01Our Privacy Stance
VPNGap treats privacy as our baseline, not a marketing slogan. Our stance is simple:
This means we hold the line at two levels:
- VPN Traffic Level: We follow a strict No-Log policy—no recording of sites visited, no DNS queries, and no connection metadata (see Chapter 3);
- Account System Level: We only keep minimum info required for operations—no real names, IDs, phone numbers, or addresses (see Chapter 2).
This policy and the Terms of Service form your agreement with VPNGap. In case of conflict, the stricter privacy protection prevails.
02What We Do and Don't Collect
Everything at a glance in two lists:
What We Collect
- Your registration email (for login and recovery);
- An encrypted hash of your password (not the actual password);
- Your plan and usage data (to show your remaining allowance);
- Current session state (so you stay logged in);
- Minimal aggregated stats (anonymous app crashes, version distribution).
What We Don't Collect
- Your real name, ID, or phone number;
- Your address, zip code, or location;
- Your credit card or payment method (no binding on registration);
- The sites, URLs, DNS queries, or history you visit;
- The files, chats, or uploads you transmit.
Payment data for paid users is handled by independent third-party providers under their own policies. VPNGap only receives minimal signals like 'Payment completed / Order No.' and never touches your card number or CVV.
03Strict No-Log Commitment
VPNGap follows a strict No-Log policy across all nodes; we do not record:
- Websites, domains, URLs, or page content visited;
- Your DNS query logs;
- Specific timestamps, source IPs, destination IPs, or byte details of your connections;
- Any metadata identifying your browsing behavior or network fingerprint.
Note: Our no-log commitment only applies to traffic through VPNGap nodes. Third-party websites you visit may still record their own logs, cookies, and tracking IDs; protecting that layer is your and your browser's responsibility.
04Cookies and Local Storage
VPNGap only uses essential cookies and local storage—no advertising or cross-site tracking cookies:
- Session Cookie / Token: To keep you logged in; expires when you close the browser or log out;
- Language Preference: Remembers your interface language (e.g., English, Chinese, Japanese) locally on your device;
- Local App Config: Preferences like 'Last connected node' or 'UI theme' stay on your device and are not uploaded.
05Data Storage and Security
5.1 Encryption and Transmission
- All website and API requests are forced over HTTPS;
- VPN tunnels use industry-standard encryption protocols to protect transmitted content;
- Passwords are not stored in plain text; they are stored using industry-standard secure hashing algorithms with salting.
5.2 Storage Duration
- Account Data (email, password hash, plan status): Retained for the duration of your account's validity;
- Aggregated Statistics (anonymous crash data, version distribution): Retained for a limited time for product improvement;
- VPN Traffic Layer Data: See Chapter 3—Not stored at all, so there is no 'retention period'.
5.3 Data Sharing
VPNGap does not sell or share your account information or usage data with advertisers, data brokers, or any third party without a legal basis. Information is only provided to third parties in the following two cases:
- Payment Providers: Only when you initiate a payment, minimal event signals like order numbers are passed to the independent payment party;
- Legal Requests: When we receive a compliant and valid legal request from the relevant jurisdiction, we provide limited information actually held by us that is relevant to the request—since we do not hold browsing history or traffic logs, the disclosable range for such content is extremely limited.
06Your Rights and Account Deletion
You have the following rights regarding your account data. Inquiry and Modification are available via self-service in 'Account Settings'. Export and Deletion are currently handled via email; self-service options are planned and will be added to 'Account Settings':
- Inquiry: View your current email, plan status, and usage in 'Account Settings';
- Modification: Update your password or change your linked email in 'Account Settings';
- Export: To get a copy of your account data, please submit a request via an internal ticket after logging in. We will provide a summary after verifying your identity. Self-service export will be added gradually;
- Deletion: To delete your account, please submit a request via an internal ticket after logging in. We will verify your identity and wipe your data per the process below. Self-service deletion will be added gradually.
6.1 Post-deletion Data Handling
- After account deletion, email, password hash, plan status, and usage data will be deleted from production databases or irreversibly anonymized within a reasonable timeframe;
- Due to system backups and legal obligations, minimal essential financial records and transaction logs may be retained for a period as required by law for tax, audit, and dispute resolution purposes only;
- Account deletion is irreversible; please proceed with caution.
07Policy Updates
This policy may be updated periodically due to legal changes or product iterations. Updates will be posted on this page (privacy.html) with a new 'Last Updated' date. For substantial changes (e.g., new data collection types or purposes), we will provide additional notice via app pop-ups, website announcements, or email.
Updated policies take effect from the date of publication. Continued use of VPNGap after an update constitutes acceptance of the new policy. If you disagree, please stop using the service and delete your account per the process in Chapter 6.
If you have questions about this policy, please contact us via an internal ticket after logging in.