Privacy Policy — ChromaSecure VPN

Our commitment in plain English ChromaSecure does not log, sell, or share your browsing activity. We use anonymous device identifiers to manage subscriptions. We never see what you do online.

1. Who We Are

ChromaSecure VPN ("ChromaSecure", "we", "our", or "us") is a VPN service provider. Our Android application is available on Google Play. This Privacy Policy explains how we collect, use, and protect information when you use our service. For questions, contact us at privacy@chromasecure.com.

2. Information We Collect

We do NOT collect:

Your browsing history or activity while connected to the VPN
DNS queries you make
Your real IP address after connecting
Connection timestamps or session duration logs
Bandwidth logs tied to your identity

We DO collect:

Anonymous device identifier (UID): Generated via Firebase Anonymous Authentication. A random string not tied to your name, email, or real identity. Used solely to manage your subscription plan.
Subscription status: Your current plan and whether it is active, via Google Play. We receive confirmation of purchases but not your payment details.
Aggregate connection counts: Total active VPN connections globally (not per-user) to monitor server load.
Crash reports: Anonymous diagnostic data via Google Firebase Crashlytics to fix bugs.
FCM token: A Firebase Cloud Messaging token used to deliver push notifications about service updates. You may opt out in your device settings.

3. How We Use Information

To authenticate you and apply the correct subscription plan
To display your VPN session stats within the app (stored locally on your device)
To send service-critical push notifications (maintenance, new servers)
To analyze aggregate crash data and improve app stability
To comply with legal obligations

4. Data Storage and Security

Minimal account data (anonymous UID, subscription plan) is stored in Google Firebase Firestore, hosted in secure Google Cloud data centres. All data in transit is encrypted using TLS 1.3. All VPN traffic is encrypted using WireGuard® with ChaCha20-Poly1305 cipher.

Firebase is GDPR-compliant and SOC 2 Type II certified. For Firebase's privacy practices, see firebase.google.com/support/privacy.

5. Third-Party Services

Google Firebase: Anonymous authentication, Firestore database, Cloud Messaging
Google AdMob: Advertising SDK shown to Free plan users. AdMob may collect device identifiers for ad personalisation. You can opt out via your device's ad settings.
Google Play: Subscription purchases and billing. Subject to Google's Privacy Policy.

We do not sell or share your personal data with any third parties for marketing purposes.

6. Data Retention

Your anonymous UID and subscription status are retained for as long as you use the service. Session statistics displayed in-app are stored locally on your device and cleared when you uninstall the app. You may request deletion of your Firebase account data by contacting privacy@chromasecure.com.

7. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

Access the data we hold about you
Request correction or deletion of your data
Object to or restrict processing
Data portability
Opt out of the sale of personal information (we do not sell personal data)

To exercise any right, email privacy@chromasecure.com with subject "Data Rights Request". We respond within 30 days.

8. Children's Privacy

ChromaSecure is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from minors. If you believe a minor has provided us information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or requests: privacy@chromasecure.com