Політика конфіденційності

Ваша конфіденційність - наш головний пріоритет

Прозора та відповідальна обробка даних, сувора захист вашої онлайн-конфіденційності

1. No-Logs Policy

We implement an industry-leading no-logs policy, which is at the core of our privacy commitment.
No connection logs: We do not log connection timestamps, session duration, or your real IP address.
No activity logs: We do not monitor, record, or store your browsing history, DNS queries, or data content.
No bandwidth tracking: We do not track your bandwidth usage or connection frequency.
RAM-disk servers: Our servers run in RAM-disk mode, automatically wiping all data on reboot.
Third-party audits: Our no-logs policy has been verified by independent third-party security audits.

2. Data We Collect

Account information: Email address provided during registration (anonymous email accepted).
Payment information: Securely processed by third-party payment processors (Stripe, PayPal), we don't store credit card information.
App diagnostics: Optional anonymous crash reports and app performance data to improve service quality.
Support communications: Communication records when you contact customer support.
Aggregate data: Anonymous statistics on server load and network performance.
Minimization principle: We only collect the minimum data necessary to provide the service.

AES-256 encryption: All data transmission uses military-grade AES-256-GCM encryption.
Perfect forward secrecy: Each session uses unique encryption keys, past sessions cannot be decrypted.
DNS leak protection: Built-in DNS leak protection ensures DNS queries are not exposed to ISPs.
Kill Switch: Automatically cuts all traffic when network disconnects to prevent data leaks.
Multi-hop VPN: Support for double VPN and Onion over VPN for enhanced anonymity.
Secure protocols: Support for WireGuard, OpenVPN, and IKEv2/IPSec protocols.

GDPR

CCPA

PIPEDA

LGPD

GDPR Compliant (EU): Fully compliant with all requirements of the General Data Protection Regulation.
CCPA Compliant (California): Adheres to the California Consumer Privacy Act provisions.
PIPEDA Compliant (Canada): Complies with the Personal Information Protection and Electronic Documents Act.
LGPD Compliant (Brazil): Follows the Brazilian General Data Protection Law.
Data localization: We do not store user data in countries with strict data retention laws.
Cross-border transfers: All data transfers are encrypted and comply with international data transfer protocols.

Right to access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You can request correction of any inaccurate or incomplete personal data.
Right to erasure (Right to be forgotten): You can request deletion of your personal data.
Right to restrict processing: You can request restriction of processing of your personal data.
Right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
Right to object: You can object to processing of your personal data for legitimate interests.
Right to withdraw consent: You can withdraw consent for data processing at any time.
Right to complain: You have the right to lodge a complaint with a data protection supervisory authority.

Essential cookies only: We only use session cookies necessary to maintain service functionality.
No tracking cookies: We do not use any tracking or advertising cookies.
No third-party analytics: No Google Analytics or any third-party analytics services.
Do Not Track: We respect browser "Do Not Track" settings.
Local storage: Only stores necessary app settings and preferences.
Cookie control: You can control or delete cookies through your browser settings.

Never sell data: We never sell, rent, or trade your personal information.
No ad networks: We do not work with any advertising networks or data brokers.
Payment processing: Only share necessary information with PCI-compliant payment processors (Stripe, PayPal).
Legal requirements: Information disclosed only when clearly required by law (see transparency report).
Business transfers: Your data protection rights will be maintained in case of merger or acquisition.
Service providers: Only work with essential service providers who sign strict confidentiality agreements.

Company registration: Registered in privacy-friendly jurisdiction, not subject to data retention laws.
Server locations: Servers distributed across 60+ countries, all chosen for strict privacy protection.
No data retention: We are not subject to any mandatory data retention laws.
Transparency reports: Regular transparency reports disclosing government data requests.
Warrant canary: We maintain a warrant canary to alert users of any secret data requests.
Independent operation: Not under the control or influence of any government or intelligence agency.

Account data: Retained during account activation, permanently deleted within 30 days after account deletion.
Payment records: Retained for up to 7 years as required by accounting regulations (transaction records only, no usage data).
Support tickets: Retained for 6 months after resolution for service improvement.
Temporary data: All temporary connection data deleted immediately after session ends.
Backups: Backup data automatically deleted after 30-day cycle.
Anonymous data: Aggregated anonymous statistics may be retained indefinitely.

Security audits: Regular third-party security audits and penetration testing.
Bug bounty: Running bug bounty program encouraging security researchers to report issues.
SOC 2 compliance: Following SOC 2 Type II security standards.
Employee training: All employees receive regular privacy and security training.
Access control: Strict internal access controls and principle of least privilege.
Incident response: Established comprehensive data breach incident response plan.

Privacy Officer: [email protected]
Data Protection Officer (DPO): [email protected]
General inquiries: [email protected]
Response time: We commit to responding to all privacy-related queries within 48 hours.
Privacy rights requests: Exercise your privacy rights through account settings or by email.