Privacy

Privacy Policy

Last updated: May 23, 2026

1. Introduction

ShadowProof ("we," "our," or "us") operates the ShadowProof mobile application and website (shadowproof.app). This Privacy Policy explains how we collect, use, store, and protect your information when you use our VPN service. We are committed to transparency about our data practices. As a VPN provider, your privacy is our core product, not an afterthought.

2. Information We Collect

Account Information: When you create an account, we collect your email address, name, and password (stored securely using one-way cryptographic hashing). If you sign in with Google or Apple, we receive your name and email from the provider. We do not receive your password. Payment Information: Payment processing is handled by Stripe (web) and Apple (in-app purchases). We never store your credit card number, CVV, or full payment details. We retain Stripe customer IDs and Apple transaction IDs for billing records and refund processing. Connection Metadata: We record connection timestamps (when you connect and disconnect) and aggregate session duration. This data is used for service quality, abuse prevention, and responding to valid legal requests. Device Information: We may collect your device type, operating system version, and app version for troubleshooting and compatibility purposes.

3. What We Do NOT Collect

We do not log, monitor, store, or have access to: • Browsing history: the websites or services you visit • DNS queries: the domain names your device resolves • Traffic content: the data transmitted through the VPN tunnel • Originating IP addresses: your real IP is not stored after a session ends • App usage: which apps you use while connected We cannot provide what we do not have. Even in response to legal requests, we cannot produce browsing history or traffic content because this data does not exist in our systems.

4. VPN Data Commitment

ShadowProof does not sell, rent, trade, or disclose VPN usage data to third parties for advertising, marketing, analytics, or profiling purposes. We collect only the minimum information necessary to operate, secure, bill, and support the Service: account information, subscription status, connection timestamps, and diagnostic events. Our revenue comes exclusively from subscriptions, not from monetizing your data.

5. How We Use Your Information

We use the information we collect to: • Provide and maintain the VPN service • Manage your account and subscription • Process payments and issue refunds • Communicate important service updates and security notices • Prevent abuse and enforce our Terms of Service • Respond to valid legal requests from law enforcement • Improve service reliability and performance We do not use your information for targeted advertising, user profiling, or data brokering.

6. Data Sharing

We do not sell your personal data. We share information only with the following service providers, strictly as necessary to deliver the Service: • Stripe: payment processing for web subscriptions • Apple: in-app purchase processing and subscription management • Google: OAuth authentication (sign-in only) • Infrastructure providers: servers and network infrastructure required to deliver the VPN service We may also disclose account information (email, payment records, connection timestamps) if required by law, valid subpoena, court order, or government request. We will notify affected users when legally permitted to do so.

7. Cookies & Local Storage

Our website uses essential cookies to maintain your login session and remember your preferences (such as theme selection). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. • Session cookie: authenticates your login session (expires after 7 days) • Theme preference: stores your light/dark mode choice (local storage) No cookie data is shared with third parties.

8. Data Security

We implement industry-standard security measures to protect your data: • Passwords are hashed using bcrypt with unique salts • All data in transit is encrypted via TLS/HTTPS • VPN tunnel traffic is encrypted end-to-end • Access to production systems is restricted and audited • Payment data is handled entirely by PCI-compliant processors (Stripe, Apple) While we take every reasonable precaution, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Data Retention

Account information: retained while your account is active. Deleted within 30 days of account deletion. • Connection metadata (timestamps, session duration): retained for up to 30 days, then automatically purged. • Payment records: retained as required by tax and financial regulations (typically 7 years for transaction records). • Browsing history, DNS queries, traffic content: never collected, never retained. You may request deletion of your account and all associated data at any time through the app settings, web dashboard, or by contacting [email protected].

10. Your Rights

Depending on your jurisdiction, you may have the right to: • Access: request a copy of the personal data we hold about you • Correction: request correction of inaccurate personal data • Deletion: request deletion of your account and personal data • Portability: request your data in a machine-readable format • Objection: object to certain processing of your data To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Children's Privacy

Our Service is not intended for children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal data, please contact [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account and by posting the updated policy on this page. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices: • Privacy inquiries: [email protected]General support: [email protected]Abuse reports: [email protected]