1. Who we are

The data controller responsible for personal data described in this Policy is Veloxify, with its principal business address at Ja 61, Mohakhali, Banani, Dhaka 1212, Bangladesh (the “Address”). For SafeVia-specific privacy and support requests, contact safevia.help@veloxify.net (the App and Site use this address). General developer account inquiries listed on Google Play may also reach us at info@veloxify.net. You may use the Contact page on the Site.

2. Scope

This Policy applies to personal data we process when you:

• Download, install, or use the App;
• Visit or interact with the Site;
• Communicate with us (for example, support email or forms), where those communications identify you.

Third-party platforms and services operate under their own terms and policies, including Google Play, Google Play Billing, and advertising or measurement partners described below. Where those services process personal data as independent controllers, their policies govern their use of your information.

3. What the SafeVia VPN service does

The App establishes an encrypted VPN tunnel between your device and our VPN servers using WireGuard. Your internet traffic routed through the tunnel is encrypted between your device and our servers. The App also communicates with our backend over TLS (HTTPS) to retrieve server configuration, validate subscription entitlements, and support operational features described in this Policy.

4. VPN data practices: no traffic-content logging

We design SafeVia so that we:

• Do not monitor, log, or store the contents of your browsing, messaging, or application traffic that passes through the VPN tunnel for marketing, profiling, or sale;
• Do not sell your browsing history or the content of your communications;
• Do not use the VPN connection to inject advertisements into your encrypted traffic stream.

Like all VPN services, network equipment must process transient technical information to establish and forward packets. We do not use such handling to build a record of the websites you visit or the content of your communications. Advertising in the App (where shown to non‑premium users) is delivered through the mobile advertising SDKs listed in Section 7, not by inspecting your VPN tunnel contents.

5. Information we collect and process

Depending on how you use the Services, we (and service providers acting on our behalf) may process the categories below. Where data is “personal data,” we process it as described in Sections 6–12.

5.1 Identifiers and device information

• Android device identifier: The App uses a device-level identifier to associate your device with subscription checks and operational telemetry, consistent with Android APIs in use (for example, the identifier available via Settings.Secure.ANDROID_ID for your device profile). This identifier may be sent to our servers for purchase validation, subscription status, device registration, and connection-event reporting described in Section 5.3.
• App and OS metadata: Such as app version, device model, and OS version, as needed for compatibility, diagnostics, and abuse prevention.
• Advertising identifiers (where available and not reset): Advertising partners may use Google Advertising ID or similar device identifiers within their SDKs to deliver and measure ads, subject to your device settings and partner terms.

5.2 Data stored on your device

• Preferences and settings: Stored locally (for example, via Android DataStore) for features such as auto-connect, kill switch, DNS selection, split tunneling choices, and similar options.
• Server list cache and session summaries: Cached server information and local session or usage summaries (for example, connection duration or usage statistics shown in the App) may be stored locally using on-device databases where implemented.
• Split tunneling: If you use app-based split tunneling, the App reads application metadata on your device so you can choose which apps use or bypass the VPN. That selection is processed on your device to provide the feature.

5.3 Service operations on our servers (non-content)

To operate the Services, deter abuse, and support administration tools, our backend may receive and retain limited operational events that are not the content of your communications, such as:

• Device registration or heartbeat events associated with your device identifier;
• VPN connect/disconnect events, including timestamps, the selected server identifier, and aggregate bandwidth where reported by the App;
• Technical request metadata for our APIs and web endpoints (such as source IP address, timestamps, TLS information, and request paths) as part of normal server and security operations.

These events are used to run the VPN service, maintain reliability, provide customer support where applicable, and protect users and infrastructure. They are not used to log the content of your internet activity inside the VPN tunnel.

5.4 VPN tunnel (summary)

Your IP traffic is encrypted between your device and our VPN servers using WireGuard. We do not use the VPN path to perform advertising injection or deep packet inspection of your traffic for marketing purposes.

5.5 Purchases and entitlements (Google Play Billing)

SafeVia does not require a separate SafeVia user account. Premium access is purchased through Google Play Billing on your device. Google processes payment information. We receive purchase-related signals and tokens as needed to validate entitlements and unlock premium features through our backend APIs. We do not receive your full payment card number from Google.

5.6 Advertising and measurement (AdMob, Unity Ads, Meta Audience Network)

Where ads are enabled (typically for non‑premium users), the App may use Google Mobile Ads (AdMob), Unity Ads, and Meta Audience Network (sometimes referred to as Facebook Audience Network), configured with identifiers and policies applicable to your build. These partners may collect or receive identifiers, device information, and ad interaction data to serve and measure ads. Their processing is governed by their respective privacy policies and choices they offer (for example, ad personalization controls on your device where available).

