Privacy Policy

Last Updated: March 24, 2026

1. Scope

This Privacy Policy explains how KANASA VPN ("KANASA VPN," "we," "our," or "us") handles information when you use our website, Android application, and VPN service (together, the "Service"). It is written to describe our actual data practices as clearly as possible, including what we do not collect.

2. Our VPN Logging Position

We do not keep activity logs of what you do through the VPN tunnel. In particular, we do not intentionally collect or store:

• Browsing history or websites you visit through the VPN
• DNS queries generated through the VPN tunnel
• The content of your traffic, messages, or files
• Traffic destination details or deep packet inspection data

However, we do keep limited operational records that are necessary to run the service. These records may include device and installation identifiers, authentication tokens, connection timestamps, selected server group, current assigned tunnel IP, public key, session status, and total bytes uploaded/downloaded for plan enforcement, troubleshooting, fraud prevention, and support.

We do not sell VPN traffic data, use VPN traffic for advertising, or inspect tunnel content for marketing purposes.

3. How the VPN Service Handles Traffic

When you connect, your device establishes an encrypted WireGuard tunnel to one of our VPN servers. Traffic is encrypted between your device and that VPN server. After traffic exits the VPN server and goes to its destination on the public internet, it is subject to normal internet routing and the policies of the destination service.

To provide the VPN service, our systems must process traffic in transit. That routing function is different from storing activity logs. We route packets so the service works, but we do not intentionally inspect or store the content of your VPN traffic.

4. Information We Collect

4.1 Device and Account Access Information

• Device ID: the app uses a device-generated identifier as the primary account key.
• Authentication token: issued so the app can call protected API endpoints.
• Plan and entitlement information: such as your active plan code, feature availability, and subscription status.

4.2 Optional App Installation Metadata

If the app sends it, we may store the following optional device context:

• Client UID: a persistent identifier for a specific app installation
• Client type: such as Android, iOS, Windows, Enigma2, or other
• Client version: app version used for compatibility and support

4.3 VPN Session and Configuration Metadata

To establish and manage the VPN connection, we may process and store:

• Your device's WireGuard public key
• The server or server group you requested
• The VPN server selected for your session
• Your current assigned tunnel IP address
• Session start and end times, expiry time, cooldown state, and disconnect reason
• Per-session, daily, and monthly byte totals used for plan enforcement, usage reporting, and abuse prevention

4.4 Website, API, and Security Logs

Like most online services, our website, API, and hosting infrastructure may automatically process technical request data such as source IP address, request time, HTTP metadata, and user agent information. We use this information for service delivery, rate limiting, abuse prevention, security monitoring, diagnostics, and server administration. We do not use these records to build browsing profiles about the websites you access through the VPN tunnel.

4.5 Purchases and Billing

If you buy a subscription through Google Play or another payment provider, billing is handled by that provider. We do not store full payment card numbers. We may receive limited billing or purchase records such as product ID, order or transaction reference, renewal status, expiry date, and refund or cancellation status so we can activate, maintain, or revoke access to paid features.

4.6 Support Communications

If you contact us, we receive the information you choose to provide, such as your email address, message contents, screenshots, and technical details needed to investigate your request.

5. How We Use Information

We use collected information only for legitimate service purposes, including to:

• Authenticate you and keep your account or device access working
• Provide the VPN connection, assign servers, enforce plan rules, and measure total usage against plan limits
• Prevent fraud, abuse, unauthorized access, spam, and attacks on the service
• Troubleshoot connection failures, service bugs, and compatibility issues
• Respond to support requests and service-related communications
• Comply with legal obligations and protect our users, infrastructure, and business

6. What We Do Not Do With Your Data

• We do not sell personal data.
• We do not use VPN traffic content for advertising.
• We do not intentionally log websites visited, DNS requests, or traffic content transmitted through the VPN tunnel.
• We do not claim to make you completely anonymous to every website, app, or online service you use.

7. Sharing and Third Parties

We share information only when necessary to run the service or when required by law. Categories of recipients may include:

• App stores and payment providers, such as Google Play, for subscription purchase, renewal, cancellation, and refund handling
• Hosting, infrastructure, and server providers that host our website, API, and VPN servers
• Content delivery providers used to serve website assets
• Support and communications providers, if needed to respond to your inquiries
• Legal or regulatory authorities when required by applicable law or valid legal process
• Successors in a merger, acquisition, financing, or asset transfer, subject to appropriate confidentiality measures

We do not share VPN activity logs because we do not keep VPN activity logs.

8. Security

We use reasonable technical and organizational safeguards designed to protect information, including encrypted VPN transport, HTTPS for app and website communications where applicable, access controls, token-based authentication, and minimization of collected data. No system can be guaranteed to be 100% secure, but we work to reduce risk and limit the amount of information we retain.

9. Data Retention

We retain different categories of information for different operational reasons:

• Device, access, plan, and subscription records are kept while needed to provide the service, maintain account continuity, enforce plan entitlements, prevent abuse, and meet legal or accounting obligations.
• Session metadata and byte-usage records are retained as needed for plan enforcement, support, fraud prevention, dispute handling, and service integrity.
• Support records are retained for as long as reasonably necessary to resolve your request and keep an internal record of the issue.
• Website, API, and security logs are generally temporary and may be rotated, overwritten, or deleted according to operational needs.

We do not retain browsing or DNS activity logs because we do not collect that information as part of the VPN service.

10. Your Rights and Choices

Depending on your location, you may have the right to request access to, correction of, deletion of, restriction of, or export of your personal information, or to object to certain processing. You may also request that we close your account or delete associated personal information, subject to information we must keep for legal, accounting, security, fraud-prevention, or dispute-resolution reasons.

You may also stop using the service at any time by uninstalling the app and discontinuing use of the VPN service.

11. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us and we will review the request and take appropriate action.

12. International Processing

Our website, API, VPN servers, and service providers may operate in different countries. By using the Service, you understand that information described in this policy may be processed in countries other than your country of residence, subject to applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. When we do, we will update the "Last Updated" date on this page. Material changes will take effect when posted unless a different date is stated.

14. Contact Us

For privacy questions, data requests, or complaints, contact support@kanasavpn.com.