SecureFox logo[SECUREFOX]
//01Legal

Privacy Policy

Effective 2026-05-12. Read in plain English first; the legal language is here for completeness.

1. Summary

SecureFox is a VPN. The whole point of a VPN is to limit what third parties — including us — can see about your browsing. Concretely:

  • We do not log which sites you visit.
  • We do not log DNS queries.
  • We do not store session-attributable connection records (who connected to which exit, when, for how long).
  • We do collect aggregate node metrics (CPU, bandwidth, connection counts) for capacity planning. These metrics are not attributable to any individual user.
  • We do store the data your account requires to function: email, hashed password, subscription state, device count, and originating country of sign-up (for regional pricing).

2. Account data we keep

To deliver the service we retain the following for as long as you have an active account:

  • Email address. Used for sign-in, password reset, transactional notifications.
  • Hashed password. Argon2id; we never see the plaintext.
  • Subscription state. Plan, renewal date, store of record (App Store / Google Play / web).
  • Active device count. Enforced against your plan's limit. We record device fingerprints, not device identifiers that can be cross-referenced externally.
  • Approximate sign-up country. Derived once from IP at registration; used for regional pricing and tax compliance.

3. What we don't keep

The agents that run on each exit node do not write per-session access logs to durable storage. The proxy software (Xray-core with VLESS + XTLS-Vision) emits no traffic logs by design when configured as we ship it.

4. Third parties

Payment processing is performed by Apple App Store, Google Play, Stripe (for web/crypto), or Coingate (for crypto). These providers receive only the information they need to execute the transaction.

Error reporting (Sentry) is disabled by default and only activated for opt-in beta channels. When enabled, stack traces are scrubbed of email, tokens, and IP before transmission.

5. Lawful access requests

We have nothing to give about your VPN session because we don't keep it. We will respond to validly-served account requests (subpoenas, court orders) by providing only the data described in section 2. We publish a warrant canary on the roadmap for 2026.

6. Cookies on this site

The marketing website at securefox.xyz sets no analytics cookies and no third-party tracking pixels. Strictly necessary cookies (e.g. CSRF tokens during sign-in) are session-scoped only.

7. Children

SecureFox is not directed at children under 13 and we do not knowingly collect information from them.

8. Changes

Material changes to this policy are announced via the in-app notifications inbox and the email registered to your account at least 30 days before they take effect.

9. Contact

Email hello@securefox.xyz for privacy or data subject requests. We respond to verified requests within statutory windows for the jurisdiction asserted.