5.7 Website visits

If you browse the Site, hosting and security systems may process technical logs (such as IP address, user agent, timestamps, and pages requested). If we deploy optional analytics or marketing technologies on the Site in the future, we will update this Policy and obtain consent where required.

5.8 Support requests

If you contact us, we process the information you provide (such as your email address, subject line, and message content) to respond to your request and maintain support records.

6. Legal bases (EEA, UK, Switzerland, and similar)

Where GDPR or similar laws apply, we rely on one or more of the following:

• Contract — to provide the Services, respond to your requests, and process subscriptions you initiate through Google Play;
• Legitimate interests — to secure our networks, prevent fraud and abuse, administer the Services, and improve reliability, balanced against your rights;
• Consent — where required for optional processing (for example, certain non‑essential cookies or marketing on the Site, if used);
• Legal obligation — where we must comply with applicable law.

7. How we use information

We use personal data to:

• Provide, operate, secure, and improve the VPN service and App features;
• Validate and maintain subscription entitlements through Google Play and our backend systems;
• Deliver and measure advertising where ads are enabled;
• Monitor and protect the integrity of our systems (including abuse detection, rate limiting, and troubleshooting);
• Comply with legal obligations and respond to lawful requests;
• Communicate with you about support, security, or important service notices.

8. How we store and protect information

• Encryption in transit: App-to-backend configuration and API calls use TLS where implemented; the VPN tunnel uses WireGuard’s cryptography between your device and VPN nodes.
• Encryption at rest: We implement safeguards appropriate to the systems we control; specifics depend on hosting and database configuration.
• On-device storage: Local preferences and databases remain on your device until you clear app data or uninstall the App.
• Organizational and technical measures: Access controls, monitoring, and vendor diligence, proportionate to risk. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Third-party services, subprocessors, and backend infrastructure

We may use or share personal data with categories of recipients including:

• Google: Google Play app distribution, licensing, Google Play Billing, and Google Mobile Ads (AdMob) where enabled;
• Advertising partners: Unity Ads and Meta (Audience Network), as configured in the App;
• Backend and database providers: Our REST API and related data stores may be implemented using infrastructure providers. In particular, our stack may use Supabase (or equivalent hosted database and edge services) and other cloud providers to store operational records (such as entitlement validation metadata and operational event logs described in this Policy), subject to our agreements and security controls.
• Hosting, networking, and security vendors: For servers, DNS, VPN nodes, content delivery, logging, and security monitoring;
• Professional service providers: Advisors or processors where needed for legal, accounting, or technical functions;
• Authorities: When we believe disclosure is required by law, regulation, legal process, or to protect the rights, safety, and security of users, us, or others.

A list of key vendors may be updated periodically. When we onboard material new subprocessors for personal data, we will reflect that in this Policy or related notices as appropriate.

10. Android permissions

The App is designed to request or use the following permissions, consistent with its features:

• INTERNET — Connect to VPN servers, retrieve configuration and subscription status, and communicate with backend endpoints.
• ACCESS_NETWORK_STATE — Detect connectivity changes to manage the VPN connection responsibly.
• VPN service (android.net.VpnService / BIND_VPN_SERVICE) — Establish and manage the encrypted VPN tunnel; this is essential to the product.
• FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE — Maintain a foreground service with a persistent notification while the VPN is active, as required on supported Android versions.
• POST_NOTIFICATIONS — Show notifications about VPN status on Android 13 and newer where applicable.
• RECEIVE_BOOT_COMPLETED — Support optional behaviors such as notifying or restoring connection settings after reboot, if enabled.
• WAKE_LOCK — Maintain reliable operation during active VPN sessions where required.
• QUERY_ALL_PACKAGES — Enables split tunneling flows that list installed applications so you can choose which apps use or bypass the VPN; processing is for that feature on your device.

11. Data retention

• Operational server logs: Retained for a limited period as needed for security, troubleshooting, capacity planning, and legal compliance, then deleted or aggregated in accordance with our retention schedules.
• Entitlement and billing-related records: Retained as necessary to demonstrate purchases, manage disputes, and meet tax and commerce obligations.
• Support emails: Retained long enough to resolve inquiries and maintain service quality unless a longer retention is required by law.
• On-device data: Remains until you clear app storage or uninstall the App.
• Advertising data: Governed by advertising partners’ policies and typical SDK lifecycles; you may reset or limit identifiers through device settings where available.

12. International transfers

We may process and store information in countries other than where you live. If we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as adequate, we implement appropriate safeguards (such as Standard Contractual Clauses) as permitted by law, unless another valid transfer mechanism applies.

13. Your rights and choices

Depending on your location, you may have the right to request access, correction, deletion, restriction, or portability of your personal data, and to object to certain processing. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a supervisory authority.

To exercise privacy rights, contact safevia.help@veloxify.net. We may need to verify your request consistent with applicable law. Some Google-held information (such as purchase history) must be accessed through Google’s account tools.

