proxycheckout.com.

If your information was provided to Proxy by a merchant, we may direct you to that merchant or work with the merchant to respond to your request.

Depending on where you live and how you interact with Proxy, you may have rights to:

  • access information we hold about you;

  • correct inaccurate information;

  • delete information;

  • object to or restrict certain processing;

  • request a copy of information;

  • opt out of certain uses;

  • withdraw consent where processing is based on consent.

To make a request, contact us at privacy@proxycheckout.com.

If your information was provided to Proxy by a merchant, we may direct you to that merchant or work with the merchant to respond to your request.

  1. California privacy notice

If you are a California resident, California law may provide additional rights.

Depending on the context, you may have the right to:

  • know what personal information we collect, use, disclose, or share;

  • request deletion of personal information;

  • request correction of inaccurate personal information;

  • opt out of sale or sharing of personal information;

  • limit use of sensitive personal information, if applicable;

  • not be discriminated against for exercising privacy rights.

We do not sell personal information. We do not share buyer or payer personal information from delegated checkout handoffs for cross-context behavioral advertising.

Categories of personal information we may collect include:

  • identifiers, such as name, email, account ID, merchant customer reference, IP address, and device identifiers;

  • commercial information, such as cart context, amount, currency, product, plan, subscription, trial, or payment status metadata;

  • internet or network activity, such as log data, link openings, browser information, and dashboard usage;

  • geolocation information inferred from IP address;

  • professional or employment information for merchant users;

  • inferences derived from service usage, such as aggregate funnel or session status indicators.

We collect this information from:

  • you;

  • merchants;

  • payment service providers;

  • service providers;

  • devices and browsers;

  • logs and analytics tools.

We use and disclose this information for the purposes described in this Privacy Policy.

To exercise California privacy rights, contact privacy@proxycheckout.com.

If you are a California resident, California law may provide additional rights.

Depending on the context, you may have the right to:

  • know what personal information we collect, use, disclose, or share;

  • request deletion of personal information;

  • request correction of inaccurate personal information;

  • opt out of sale or sharing of personal information;

  • limit use of sensitive personal information, if applicable;

  • not be discriminated against for exercising privacy rights.

We do not sell personal information. We do not share buyer or payer personal information from delegated checkout handoffs for cross-context behavioral advertising.

Categories of personal information we may collect include:

  • identifiers, such as name, email, account ID, merchant customer reference, IP address, and device identifiers;

  • commercial information, such as cart context, amount, currency, product, plan, subscription, trial, or payment status metadata;

  • internet or network activity, such as log data, link openings, browser information, and dashboard usage;

  • geolocation information inferred from IP address;

  • professional or employment information for merchant users;

  • inferences derived from service usage, such as aggregate funnel or session status indicators.

We collect this information from:

  • you;

  • merchants;

  • payment service providers;

  • service providers;

  • devices and browsers;

  • logs and analytics tools.

We use and disclose this information for the purposes described in this Privacy Policy.

To exercise California privacy rights, contact privacy@proxycheckout.com.

  1. International users

Proxy is operated from the United States. If you access Proxy from outside the United States, your information may be processed in the United States and other countries where our service providers operate.

Those countries may have data protection laws different from those in your country.

Proxy is operated from the United States. If you access Proxy from outside the United States, your information may be processed in the United States and other countries where our service providers operate.

Those countries may have data protection laws different from those in your country.

Proxy may link to or interact with third-party services, including merchant websites, payment service providers, analytics tools, and support tools.

We are not responsible for the privacy practices of third parties. Their terms and privacy policies apply to their services.

Proxy may link to or interact with third-party services, including merchant websites, payment service providers, analytics tools, and support tools.

We are not responsible for the privacy practices of third parties. Their terms and privacy policies apply to their services.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice by posting the updated Privacy Policy on our website, through the dashboard, by email, or by other reasonable means.

Your continued use of Proxy after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice by posting the updated Privacy Policy on our website, through the dashboard, by email, or by other reasonable means.

Your continued use of Proxy after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

  1. Contact

Questions or requests about this Privacy Policy may be sent to:

Proxy
Linus Labs, Inc. d/b/a Proxy
Alameda County, California
Email: privacy@proxycheckout.com

Questions or requests about this Privacy Policy may be sent to:

Proxy
Linus Labs, Inc. d/b/a Proxy
Alameda County, California
Email: privacy@proxycheckout.com