TunelyVPN (“we”, “us”, “our”) provides a virtual private network (VPN) application and related services. We are committed to protecting your privacy. This policy explains what we do—and what we do not do—with your data.
●No activity logs: we do not log your browsing content, DNS queries, traffic destination, or data payloads.
1) Data We Do Not Collect
- No logs of websites or apps you use
- No logs of originating IP after a session starts
- No logs of DNS queries or traffic contents
- No deep packet inspection of user traffic
2) Data We May Process (Minimal)
Account & Payments
- Google Play purchase tokens and subscription status (for premium features). We do not store full payment card data.
- Basic account identifiers (e.g., in-app user ID, optional email if you contact support).
Operational & Security
- Ephemeral connection metadata strictly to operate the VPN: a random session ID, server ID, and protocol handshake status.
- Aggregate usage counters needed for fair-use/free quota (e.g., “MB used today” tied to your app account). We do not retain full traffic histories.
- Crash and performance diagnostics (non-content), to improve stability.
3) VPN Session Behavior
- When you tap Connect, the app establishes an encrypted tunnel and starts a foreground service to keep the session stable.
- While connected, our systems may see the active server location and anonymous session counters required to keep your plan limits accurate.
- When you tap Disconnect, the tunnel and foreground service stop; transient session data is discarded within short operational windows.
4) Legal Bases & Purposes
- Provide the service: create/maintain the VPN session, enforce fair-use, and deliver support.
- Improve & secure: fix crashes, mitigate abuse, and protect our network.
- Comply with law: respond to valid legal requests with the minimal information we have (we cannot provide content we never store).
5) Data Sharing
We do not sell personal data. We may share limited information with:
- Payment processors (Google Play) for purchases and subscriptions
- Cloud infrastructure providers strictly to run servers
- Crash/performance tools to debug non-content issues
All vendors are bound by confidentiality and data-processing terms.
6) Data Retention
- Operational session metadata: kept only as long as needed to operate the connection and quotas, then deleted or anonymized.
- Purchase records: retained as required for tax/audit obligations.
- Support tickets: retained until resolved and for a reasonable period for audit/abuse prevention, then deleted.
7) Security
- Encryption in transit and at rest where applicable
- Strict access controls and monitoring
- Segregation of duties and least-privilege principles
8) Your Rights
Depending on your region (e.g., EEA/UK under GDPR, California under CCPA), you may have the right to access, correct, delete, or port your personal data, and to object or restrict certain processing.
Submit requests: support@giftcode.work
9) Children’s Privacy
Our services are not directed to children under 13 (or the age defined by your local law). We do not knowingly collect data from children.
10) International Transfers
We may process data on servers located in various regions. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).
11) Changes to This Policy
We may update this policy. We will post the updated version here and adjust the “Last updated” date.