Features Network Pricing FAQ
English

Privacy Policy

Last updated: April 2026

1. Our Core Privacy Principle

TunnVPN is designed with a fundamental principle: we collect no personal information. Unlike traditional VPN services that require email, phone numbers, or payment details, Tunn operates on a strict zero-PII (Personally Identifiable Information) policy.

2. What We Do NOT Collect

  • No IP addresses - We never log your real IP address or VPN exit IP
  • No browsing data - We do not track which websites you visit or apps you use
  • No DNS queries - Your DNS resolution is handled locally and never logged
  • No traffic content - All traffic is encrypted end-to-end; we cannot see your data
  • No connection timestamps - We do not record when you connect or disconnect
  • No device identifiers - No hardware IDs, MAC addresses, or device fingerprints

3. What We DO Collect (Minimal)

To provide service functionality, we store only the absolute minimum:

  • Authentication tokens - Stored as bcrypt hashes (one-way encrypted)
  • Wallet addresses - Stored as SHA-256 hashes only (we never see raw addresses)
  • Bandwidth quota - Aggregated byte counts for fair usage enforcement
  • Subscription status - Expiration date and plan type (no payment details)

4. Anonymous Authentication

We offer two authentication methods, both anonymous:

  • Random Token - A 16-character alphanumeric code generated locally. Shown once at account creation and never stored in plain text.
  • Web3 Wallet - Sign a message with your crypto wallet. We only store a hash of your address, never the address itself.

5. Payment Privacy

We accept multiple payment methods, all designed for privacy:

  • Cryptocurrency - USDT, Bitcoin, Monero via NowPayments (no KYC required)
  • Alipay/WeChat Pay - Processed through Epay (minimal data exposure)
  • Credit/Debit Cards - Processed by Stripe (we only receive payment confirmation, not card details)

Payment providers handle their own data. We cannot link payment information to VPN usage.

6. Technical Infrastructure

Our architecture is designed for privacy by default:

  • Split architecture - Control plane and data plane are completely separated
  • No logs on VPN nodes - Traffic nodes do not write any logs to disk
  • RAM-only operation - All session data exists only in memory
  • Automatic IP rotation - Nodes rotate IPs if any unusual activity is detected

7. Data Retention

We do not retain any usage data. What minimal data we store (authentication hashes, quota counters) exists only to provide service:

  • Authentication tokens exist until account deletion
  • Bandwidth counters reset monthly
  • No historical data is maintained

8. Your Rights

Because we do not collect personal information, there is no personal data to request or delete. However, you have complete control:

  • Delete account - Permanently remove your account and all associated data
  • Rotate tokens - Generate new authentication credentials at any time
  • No lock-in - Cancel anytime without providing any reason

9. Legal Requests

If we receive a legal request for user data, our response is simple: we have no data to provide. Our architecture makes it technically impossible to identify users or their activities.

10. Changes to This Policy

Any changes to this privacy policy will be announced through our notice system and will not retroactively affect your existing data. We will never compromise our core zero-PII principle.

11. Contact

For privacy-related questions, open a support ticket through your dashboard. We do not use email for support to maintain anonymity.