Privacy Policy

Introduction

At SACVPN ("we," "us," or "our"), operated by Stephen's Code, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our virtual private network (VPN) service, website, and applications (collectively, the "Service").

Our Core Privacy Principle: We operate a strict no-logs policy. We do not track, log, or store your browsing activity, connection logs, IP addresses, or DNS queries.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

• Email Address: Required for account creation, authentication, and communication
• Password: Encrypted and stored securely using industry-standard hashing
• Display Name: Optional, for personalizing your account
• Payment Information: Processed securely through Stripe (we never store full credit card numbers)

Support Communications:

• Any information you provide when contacting customer support
• Email correspondence and support tickets

1.2 Information Collected Automatically

Service Usage Data (Non-Identifiable):

• Total Bandwidth: Aggregate data usage for capacity planning
• Server Load: Anonymous metrics to optimize server performance
• App Version: To ensure compatibility and provide updates
• Operating System: To provide platform-specific support

Website Analytics:

• Page views, click patterns, and navigation paths (via privacy-respecting analytics)
• Device type, browser type, and screen resolution
• Referring websites and search terms
• Geographic location (country-level only)

1.3 What We DO NOT Collect (No-Logs Policy)

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision

• Creating and managing your account
• Authenticating your identity and preventing unauthorized access
• Processing payments and managing subscriptions
• Providing customer support and responding to inquiries
• Delivering service updates and important notices

2.2 Service Improvement

• Analyzing aggregate usage patterns to optimize server capacity
• Monitoring service performance and reliability
• Developing new features and improving existing ones
• Conducting internal research and analytics

2.3 Legal and Security

• Detecting and preventing fraud, abuse, or security threats
• Complying with legal obligations and responding to lawful requests
• Enforcing our Terms of Service
• Protecting our rights, property, and safety

2.4 Marketing (Opt-In Only)

• Sending promotional emails about new features or offers (with your consent)
• You can unsubscribe from marketing emails at any time

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share information only in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Stripe: Payment processing (see Stripe's Privacy Policy)
• Supabase: Database and authentication services
• Email Service Provider: Transactional and support emails
• Server Hosting Providers: OVH and other infrastructure providers

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose information if required by law or in response to valid legal processes, such as:

• Court orders or subpoenas
• Government or regulatory investigations
• Protection of national security

Note: Due to our no-logs policy, we have minimal data to provide even if legally compelled. We cannot provide browsing history, connection logs, or IP addresses because we do not collect this information.

3.3 Business Transfers

If SACVPN is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your information:

4.1 Technical Safeguards

• Encryption: All data in transit is encrypted using TLS 1.3
• WireGuard Protocol: State-of-the-art VPN encryption (ChaCha20, Poly1305)
• Secure Storage: Passwords hashed using bcrypt with salt
• Database Security: Encrypted at rest, access-controlled
• Regular Security Audits: Vulnerability assessments and penetration testing

4.2 Organizational Safeguards

• Access to personal information limited to authorized personnel only
• Employee training on data protection and privacy practices
• Incident response procedures for data breaches

Note: No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:

• Active Accounts: Information retained while your account is active
• Canceled Accounts: Account data deleted within 30 days of cancellation
• Payment Records: Retained for 7 years to comply with tax and accounting regulations
• Support Communications: Retained for 2 years for quality assurance and dispute resolution
• VPN Connection Data: Not retained (no-logs policy)

You can request deletion of your account and associated data at any time by contacting us at info@stephenscode.dev.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights (All Users)

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications

6.2 GDPR Rights (European Economic Area)

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Object: Object to processing of your personal data
• Right to Restriction: Request restriction of processing
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Know what personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

7. Cookies and Tracking Technologies

7.1 What We Use

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for login, authentication, and security (cannot be disabled)
• Analytics Cookies: Anonymous usage statistics (can be opted out)
• Preference Cookies: Remember your settings and preferences

7.2 Third-Party Cookies

We use privacy-respecting analytics that do not track you across websites:

• No third-party advertising cookies
• No social media tracking pixels
• No cross-site tracking

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality of the Service.

8. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@stephenscode.dev, and we will delete such information.

Users between 13 and 18 years of age must have parental consent to use the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Encryption and security measures during transfer

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your own.

10. Do Not Track Signals

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we do not track your activity across other websites or use third-party analytics cookies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

• Email to your registered email address
• Prominent notice on our website
• In-app notification

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: