Chính sách bảo mật

Quyền riêng tư của bạn là ưu tiên hàng đầu của chúng tôi

Xử lý dữ liệu minh bạch và có trách nhiệm, bảo vệ nghiêm ngặt quyền riêng tư trực tuyến của bạn

1. No-Logs Policy

We implement an industry-leading no-logs policy, which is at the core of our privacy commitment.
No connection logs: We do not log connection timestamps, session duration, or your real IP address.
No activity logs: We do not monitor, record, or store your browsing history, DNS queries, or data content.
No bandwidth tracking: We do not track your bandwidth usage or connection frequency.
RAM-disk servers: Our servers run in RAM-disk mode, automatically wiping all data on reboot.
Third-party audits: Our no-logs policy has been verified by independent third-party security audits.

2. Data We Collect

Account information: Email address provided during registration (anonymous email accepted).
Payment information: Securely processed by third-party payment processors (Stripe, PayPal), we don't store credit card information.
App diagnostics: Optional anonymous crash reports and app performance data to improve service quality.
Support communications: Communication records when you contact customer support.
Aggregate data: Anonymous statistics on server load and network performance.
Minimization principle: We only collect the minimum data necessary to provide the service.

AES-256 encryption: All data transmission uses military-grade AES-256-GCM encryption.
Perfect forward secrecy: Each session uses unique encryption keys, past sessions cannot be decrypted.
DNS leak protection: Built-in DNS leak protection ensures DNS queries are not exposed to ISPs.
Kill Switch: Automatically cuts all traffic when network disconnects to prevent data leaks.
Multi-hop VPN: Support for double VPN and Onion over VPN for enhanced anonymity.
Secure protocols: Support for WireGuard, OpenVPN, and IKEv2/IPSec protocols.

GDPR

CCPA

PIPEDA

LGPD

GDPR Compliant (EU): Fully compliant with all requirements of the General Data Protection Regulation.
CCPA Compliant (California): Adheres to the California Consumer Privacy Act provisions.
PIPEDA Compliant (Canada): Complies with the Personal Information Protection and Electronic Documents Act.
LGPD Compliant (Brazil): Follows the Brazilian General Data Protection Law.
Data localization: We do not store user data in countries with strict data retention laws.
Cross-border transfers: All data transfers are encrypted and comply with international data transfer protocols.

Right to access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You can request correction of any inaccurate or incomplete personal data.
Right to erasure (Right to be forgotten): You can request deletion of your personal data.
Right to restrict processing: You can request restriction of processing of your personal data.
Right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
Right to object: You can object to processing of your personal data for legitimate interests.
Right to withdraw consent: You can withdraw consent for data processing at any time.
Right to complain: You have the right to lodge a complaint with a data protection supervisory authority.

Essential cookies only: We only use session cookies necessary to maintain service functionality.
No tracking cookies: We do not use any tracking or advertising cookies.
No third-party analytics: No Google Analytics or any third-party analytics services.
Do Not Track: We respect browser "Do Not Track" settings.
Local storage: Only stores necessary app settings and preferences.
Cookie control: You can control or delete cookies through your browser settings.

Never sell data: We never sell, rent, or trade your personal information.
No ad networks: We do not work with any advertising networks or data brokers.
Payment processing: Only share necessary information with PCI-compliant payment processors (Stripe, PayPal).
Legal requirements: Information disclosed only when clearly required by law (see transparency report).
Business transfers: Your data protection rights will be maintained in case of merger or acquisition.
Service providers: Only work with essential service providers who sign strict confidentiality agreements.

Company registration: Registered in privacy-friendly jurisdiction, not subject to data retention laws.
Server locations: Servers distributed across 60+ countries, all chosen for strict privacy protection.
No data retention: We are not subject to any mandatory data retention laws.
Transparency reports: Regular transparency reports disclosing government data requests.
Warrant canary: We maintain a warrant canary to alert users of any secret data requests.
Independent operation: Not under the control or influence of any government or intelligence agency.

Account data: Retained during account activation, permanently deleted within 30 days after account deletion.
Payment records: Retained for up to 7 years as required by accounting regulations (transaction records only, no usage data).
Support tickets: Retained for 6 months after resolution for service improvement.
Temporary data: All temporary connection data deleted immediately after session ends.
Backups: Backup data automatically deleted after 30-day cycle.
Anonymous data: Aggregated anonymous statistics may be retained indefinitely.

Security audits: Regular third-party security audits and penetration testing.
Bug bounty: Running bug bounty program encouraging security researchers to report issues.
SOC 2 compliance: Following SOC 2 Type II security standards.
Employee training: All employees receive regular privacy and security training.
Access control: Strict internal access controls and principle of least privilege.
Incident response: Established comprehensive data breach incident response plan.

Privacy Officer: [email protected]
Data Protection Officer (DPO): [email protected]
General inquiries: [email protected]
Response time: We commit to responding to all privacy-related queries within 48 hours.
Privacy rights requests: Exercise your privacy rights through account settings or by email.