Privacy Policy

🛡️ Complete Privacy Policy for VPN - Browser - Safe & Private

Effective Date: 30 October 2025

This Privacy Policy describes how Gray Tech Official Limited ("we," "us," or "our") handles and uses information in connection with your use of the VPN - Browser - Safe & Private mobile application (the "App" or "Service").

________________________________________

1. The Core VPN Service and No-Logging Policy

We are committed to the principle of user privacy and transparency. The primary purpose of this App is to provide secure, encrypted internet access.

A. VpnService API Disclosure: The App utilizes the Android VpnService API to establish a secure, device-level VPN connection. This is the foundation of the App's core functionality—to encrypt your internet traffic and provide network security. The VPN tunnel is established only with your explicit consent via the device's system dialog.

B. WireGuard Protocol: The VPN connection is managed using the secure and modern WireGuard protocol to ensure high speed encryption and security.

C. No-Logging Policy (VPN Traffic): We operate under a strict No-Logging Policy. We do not collect, monitor, store, or log any information concerning your:

• VPN connection content or traffic destination.

• Browsing history.

• Timestamps of VPN connection and disconnection.

• DNS queries.

• IP addresses of your device after the connection is established.

Your private VPN activity remains private.

________________________________________

2. Information Collected (Non-VPN Activity)

We collect limited, non-personally identifiable information solely to support and maintain the App's reliability, performance, and monetization (via advertising). This information is collected and processed through integrated third-party services.

A. Google AdMob (Advertising): The App uses Google AdMob SDK to serve advertisements, which supports our free service. AdMob collects information required for serving, analyzing, and targeting advertisements, including:

• Device or other IDs: Such as the Android Advertising ID, for ad frequency capping, fraud detection, and basic targeting.

• Approximate Location: Derived from the IP address for geo-targeting and compliance purposes (e.g., EEA/UK).

• App interactions: Data about your interactions with the ads displayed.

B. Google Firebase (Analytics, Messaging, Crash Reporting): The App integrates Firebase services to ensure stability and functionality:

• Firebase Crashlytics: Collects Crash Logs and device Diagnostics to identify and fix stability issues. This data is not personal and is used solely for debugging.

• Firebase Analytics: Collects non-personal data about app usage (e.g., session duration, interaction frequency) to improve the user experience.

• Firebase Cloud Messaging (FCM): Collects a unique User ID (FCM token) to deliver push notifications and other developer communications.

C. Google Play Services: The App relies on core Google Play Services components, which collect standard device and usage information necessary for Android system-level functions, app distribution, and security verification.

D. List of Major Third-Party Data Processors (SDKs): To provide the services described above and to maintain our App's functionality, we utilize the following third-party libraries and SDKs:

• Google (AdMob, Firebase, Play Services): For advertising, analytics, crash reporting, and cloud messaging. Please refer to Google's Privacy Policy for more information on their data handling practices.

• WireGuard Tunneling Library: Used solely for establishing the secure, encrypted VPN connection on your device, adhering to our No-Logging Policy (Section 1).

• User Messaging Platform (UMP): Used to obtain and manage user consent for data processing and advertising, particularly in regions requiring GDPR/EEA compliance.

• UI/UX Libraries (SDP, SSP, Lottie): Used exclusively for user interface consistency, scaling, and animation rendering. These are client-side utilities and do not collect, share, or transmit user data.

• Networking Libraries (Retrofit & Gson): Used for general, non-VPN networking tasks (e.g., fetching server lists, remote configurations). These libraries do not inherently collect user data but facilitate communication with our backend.

________________________________________

3. Data Collection and Sharing Transparency Statement

In alignment with our commitment to user privacy and full compliance with the Google Play Data Safety requirements, this section details the categories of personal and sensitive data collected and processed, and how that data is shared with third parties.

A. Identifiers and Network Data (Device or other IDs)

• Data Collected: Advertising ID, Firebase Installation IDs, and Network Data.

• Purpose & Sharing: The Advertising ID and Firebase IDs are Collected and SHARED with Google/AdMob/Firebase for advertising, analytics, security, and fraud prevention purposes.

• User Control: By submitting a support request, you consent to this collection. You maintain the right to withdraw your consent for the retention of this data by formally requesting the deletion of your support communications record.

B. Location Information (Approximate Location)

• Data Collected: Approximate Location (derived from coarse network information).

• Purpose & Sharing: This data is Collected and SHARED with Google Mobile Ads and Firebase for Advertising, Fraud Prevention, Security, Compliance, and Analytics. This is necessary to verify ad traffic validity, ensure the correct regulatory consent forms are displayed, and enable geo-targeting (when consented).

• User Control: Collection of this data for advertising purposes is optional, subject to user consent via our Consent Management Platform (UMP).