You may uninstall the App to remove locally stored information on your device. Deleting information from our server systems may be limited where we must retain certain records to meet legal obligations or establish, exercise, or defend legal claims.

You can limit ad personalization through your device and Google account settings where available (for example, resetting advertising identifiers or opting out of personalization features offered by platform or ad partners).

14. United States — California residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including rights to know, delete, and opt out of certain processing. We do not “sell” personal information as defined by the CCPA in the traditional sense of exchanging data for money; advertising partners may use identifiers for interest-based advertising as described above. You may exercise applicable rights by contacting safevia.help@veloxify.net.

15. Children’s privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us at safevia.help@veloxify.net and we will take appropriate steps.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date will reflect the effective revision. We will post the updated Policy on the Site and, where appropriate, provide additional notice (for example, an in‑App notice or prominent disclosure for material changes). Continued use of the Services after the effective date constitutes your acknowledgment of the updated Policy where permitted by law.

17. Contact

SafeVia (app & website): safevia.help@veloxify.net
Veloxify (developer / company): info@veloxify.net · veloxify.net
Postal mail: Veloxify, Ja 61, Mohakhali, Banani, Dhaka 1212, Bangladesh

1. Eligibility

You must have the legal capacity to enter a binding agreement in your jurisdiction and meet the minimum age required by Google Play and applicable law (typically at least 18). The App does not require a separate SafeVia login. Purchases and subscription verification are tied to your Google Play account on your device and the device identifiers described in our Privacy Policy.

2. Description of the service

SafeVia provides VPN software that encrypts network traffic between your Android device and our VPN servers using the WireGuard protocol, routing eligible traffic through our network according to your settings (including features such as split tunneling and DNS options where available). The Services may also include administrative features, server selection, and free or ad-supported experiences as offered in the App build distributed on Google Play.

The VPN is not a complete security solution. You remain solely responsible for your device security, credentials, and compliance with laws that apply to you. Network conditions, third‑party networks you connect to, and device configuration may affect performance and availability.

3. License to you

Subject to these Terms, we grant you a personal, limited, non‑exclusive, non‑transferable, revocable license to install and use the App on Android devices that you own or control via Google Play, solely for your lawful personal or internal business use (whichever applies in your context), in accordance with Google’s applicable terms and applicable law. Except as permitted by mandatory law, you must not: copy, modify, translate, or create derivative works of the App; distribute, sublicense, rent, lease, or sell the App; reverse engineer, decompile, or attempt to extract source code except to the extent that applicable law expressly permits; or remove proprietary notices.

4. Google Play; no separate SafeVia account

The App is distributed through Google Play. Your use of Google Play is subject to Google’s terms and privacy policy. We are not responsible for Google’s platforms or policies.

5. Subscriptions and billing

Paid features, if offered, are purchased through Google Play Billing. Google processes payments; we do not receive your full payment card number. Subscription status and entitlements may be verified through our backend using purchase-related tokens and device identifiers as described in our Privacy Policy.

• Pricing and renewals — Prices, free trials (if any), billing cycles, and renewal terms are presented at purchase through Google Play and may change with notice as permitted by Google and applicable law.
• Cancellation — You may cancel subscriptions through your Google Play subscription settings. Cancellation typically takes effect at the end of the current billing period unless Google states otherwise.
• Refunds — Refund eligibility is governed by Google Play policies and applicable law. Unless we expressly provide a separate refund channel, purchase-related refund requests should be directed to Google Play support.
• Device and account relationship — Entitlements may be validated per device and Google account as implemented in the App. Features may differ by region, server availability, or plan.

6. Service availability, changes, and limitations

We strive to maintain reliable service, but we do not guarantee uninterrupted or error‑free operation. The Services may be unavailable during maintenance, upgrades, force majeure events, internet outages, or third‑party failures. We may add, change, suspend, or discontinue features (including servers or locations) where reasonably necessary, with notice where practicable and as required by applicable law.

Bandwidth, latency, or reasonable usage constraints may apply to protect network integrity and fair use. We may apply technical measures to mitigate abuse.

7. Acceptable use

You agree to use the Services only in compliance with these Terms and all applicable laws, regulations, and third‑party rights. Without limiting the foregoing, you must not:

• Use the Services for any unlawful purpose, including fraud, harassment, stalking, or distribution of malware, ransomware, or harmful code;
• Use the VPN to harm, disrupt, or gain unauthorized access to networks, systems, data, or services, including scanning or probing without authorization, denial‑of‑service attacks, or circumventing authentication;
• Infringe intellectual property, privacy, or publicity rights of others, including unlawful sharing or downloading of copyrighted works where prohibited;
• Send unsolicited bulk communications (“spam”) or use the Services to manipulate ad measurement or platform policies in violation of applicable rules;
• Resell, share, or commercially exploit the Services without our prior written consent;
• Attempt to defeat, bypass, or tamper with technical limitations, security controls, or licensing mechanisms;
• Use the Services in any manner that violates Google Play policies, export or sanctions laws, or our policies communicated to you from time to time.

