PrivyPass

Privacy Policy

Last updated: May 4, 2026

1. Introduction

PrivyPass ("we", "our", or "us") operates the PrivyPass VPN application and website at privypass.org. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

We collect the following information when you create an account:

  • Username — chosen by you during registration
  • Email address — used for account recovery and password resets
  • Password — stored as a one-way cryptographic hash (bcrypt); we never store or have access to your plaintext password

3. What We Do NOT Collect

We are committed to a strict no-logging policy. We do not collect, store, or monitor:

  • Your browsing history or DNS queries
  • Your originating IP address
  • Timestamps of when you connect or disconnect
  • The amount of data you transfer
  • The content of your internet traffic

4. How We Use Your Information

The information we collect is used solely to:

  • Authenticate your access to the VPN service
  • Send password reset codes to your email when you request them
  • Maintain and improve the service

5. VPN Connection Data

When you connect to a VPN server, a temporary WireGuard peer configuration is created. This configuration is automatically removed when you disconnect or after a period of inactivity. No connection logs are retained.

6. Third-Party Services

We use the following third-party services:

  • Resend — for sending transactional emails (password reset codes). Resend processes your email address solely to deliver these messages.
  • DigitalOcean — for hosting our server infrastructure.

We do not sell, trade, or share your personal information with any other third parties.

7. Data Security

We implement industry-standard security measures including encrypted database connections, bcrypt password hashing, JWT-based authentication with short-lived tokens, and WireGuard's modern cryptographic protocols for VPN tunneling.

8. Data Retention

Your account information is retained for as long as your account is active. Password reset tokens expire after 15 minutes and are automatically invalidated after use. You may request account deletion by contacting us.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Withdraw consent at any time by deleting your account

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at privypass.org@gmail.com.