C. Usage and Interaction Data (App Activity)

• Data Collected: App Interactions (e.g., button taps, server selection, session length). We do not collect or log any user browsing or search history.

• Purpose & Sharing: This anonymous usage data is Collected and SHARED with Google Firebase servers for Analytics, App Functionality (to measure feature adoption), and Developer Communications.

• User Control: By submitting a support request, you consent to this collection. You maintain the right to withdraw your consent for the retention of this data by formally requesting the deletion of your support communications record.

D. Health and Performance App (Crash logs & Diagnostics)

• Data Collected: Crash Logs (stack traces) and Diagnostics (stability metrics, memory usage).

• Purpose & Sharing: This data is Collected and Shared with Google Firebase Crashlytics and Performance Monitoring. This collection is required for App Functionality, Security, and Compliance, allowing us to diagnose and resolve critical errors quickly.

• User Control: This collection is required for the basic security and stability of the application and cannot be disabled.

________________________________________

4. Communication and Support Data

When you choose to contact us directly through email, in-app support channels, or other voluntary communication methods, we receive information you explicitly provide to facilitate a response.

This data may include:

• Personal Identifiers: Your Name and Email Address.

• Content: The content of your message, as well as any attachments you voluntarily submit (such as screenshots or diagnostic files).

Purpose of Collection: We use this information solely to review your inquiry, respond to your requests, and improve the quality of our service.

User Control: By submitting a support request, you consent to this collection. You maintain the right to withdraw your consent for the retention of this data by formally requesting the deletion of your support communications record.

________________________________________

5. Children's Privacy

The App is intended for a general audience and is not directed to children under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information from our files immediately. If you are a parent or guardian and are aware that your child has provided us with personal information, please contact us so that we can take the necessary actions.

________________________________________

6. Data Storage and Retention

A. Storage: The limited data collected (device IDs, crash logs, analytics events) is stored on Google's secure servers, managed by Firebase and AdMob. We have no direct control over the storage of your VPN traffic, as we do not log it.

B. Retention:

• Data collected by Firebase Analytics (usage and device IDs) is subject to Google's retention policies and is typically automatically deleted after 90 days.

• Advertising data collected by AdMob is retained according to Google's standard data retention rules for advertising and fraud prevention.

________________________________________

7. User Data Rights and Data Deletion

You have the right to request access to, or deletion of the limited, non-VPN related data associated with your device. To exercise these rights, please contact us directly via email. We will process your request within 30 days.

________________________________________

8. European Data Protection Rights (EEA, UK, Switzerland)

If you are a resident of the European Economic Area (EEA), the UK, or Switzerland, you have specific rights regarding your personal data under the General Data Protection Regulation (GDPR) and UK GDPR.

A. Legal Basis for Processing: We process the limited data mentioned in Section 2 under the following legal bases:

• Legitimate Interests: Processing for essential functions such as maintaining app stability, preventing fraud (Crashlytics, AdMob fraud prevention), and improving user experience.

• Contractual Necessity: To provide the core functionality of the Service (the VPN connection).

• Consent: Where required (e.g., certain ad targeting activities managed by AdMob, where applicable).

B. Your Rights: You have the right to:

• Access: Request copies of your personal data.

• Rectification: Request correction of inaccurate or incomplete data.

• Erasure (Right to be Forgotten): Request deletion of your personal data.

• Restriction of Processing: Request that we limit the way we use your personal data.

• Objection to Processing: Object to our processing of your personal data.

• Data Portability: Request transfer of your data to you or a third party.

• Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country regarding our collection and use of your personal data.

________________________________________

9. US State Privacy Rights (e.g., California, Virginia, Colorado)

Residents of certain US states, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Utah (UCPA), and Connecticut (CTDPA), may have additional rights regarding their Personal Information (PI).

A. Your Rights:

• Right to Know: The right to request what PI we have collected, used, disclosed, or sold over the past 12 months.

• Right to Delete: The right to request the deletion of PI we have collected, subject to certain exceptions.

• Right to Opt-Out of Sale or Sharing: We do not sell or share your Personal Information as those terms are defined under CCPA/CPRA. The limited, non-VPN related data collected (device IDs, crash logs, analytics events) is used solely for the operational purposes described in Section 2.

B. Exercising Your Rights: To exercise any of these rights, please submit a request to the contact email listed below. We will verify and respond to your request within the timeframe required by the applicable state law.

________________________________________

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Gray Tech Official Limited
181 Farley Road 
SOUTH CROYDON - CR2 7NP
United Kingdom

Contact Email: apps.graytech.uk@gmail.com
Contact form for Data Requests (Sections 5, 6, 7): Click Here