Privacy Policy

1. Who we are

The data controller responsible for personal data described in this Policy is Veloxify, with its principal business address at Ja 61, Mohakhali, Banani, Dhaka 1212, Bangladesh (the “Address”). For SafeVia-specific privacy and support requests, contact safevia.help@veloxify.net (the App and Site use this address). General developer account inquiries listed on Google Play may also reach us at info@veloxify.net. You may use the Contact page on the Site.

2. Scope

This Policy applies to personal data we process when you:

• Download, install, or use the App;
• Visit or interact with the Site;
• Communicate with us (for example, support email or forms), where those communications identify you.

Third-party platforms and services operate under their own terms and policies, including Google Play, Google Play Billing, and advertising or measurement partners described below. Where those services process personal data as independent controllers, their policies govern their use of your information.

3. What the SafeVia VPN service does

The App establishes an encrypted VPN tunnel between your device and our VPN servers using WireGuard. Your internet traffic routed through the tunnel is encrypted between your device and our servers. The App also communicates with our backend over TLS (HTTPS) to retrieve server configuration, validate subscription entitlements, and support operational features described in this Policy.

4. VPN data practices: no traffic-content logging

We design SafeVia so that we:

• Do not monitor, log, or store the contents of your browsing, messaging, or application traffic that passes through the VPN tunnel for marketing, profiling, or sale;
• Do not sell your browsing history or the content of your communications;
• Do not use the VPN connection to inject advertisements into your encrypted traffic stream.

Like all VPN services, network equipment must process transient technical information to establish and forward packets. We do not use such handling to build a record of the websites you visit or the content of your communications. Advertising in the App (where shown to non‑premium users) is delivered through the mobile advertising SDKs listed in Section 7, not by inspecting your VPN tunnel contents.

5. Information we collect and process

Depending on how you use the Services, we (and service providers acting on our behalf) may process the categories below. Where data is “personal data,” we process it as described in Sections 6–12.

5.1 Identifiers and device information

• Android device identifier: The App uses a device-level identifier to associate your device with subscription checks and operational telemetry, consistent with Android APIs in use (for example, the identifier available via Settings.Secure.ANDROID_ID for your device profile). This identifier may be sent to our servers for purchase validation, subscription status, device registration, and connection-event reporting described in Section 5.3.
• App and OS metadata: Such as app version, device model, and OS version, as needed for compatibility, diagnostics, and abuse prevention.
• Advertising identifiers (where available and not reset): Advertising partners may use Google Advertising ID or similar device identifiers within their SDKs to deliver and measure ads, subject to your device settings and partner terms.

5.2 Data stored on your device

• Preferences and settings: Stored locally (for example, via Android DataStore) for features such as auto-connect, kill switch, DNS selection, split tunneling choices, and similar options.
• Server list cache and session summaries: Cached server information and local session or usage summaries (for example, connection duration or usage statistics shown in the App) may be stored locally using on-device databases where implemented.
• Split tunneling: If you use app-based split tunneling, the App reads application metadata on your device so you can choose which apps use or bypass the VPN. That selection is processed on your device to provide the feature.

5.3 Service operations on our servers (non-content)

To operate the Services, deter abuse, and support administration tools, our backend may receive and retain limited operational events that are not the content of your communications, such as:

• Device registration or heartbeat events associated with your device identifier;
• VPN connect/disconnect events, including timestamps, the selected server identifier, and aggregate bandwidth where reported by the App;
• Technical request metadata for our APIs and web endpoints (such as source IP address, timestamps, TLS information, and request paths) as part of normal server and security operations.

These events are used to run the VPN service, maintain reliability, provide customer support where applicable, and protect users and infrastructure. They are not used to log the content of your internet activity inside the VPN tunnel.

5.4 VPN tunnel (summary)

Your IP traffic is encrypted between your device and our VPN servers using WireGuard. We do not use the VPN path to perform advertising injection or deep packet inspection of your traffic for marketing purposes.

5.5 Purchases and entitlements (Google Play Billing)

SafeVia does not require a separate SafeVia user account. Premium access is purchased through Google Play Billing on your device. Google processes payment information. We receive purchase-related signals and tokens as needed to validate entitlements and unlock premium features through our backend APIs. We do not receive your full payment card number from Google.

5.6 Advertising and measurement (AdMob, Unity Ads, Meta Audience Network)

Where ads are enabled (typically for non‑premium users), the App may use Google Mobile Ads (AdMob), Unity Ads, and Meta Audience Network (sometimes referred to as Facebook Audience Network), configured with identifiers and policies applicable to your build. These partners may collect or receive identifiers, device information, and ad interaction data to serve and measure ads. Their processing is governed by their respective privacy policies and choices they offer (for example, ad personalization controls on your device where available).

5.7 Website visits

If you browse the Site, hosting and security systems may process technical logs (such as IP address, user agent, timestamps, and pages requested). If we deploy optional analytics or marketing technologies on the Site in the future, we will update this Policy and obtain consent where required.

5.8 Support requests

If you contact us, we process the information you provide (such as your email address, subject line, and message content) to respond to your request and maintain support records.

6. Legal bases (EEA, UK, Switzerland, and similar)

Where GDPR or similar laws apply, we rely on one or more of the following:

• Contract — to provide the Services, respond to your requests, and process subscriptions you initiate through Google Play;
• Legitimate interests — to secure our networks, prevent fraud and abuse, administer the Services, and improve reliability, balanced against your rights;
• Consent — where required for optional processing (for example, certain non‑essential cookies or marketing on the Site, if used);
• Legal obligation — where we must comply with applicable law.

