Privacy Policy

Edgely ("we", "us", "our") operates the reverse proxy service available at xedgely.com. We help you serve your websites on custom domains by routing traffic through our edge network. This policy explains what data we collect, why, and how we handle it.

Account data

When you sign up, we store your email address and, if provided by your OAuth provider, your name and profile picture. We use this to identify your account and send transactional emails (e.g. sign-in links).

Domain configuration data

We store the custom domains and target URLs you configure, along with settings such as cache preferences and integration credentials (e.g. your xSeek API key). This data is necessary to operate the proxy.

Proxy traffic logs

Our edge middleware processes every HTTP request routed through your domain. We may log request metadata (timestamp, URL path, HTTP status, User-Agent, IP address) for operational purposes such as debugging, abuse detection, and service reliability. Logs are retained for up to 30 days.

Usage data

We collect anonymous usage metrics on our dashboard (page views, feature usage) to improve the product. This data cannot be linked back to individual users.

• To operate and maintain your proxy domains and SSL certificates.
• To authenticate you and protect your account.
• To send transactional emails (sign-in, important service notices).
• To detect and prevent abuse of our network.
• To improve the service based on anonymous usage patterns.

We do not sell your personal data. We do not use your data for advertising.

We use the following third-party services to operate Edgely:

• Vercel — hosting, edge network, and Edge Config storage. Your domain configuration is stored in Vercel infrastructure.
• Neon / PostgreSQL — database storing your account and domain records.
• Auth.js (NextAuth) — session management and OAuth sign-in.
• xSeek (optional) — if you connect your xSeek API key, AI bot visit data is forwarded to xSeek's servers. This is entirely opt-in and governed by xSeek's privacy policy.

We use a single session cookie to keep you signed in. We do not use tracking cookies or third-party advertising cookies. You can clear this cookie at any time by signing out.

Account and domain data is retained for as long as your account is active. Proxy traffic logs are retained for up to 30 days. If you delete your account, all associated data is permanently removed within 30 days.

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, email us at privacy@xedgely.com. We will respond within 30 days.

All data is transmitted over HTTPS. Domain configurations stored in Vercel Edge Config are encrypted at rest. API keys (such as your xSeek key) are stored encrypted in our database. We follow industry-standard security practices, but no system is completely immune to breaches — please use a strong, unique password and enable 2FA where available.

Edgely is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions about this policy? Email us at privacy@xedgely.com.