V-Rail logo
V-Rail

Privacy Policy

Last updated: 2025-12-28

Your privacy is important to us. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have. This policy applies to our VPN applications, websites, and related services (collectively, the “Service”).

Plain-English summary: We require an email address for account verification. Payments are handled by Stripe, not by our servers. When you delete your account, we delete the account data (not “deactivate” it). We may temporarily store limited VPN access logs for operational and security reasons, and we do not share them with third parties unless legally required (for example, via a valid subpoena or court order).

  1. Information We Collect

1.1 Account Information (Email)

We require an email address to create an account and verify that you control it. We store your email for:

  • Account creation and login
  • Email verification and security notices (e.g., suspicious login alerts)
  • Essential service communications (e.g., important changes to the Service)

1.2 Payment Information (Stripe)

If you purchase a subscription, your payment is processed by a third-party payment processor, Stripe. We do not process or store your full payment card details on our servers.

We may store limited purchase metadata such as your subscription status, plan type, payment confirmation ID, and billing period to provide the Service and handle support requests.

1.3 VPN Usage and Access Logs

VPN services may need some operational telemetry to function reliably (for example, diagnosing outages, preventing abuse, and maintaining network quality). We may potentially store limited VPN access logs such as:

  • Connection timestamps (connect/disconnect times)
  • General server selection (e.g., region or server ID)
  • Aggregate bandwidth usage (total data transferred)
  • App/device diagnostic events (crash reports, performance errors)
  • Fraud and abuse signals (e.g., excessive connection attempts)

We do not sell VPN usage data. We do not share VPN access logs with third parties for marketing or advertising, and we do not use VPN activity to build advertising profiles.

Legal disclosure: We will not disclose VPN access logs to third parties unless we are required to do so by law (for example, a valid subpoena, court order, or other legally binding request).

1.4 Information We Do Not Intentionally Collect (Content & Browsing)

We do not want your browsing history. The Service is designed so that we do not intentionally collect or store:

  • Websites you visit (browsing history)
  • The content of your internet traffic (messages, files, videos, etc.)

Note: Your internet activity may still be visible to websites you visit, apps you use, and any services you log into. A VPN changes network routing; it does not make you anonymous to every service you interact with.

  1. How We Use Information

We use the information described above to:

  • Provide and maintain the Service (account access, VPN connections, service reliability)
  • Verify accounts and prevent fraud or abuse
  • Provide customer support and troubleshoot issues
  • Comply with legal obligations and enforce our Terms of Service
  • Improve the Service (performance, stability, and security)

  1. Sharing and Disclosure

3.1 Service Providers

We use trusted service providers to operate the Service (for example, hosting and infrastructure). These providers may process limited personal data on our behalf under confidentiality and security obligations.

3.2 Payments via Stripe

Stripe processes payments for subscriptions. Stripe handles payment card data and related financial information under its own privacy and security policies. We receive only the limited billing metadata needed to confirm your subscription is active.

3.3 Legal Requests (Subpoenas / Court Orders)

We may disclose information if we believe, in good faith, that disclosure is necessary to comply with a valid legal obligation (such as a subpoena, court order, or other legally binding request), protect the security and integrity of the Service, prevent fraud, or protect the rights, property, or safety of users or others.

Where legally permitted, we will attempt to notify affected users of such requests.

  1. Data Retention and Deletion

4.1 Account Deletion (Permanent)

When you delete your account, we delete the account data associated with it. We do not keep your account “on ice,” and we do not retain a recoverable copy for later restoration. This includes deleting the stored email address used for verification.

The only exceptions are where limited retention is required by law or necessary to resolve a legitimate dispute (for example, a chargeback or fraud investigation), and only for as long as needed for that purpose.

4.2 Email Retention

Your email address is retained for as long as your account is active to enable verification, account access, and essential communications. When the account is deleted, the email is deleted as described above.

4.3 VPN Logs Retention

If VPN access logs are collected, we retain them only for as long as necessary for operational purposes such as maintaining reliability, preventing abuse, and troubleshooting, and we aim to minimize both the scope and retention period of any such logs.

  1. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. No system is perfectly secure, but we design the Service to minimize the personal data we hold.

  1. Singapore PDPA Notice (If You Are in Singapore)

If you are in Singapore, the Personal Data Protection Act (PDPA) generally governs how organizations collect, use, disclose, and protect personal data. We aim to operate the Service in a way that aligns with PDPA principles such as limiting retention, applying safeguards, and ensuring appropriate protection for cross-border transfers.

6.1 Access and Correction

You may request access to, or correction of, personal data we hold about you, subject to applicable exceptions under the PDPA. We will respond as soon as reasonably possible in line with applicable requirements.

6.2 Withdrawal of Consent

You may withdraw consent for our collection, use, or disclosure of your personal data by giving reasonable notice. Withdrawing consent may affect our ability to provide the Service (for example, you cannot maintain an account without an email for verification).

6.3 Data Breach Notification

Where the PDPA’s mandatory data breach notification rules apply, organizations may be required to notify the Personal Data Protection Commission (PDPC) and/or affected individuals within specified timelines. We maintain procedures to assess and manage suspected breaches and to make notifications where required.

PDPC guidance indicates that notifiable breaches should generally be reported as soon as practicable and, in any case, no later than three (3) calendar days after an organization determines that a breach is notifiable.

  1. International Data Transfers

We may process information in countries other than where you live (for example, where our infrastructure or service providers are located). Where required, we use appropriate safeguards intended to ensure a standard of protection comparable to applicable laws (including Singapore’s PDPA transfer requirements where relevant).

  1. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you (for example, via the Service or email). The “Last updated” date reflects the most recent revision.

  1. Contact Us

If you have questions about this Privacy Policy, want to exercise privacy rights, or want to request access/correction, contact us at:

This Privacy Policy is provided for general informational purposes and does not constitute legal advice.