7. How we use information

We use personal data to:

• Provide, operate, secure, and improve the VPN service and App features;
• Validate and maintain subscription entitlements through Google Play and our backend systems;
• Deliver and measure advertising where ads are enabled;
• Monitor and protect the integrity of our systems (including abuse detection, rate limiting, and troubleshooting);
• Comply with legal obligations and respond to lawful requests;
• Communicate with you about support, security, or important service notices.

8. How we store and protect information

• Encryption in transit: App-to-backend configuration and API calls use TLS where implemented; the VPN tunnel uses WireGuard’s cryptography between your device and VPN nodes.
• Encryption at rest: We implement safeguards appropriate to the systems we control; specifics depend on hosting and database configuration.
• On-device storage: Local preferences and databases remain on your device until you clear app data or uninstall the App.
• Organizational and technical measures: Access controls, monitoring, and vendor diligence, proportionate to risk. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Third-party services, subprocessors, and backend infrastructure

We may use or share personal data with categories of recipients including:

• Google: Google Play app distribution, licensing, Google Play Billing, and Google Mobile Ads (AdMob) where enabled;
• Advertising partners: Unity Ads and Meta (Audience Network), as configured in the App;
• Backend and database providers: Our REST API and related data stores may be implemented using infrastructure providers. In particular, our stack may use Supabase (or equivalent hosted database and edge services) and other cloud providers to store operational records (such as entitlement validation metadata and operational event logs described in this Policy), subject to our agreements and security controls.
• Hosting, networking, and security vendors: For servers, DNS, VPN nodes, content delivery, logging, and security monitoring;
• Professional service providers: Advisors or processors where needed for legal, accounting, or technical functions;
• Authorities: When we believe disclosure is required by law, regulation, legal process, or to protect the rights, safety, and security of users, us, or others.

A list of key vendors may be updated periodically. When we onboard material new subprocessors for personal data, we will reflect that in this Policy or related notices as appropriate.

10. Android permissions

The App is designed to request or use the following permissions, consistent with its features:

• INTERNET — Connect to VPN servers, retrieve configuration and subscription status, and communicate with backend endpoints.
• ACCESS_NETWORK_STATE — Detect connectivity changes to manage the VPN connection responsibly.
• VPN service (android.net.VpnService / BIND_VPN_SERVICE) — Establish and manage the encrypted VPN tunnel; this is essential to the product.
• FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE — Maintain a foreground service with a persistent notification while the VPN is active, as required on supported Android versions.
• POST_NOTIFICATIONS — Show notifications about VPN status on Android 13 and newer where applicable.
• RECEIVE_BOOT_COMPLETED — Support optional behaviors such as notifying or restoring connection settings after reboot, if enabled.
• WAKE_LOCK — Maintain reliable operation during active VPN sessions where required.
• QUERY_ALL_PACKAGES — Enables split tunneling flows that list installed applications so you can choose which apps use or bypass the VPN; processing is for that feature on your device.

11. Data retention

• Operational server logs: Retained for a limited period as needed for security, troubleshooting, capacity planning, and legal compliance, then deleted or aggregated in accordance with our retention schedules.
• Entitlement and billing-related records: Retained as necessary to demonstrate purchases, manage disputes, and meet tax and commerce obligations.
• Support emails: Retained long enough to resolve inquiries and maintain service quality unless a longer retention is required by law.
• On-device data: Remains until you clear app storage or uninstall the App.
• Advertising data: Governed by advertising partners’ policies and typical SDK lifecycles; you may reset or limit identifiers through device settings where available.

12. International transfers

We may process and store information in countries other than where you live. If we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as adequate, we implement appropriate safeguards (such as Standard Contractual Clauses) as permitted by law, unless another valid transfer mechanism applies.

13. Your rights and choices

Depending on your location, you may have the right to request access, correction, deletion, restriction, or portability of your personal data, and to object to certain processing. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a supervisory authority.

To exercise privacy rights, contact safevia.help@veloxify.net. We may need to verify your request consistent with applicable law. Some Google-held information (such as purchase history) must be accessed through Google’s account tools.

You may uninstall the App to remove locally stored information on your device. Deleting information from our server systems may be limited where we must retain certain records to meet legal obligations or establish, exercise, or defend legal claims.

You can limit ad personalization through your device and Google account settings where available (for example, resetting advertising identifiers or opting out of personalization features offered by platform or ad partners).

14. United States — California residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including rights to know, delete, and opt out of certain processing. We do not “sell” personal information as defined by the CCPA in the traditional sense of exchanging data for money; advertising partners may use identifiers for interest-based advertising as described above. You may exercise applicable rights by contacting safevia.help@veloxify.net.

15. Children’s privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us at safevia.help@veloxify.net and we will take appropriate steps.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date will reflect the effective revision. We will post the updated Policy on the Site and, where appropriate, provide additional notice (for example, an in‑App notice or prominent disclosure for material changes). Continued use of the Services after the effective date constitutes your acknowledgment of the updated Policy where permitted by law.

17. Contact

SafeVia (app & website): safevia.help@veloxify.net
Veloxify (developer / company): info@veloxify.net · veloxify.net
Postal mail: Veloxify, Ja 61, Mohakhali, Banani, Dhaka 1212, Bangladesh