Privacy Policy
This Privacy Policy explains what data is processed when you use the
Nafanya VPS application (the “App”). The App is a client that provides a
convenient interface for connecting to the user's own servers on iOS, Android,
macOS and Windows. By default, the App contains no information about which
server to connect to: to establish a connection, the user must import a
configuration themselves — via a https:// link (a list of
configurations, opened from the browser through a deeplink) or manually by
pasting a vless:// link. Without an explicitly imported server, no
connection is established. We follow the principle of collecting only the
minimum data necessary.
The data controller is sole proprietor Dmitriev Maksim Aleksandrovich (“we”). For any data-related questions, contact support@nafanya.llc.
In short
- The App is a client that provides an interface for connecting to servers that the user selects and imports.
- We do not log your traffic, visited websites or online activity.
- We do not sell or share your data with third parties and do not use it for advertising.
- Server configurations and settings are stored only on your device.
- The App contains no ads, no advertising identifiers and no cross-app tracking.
What data is processed
1. Data stored only on your device
The following data is stored locally in the device’s secure storage and is never sent to our servers:
- connection configurations you import (
vless://links and server lists obtained via ahttps://link); - the server you selected;
- your settings: kill switch, custom DNS, routing settings (iOS), split tunneling and the list of selected apps, local-network sharing (Android).
You can delete this data at any time within the App or by uninstalling the App.
2. Data required to operate the connection
- Device IP address. When a connection is established, your IP address is technically visible to the server you connect to (a server that you select and import). This is required to route traffic. We do not keep connection logs and do not link your IP address to your identity.
- Configuration import. When you import a configuration, the App processes a
vless://link (a single configuration) or downloads, via ahttps://link, a server list provided by a third-party resource, along with its validity period. Choosing and trusting such a resource is at the user's discretion.
3. Crash diagnostics (anonymized)
In case of an error or failure in the App, anonymized technical data about the failure is sent via Google Firebase Crashlytics. It helps us find and fix problems and includes: device model, operating system version, App version, time and circumstances of the failure, the call stack, and a technical installation identifier generated by Crashlytics. This data does not identify you personally and contains no content of your traffic. Diagnostics are not sent in debug builds.
4. Update checks
To notify you about available updates, the App uses Google Firebase Remote Config and compares the current version with the latest one. No personal data is collected for this.
What we do not do
- We do not log the content of your traffic, DNS queries, visited sites or apps.
- We do not sell, rent or share personal data with third parties.
- We do not use the connection to display ads or alter content in other apps.
- We do not track you across other apps and websites; no advertising identifiers are used.
- We do not request access to contacts, photos, camera, microphone, location or Bluetooth.
Third-party services
The App uses Google services (Firebase Crashlytics and Firebase Remote Config). Their processing of data is governed by the Google Privacy Policy. The connection technology is built on the open-source Xray Core; the list of open-source components is available on the Licenses page.
Encryption
The connection is encrypted using standard modern cryptographic protocols (based on the Xray Core engine with TLS and AES-family encryption). Communication with import links uses the secure HTTPS/TLS protocol.
Retention periods
- Configurations and settings are stored locally until you delete them in the App or uninstall the App.
- Anonymized crash data is stored in Firebase Crashlytics for the period set by Google (typically up to 90 days).
- We do not create or keep user-linked connection logs.
Your rights
Depending on your jurisdiction (including the GDPR for EU users and the CCPA for California users), you may have the right to access, correct, delete and restrict the processing of your data, as well as the right to object to processing. To exercise these rights, contact support@nafanya.llc.
Data deletion
To delete local data it is enough to remove the imported configuration inside the App or uninstall the App.
Children
The App is not intended for individuals below the age at which, under the laws of their country, they can independently consent to data processing. We do not knowingly collect data from children.
Changes to this Policy
We may update this Policy from time to time. The current version is always available on this page; the last updated date is shown above.