Privacy Policy
Last updated: 08 Dec 2025
Policy overview
We do not store activity logs of any kind. We believe in minimal data retention: we want you to remain anonymous.
However, to operate the service (manage subscriptions, limit simultaneous connections), we must process some data. This policy explains exactly what we store, why, and when it is deleted, using a “Technical Evidence” approach.
1. Our anonymous, code-based accounts
We do not ask for any personal information – no username, no password, no email address. Instead, a random 16-digit code (user_code) is generated.
Important for Support:
- Never share your 16-digit Account Code (
user_code) publicly or even with our support team unless explicitly asked in a secure channel. - For all support inquiries, use the Support Code generated in the app (Menu -> Support Code). This is a temporary, 8-character code (e.g.
ABCD-1234) valid only for one day, which allows us to find your account without exposing your master credentials.
| Data Type | Example | Retention |
|---|---|---|
| Account Code | 1234567812345678 | Deleted 1 year after last login (unless paid time remains). |
| Support Code | ABCD-1234 | Ephemeral. Valid for 24 hours. Used only for safe account lookup. |
| Telegram ID | 123456789 | Linked only if you use the Telegram Bot. Deleted immediately upon Sign Out from the bot. |
2. Device Data (What we store and why)
To enforce the 5-device limit and help with troubleshooting, we store the following metadata when you authorize a device:
| Field | Example | Purpose |
|---|---|---|
| Device ID | Unique ID | To distinguish between your devices. |
| Platform | Android, Windows | To deliver correct configurations and updates. |
| App Version | v1.2.0 | To identify outdated clients during support. |
| Device Name | Pixel 7 | (Optional) To help you identify your devices in the menu. |
Retention: This data is stored until you Sign Out that device or remove it via the “My Devices” menu.
3. What we don’t log
We log nothing that can be connected to an account’s activity:
- No logging of traffic contents or destinations.
- No logging of DNS requests.
- No logging of original IP addresses.
- No logging of connection history (start/stop times).
Technical Evidence
To prove this, here are the actual configuration snippets from our production servers:
Nginx (Web & Proxy):
# No access logs (no-logs policy)
access_log off;
error_log /dev/null crit;
OpenVPN:
verb 0
status /dev/null
ifconfig-pool-persist /dev/null
Xray (VLESS / Shadowsocks):
"log": {
"loglevel": "warning",
"access": "/dev/null",
"error": "/dev/null",
"maskAddress": "full"
}
4. Active Session State (How we limit connections)
Question: How do you limit the maximum number of simultaneous connections (5 devices) if you don’t log activity?
Answer: We maintain a real-time state of currently active sessions in our central database. This is not a history log; it is a list of “who is connected right now”.
| Data Type | Description | Retention |
|---|---|---|
| Active Session | Links device_id to a specific VPN server. | Ephemeral. Created when you connect. Deleted from the database when you disconnect or the session times out. |
Important: If a server is seized, this “active state” might theoretically show which devices are connected at that exact moment, but it contains no history of past connections or traffic data.
5. Server Metrics
We monitor the health of our servers to ensure speed and stability. We collect aggregated system metrics only.
| Metric | Details |
|---|---|
| System Load | CPU, RAM usage per server. |
| Bandwidth | Total bytes sent/received by the server network interface. Not attributed to individual users. |
6. Payments
We support two payment methods. Data handling differs by provider:
A. Telegram Stars (In-App)
Payments are processed by Telegram. We receive only confirmation metadata.
| Data we store | Retention |
|---|---|
| Transaction ID, Amount, Date | Up to 3 years (accounting/tax laws). |
| Note: We do not see your card details. Telegram handles the financial transaction. |
B. Cryptocurrency (NowPayments)
We use NowPayments as a processor.
| Data we store | Retention |
|---|---|
| Transaction Hash, Amount, Currency, Status | Up to 3 years (accounting/tax laws). |
| Note: Blockchain transactions are public. NowPayments may collect data according to their policy. |
7. Support
If you contact support (Email or Telegram Bot):
- Email: We keep correspondence to resolve your issue. Deleted after 1 year or upon request.
- Telegram Support Bot: Messages are stored in the chat history. You can delete the chat at any time.
Contact
- Privacy/Legal: legal@glitch.zone
- Support: support@glitch.zone
- Support bot: @glitch_vpn_support_bot