Security

Last Updated: June 1, 2023

We take the security of your data very seriously. This document outlines the measures we take to protect your information and ensure the security of our service.

Data Encryption

All data transmitted between your device and our servers is encrypted using industry-standard protocols:

  • We use AES-256 encryption for all data at rest
  • All connections use TLS 1.3 for data in transit
  • VPN tunnels are secured with OpenVPN, IKEv2, or WireGuard protocols
  • Perfect Forward Secrecy (PFS) is implemented to ensure that session keys cannot be compromised

Server Security

Our server infrastructure is designed with security as a priority:

  • All servers operate on hardened operating systems with minimal attack surface
  • Regular security updates and patches are applied automatically
  • Intrusion detection and prevention systems monitor for suspicious activity
  • Physical access to servers is strictly controlled and monitored

No-Logs Policy

We maintain a strict no-logs policy:

  • We do not log your browsing activity, data content, or DNS queries
  • We do not store connection timestamps, IP addresses, or bandwidth usage that could be linked to individual users
  • Our systems are designed to minimize data collection and retention
  • We regularly purge any temporary operational data

Account Security

We implement multiple measures to protect your account:

  • Passwords are hashed using bcrypt with appropriate work factors
  • Brute force protection is in place to prevent password guessing attacks
  • Secure password reset mechanisms that prevent account takeover
  • Optional two-factor authentication (2FA) for additional security

Payment Security

Your payment information is handled securely:

  • We do not store your complete credit card information
  • All payment processing is handled by PCI-DSS compliant payment processors
  • Cryptocurrency payment options are available for enhanced privacy

Security Audits

We regularly verify our security measures:

  • Independent security audits are conducted annually
  • Penetration testing is performed by third-party security experts
  • Vulnerability scanning is conducted on a continuous basis
  • Results of security audits are used to further enhance our security posture

Security Recommendations

To maximize your security when using our service:

  • Use a strong, unique password for your account
  • Enable two-factor authentication if available
  • Keep your client application updated to the latest version
  • Enable the kill switch feature to prevent data leaks if the VPN connection drops
  • Use secure DNS options provided in our application

Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of our service, please feedback our security team immediately at security@example.com. We take all security reports seriously and will respond promptly.