Nothing in these Terms authorizes you to use the Services to evade lawful investigation or to conceal illegal activity. We may investigate suspected violations and cooperate with law enforcement and rights holders where required or permitted by law.

8. Advertising

Free or ad‑supported versions of the App may display advertisements through partners such as Google AdMob, Unity Ads, and Meta Audience Network. Advertising partners may collect data as described in our Privacy Policy. Premium subscribers where offered may experience an ad‑free experience as implemented in the App. Ad formats and availability may change.

9. Third‑party services

The Services may integrate or link to third‑party services (including Google, advertising networks, payment processors, and cloud infrastructure). Those services are governed by their own terms and privacy policies. We are not responsible for third‑party services or content.

10. Intellectual property

The App, Site, trademarks, logos, and related content are owned by us or our licensors and protected by intellectual property laws. Except for the limited license in Section 3, no rights are granted to you. If you provide feedback or suggestions, you grant us a perpetual, irrevocable, worldwide, royalty‑free license to use that feedback without obligation to you.

11. Privacy

Our Privacy Policy explains how we collect and process information. By using the Services, you acknowledge that you have read and understood the Privacy Policy to the extent it applies to you.

12. Disclaimer of warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, AND NON‑INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR‑FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR SERVERS ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. SOME JURISDICTIONS DO NOT ALLOW CERTAIN DISCLAIMERS; IN THOSE JURISDICTIONS, OUR WARRANTIES ARE LIMITED TO THE MAXIMUM EXTENT PERMITTED.

13. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL Veloxify, ITS AFFILIATES, LICENSORS, OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF FORESEEABLE OR IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OUR AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THE SERVICES OR THESE TERMS SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID US DIRECTLY FOR THE SERVICES IN THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM (EXCLUDING AMOUNTS PAID TO GOOGLE PLAY), OR (B) BDT 0. THIS LIMITATION DOES NOT APPLY WHERE PROHIBITED BY LAW, INCLUDING LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE, OR FOR FRAUD OR WILLFUL MISCONDUCT.

14. Indemnity

To the extent permitted by law, you will indemnify, defend, and hold harmless Veloxify and its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to your use of the Services, your violation of these Terms, or your violation of applicable law or third‑party rights, except to the extent caused by our willful misconduct.

15. Suspension and termination

We may suspend or limit your access to the Services if we reasonably believe you have violated these Terms, pose a security or legal risk, or if we are required to do so by law or at the direction of a competent authority. You may stop using the Services at any time by uninstalling the App. Provisions which by their nature should survive (including Sections 3, 10, 12–14, and 16–19) will survive termination.

16. Governing law and disputes

These Terms are governed by the laws of Bangladesh, without regard to conflict-of-law rules that would apply another jurisdiction’s substantive laws, except that mandatory consumer protection laws in your country of residence may provide you rights that cannot be waived.

Subject to non-waivable rights, exclusive jurisdiction and venue for disputes arising out of or relating to these Terms shall lie in the courts located in Dhaka, Bangladesh, except where mandatory laws require disputes to be heard in your place of residence or in another forum. Consumers in the EEA or UK may also have access to online dispute resolution tools or local procedures where applicable.

17. Export and sanctions

You represent that you are not located in a country subject to comprehensive embargoes or sanctions (to the extent prohibited by applicable law) and that you are not listed on any government list of prohibited or restricted parties. You must comply with applicable export control and sanctions laws.

18. Changes to these Terms

We may modify these Terms by posting an updated version on the Site and revising the “Last updated” date. For material changes, we will provide additional notice where required by applicable law (for example, an in‑App disclosure). Your continued use of the Services after the effective date constitutes acceptance of the updated Terms where permitted by law. If you do not agree, you must stop using the Services.

19. Miscellaneous

• Entire agreement — These Terms, together with the Privacy Policy, constitute the entire agreement between you and us regarding the Services and supersede prior oral or written understandings on the same subject.
• Severability — If any provision is held invalid or unenforceable, the remaining provisions remain in full force and effect.
• No waiver — Failure to enforce any provision is not a waiver of future enforcement.
• Assignment — You may not assign these Terms without our consent. We may assign or transfer these Terms in connection with a merger, acquisition, corporate reorganization, or sale of assets.
• Independent contractors — Nothing creates a partnership, agency, or joint venture between you and us.

20. Contact

SafeVia: safevia.help@veloxify.net — or the Contact page.
Veloxify (company / Play business contact): info@veloxify.net · veloxify.net
Postal mail: Veloxify, Ja 61, Mohakhali, Banani, Dhaka 1212, Bangladesh