Most tunneling services log everything. Request URLs, response codes, client IPs, timestamps, headers — it all goes into a database for analytics, debugging, or compliance reasons that serve the provider, not the customer.
ProxyPass takes the opposite approach. No traffic content is logged. No request URLs. No response bodies. No headers. The data that flows through the tunnel is invisible to the infrastructure.
What We Do Track
What ProxyPass does track is operational metadata: how many requests a node handles, how much traffic passes through (byte count), connection status, error rates. This data powers the dashboard — it tells you and us whether the system is healthy. But the content of your communication never touches a log file.
Architecture, Not Policy
This is not a policy decision that could change in a future update. It is an architectural decision. The system is built so that traffic content is never written to disk, never buffered in a logging pipeline, never sent to a third-party analytics service. There is no logging code to disable because there is no logging code to begin with.
For CONNECT mode traffic, the privacy story is even stronger. Your client's TLS session runs inside the tunnel — ProxyPass sees only encrypted bytes. Even if someone wanted to log the traffic content, they physically could not decrypt it. The keys exist only between your client and the target device.
Why This Matters for Business
Every piece of data a third party stores about your traffic becomes a liability. It can be subpoenaed. It can be breached. It can be sold. It can trigger GDPR obligations around data processing agreements, data retention policies, and breach notification procedures.
With ProxyPass, that liability does not exist. There is no traffic data to subpoena, breach, or process. Your GDPR compliance posture is simpler because there is less data processing to document.
Scenario: The GDPR Audit
Your company goes through a GDPR audit. The auditor asks: "You use a tunneling service for remote access. What data does that provider process about your traffic?"
With most tunneling providers, you need to produce data processing agreements, explain what gets logged, evaluate international data transfers, and document retention policies. It is a multi-page section in your Data Protection Impact Assessment.
With ProxyPass, your answer is: "They track how many requests each node handles and how much bandwidth is used. They do not log traffic content, request URLs, headers, or payloads. Infrastructure is in Germany. Operator is in Austria. No international data transfers. No US-based entities in the processing chain."
That is a paragraph, not a chapter. Your auditor moves on.
EU Infrastructure, No Exceptions
The infrastructure runs exclusively on servers in Germany. No data leaves the EU. No US-based cloud provider handles your traffic. No international data transfers to evaluate under Schrems II.
For businesses operating in regulated industries — healthcare, finance, legal — or any European company that takes data protection seriously, this is not a nice-to-have. It is a requirement.
ProxyPass meets it by default.