Privacy policy
Last updated: April 29, 2026 · This is a draft template — replace before launch.
What we don't collect
- Browsing activity, traffic content, or destination IPs
- DNS queries
- Connection or disconnection timestamps from the VPN
- Bandwidth usage per session
What we keep
- Your account email and (hashed) password
- Subscription and billing records (required by law and by Stripe)
- Audit logs for security-relevant events on your account (sign-in, password change, VPN account state changes)
- Aggregated server health metrics — never tied to a specific user
Where data is stored
Account data is stored in encrypted PostgreSQL hosted in our chosen region. VPN infrastructure runs on RAM-only servers — every reboot wipes state.
Your rights
You can export, correct, or delete your data at any time from your account. Deletion terminates the upstream VPN account and removes all our records within 30 days.
Contact
Privacy questions or data subject requests: privacy@example.com.