Legal

OctoProxy Privacy Policy

Last Updated: May 2, 2026

This Privacy Policy ("Policy") explains how OctoProxy ("we", "us" or "our"), the developer of the OctoProxy mobile application ("OctoProxy" or "the App"), collects, uses, stores, discloses and protects the personal information and data ("Personal Data") of users ("you" or "User") who access or use our virtual private network services ("Services").

By downloading, installing, registering for or using OctoProxy and our Services, you acknowledge that you have read, understood and agreed to the terms of this Policy, including our collection and processing of your Personal Data as described herein. If you do not agree to this Policy, please immediately cease using the App and the Services.

1. Scope of Application

1.1 This Policy applies to all Personal Data we collect when you use OctoProxy and the Services, including data provided during registration, generated during use, and collected through third-party integrations (if any).

1.2 Our Services are not available to users located in the People's Republic of China. If you are currently in the People's Republic of China, please do not use our App or Services. This Policy does not apply to data collected by third-party services or platforms linked to within the App; you should review the privacy policies of such third parties independently.

2. Types of Personal Data We Collect

We only collect Personal Data that is necessary to provide and optimize the Services. The collected data is categorized as follows:

2.1 Account Registration Data

When you register a OctoProxy account, you may need to provide the following information: email address, password (encrypted storage), and payment information (such as credit card details or PayPal account information) if you subscribe to paid services. This data is used to complete account creation, verify your identity, and process payment transactions.

2.2 Technical Data

When you use the App and Services, we automatically collect technical information related to your device and network, including: device model, operating system version, device unique identifier (such as IMEI, UUID), IP address (of the server you connect to via the VPN), network type (Wi-Fi/mobile data), and App version. This data helps us ensure the compatibility of the App, troubleshoot technical issues, and optimize service performance.

2.3 Usage Data

We collect data related to your use of the Services, such as the VPN server location you select, the start and end time of each connection, data usage volume during the connection, and the functional modules you frequently use (such as ad-blocking or split tunneling). This data is used to analyze user usage habits, improve service quality, and provide personalized recommendations.

2.4 Voluntarily Provided Data

If you contact our customer support team, you may voluntarily provide information such as your name, detailed description of the issue, and communication records (emails, in-app messages). This data is used to respond to your inquiries and resolve the problems you encounter.

3. Purposes of Processing Personal Data

We process your Personal Data only for the following legitimate purposes and in compliance with applicable data protection laws:

  • To provide and maintain the Services: Including account management, VPN connection establishment, server resource allocation, and service status monitoring.
  • To improve and optimize the Services: Analyzing usage data to identify service bottlenecks, update functional modules, and enhance user experience.
  • To ensure service security: Detecting and preventing fraudulent activities, unauthorized account access, and malicious use of the Services to protect your account and data security.
  • To process payments and subscriptions: Verifying payment information, processing subscription renewals, and issuing invoices for paid services.
  • To provide customer support: Responding to your inquiries, troubleshooting technical issues, and handling complaints or suggestions.
  • To comply with legal obligations: Disclosing data as required by applicable laws, regulations, judicial orders, or government authorities.

4. Storage and Protection of Personal Data

4.1 Storage Location and Duration

Your Personal Data will be stored on secure servers. We will retain your Personal Data only for the period necessary to achieve the processing purposes stated in this Policy, or as required by applicable laws. After the retention period expires, we will securely delete or anonymize your data (anonymized data is no longer considered Personal Data).

4.2 Security Measures

We adopt industry-standard security technologies and management systems to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction, including but not limited to:

  • Encrypting sensitive data (such as passwords and payment information) using AES-256 encryption technology.
  • Implementing access control mechanisms to limit internal personnel's access to Personal Data (only authorized personnel can access data for legitimate purposes).
  • Regularly conducting security audits and vulnerability scans to identify and fix potential security risks.
  • Establishing an emergency response mechanism for data security incidents to minimize losses in the event of a breach.

Please note that no data transmission or storage method is 100% secure. We will take reasonable measures to protect your data, but we cannot guarantee absolute security. You should also take precautions to protect your account security (such as not sharing your password with others).

5. Your Rights Regarding Personal Data

In accordance with applicable data protection laws (such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)), you have the following rights regarding your Personal Data. You can exercise these rights by contacting our data protection officer via the contact information provided in Section 9:

  • Right of Access: You have the right to request access to the Personal Data we hold about you, including the purpose of processing, storage location, and third-party recipients (if any).
  • Right of Correction: If your Personal Data is inaccurate or incomplete, you have the right to request correction or supplementation.
  • Right to Erasure ("Right to Be Forgotten"): You have the right to request us to delete your Personal Data if the data is no longer necessary for processing purposes, or you withdraw your consent.
  • Right to Restrict Processing: You have the right to request us to restrict the processing of your Personal Data in specific circumstances (such as when you dispute the accuracy of the data).
  • Right to Data Portability: You have the right to request us to provide your Personal Data in a structured, commonly used, and machine-readable format, or to transmit the data directly to another data controller.
  • Right to Withdraw Consent: If we process your data based on your consent, you may withdraw your consent at any time. Withdrawing consent will not affect the legality of data processing conducted before the withdrawal.

We will respond to your request within 30 days of receiving it. If we need to extend the processing time due to complex circumstances, we will notify you in writing and explain the reasons. We will not charge you for reasonable requests, but may charge a reasonable fee for excessive or repetitive requests.

6. Disclosing Personal Data to Third Parties

We will not sell, rent, or lease your Personal Data to any third party for commercial purposes. We may disclose your Personal Data to third parties only in the following circumstances:

  • With your explicit consent: We will disclose data to third parties only after obtaining your written consent.
  • Service providers: We may engage third-party service providers to assist us in providing services (such as payment processing, cloud storage, and customer support). These service providers are only authorized to process data for the purpose of providing services to us and must comply with strict data protection obligations.
  • Legal requirements: We may disclose data to comply with applicable laws, regulations, judicial orders, or government investigations, or to protect our legitimate rights, property, or safety, as well as the rights and safety of other users or third parties.
  • Business transactions: In the event of a merger, acquisition, asset sale, or other business restructuring, your Personal Data may be transferred as part of the business assets. We will notify you in advance and ensure that the transferee complies with the terms of this Policy.

7. Children's Personal Data

Our Services are not intended for individuals under the age of 16 ("Children"). We do not intentionally collect Personal Data from Children. If we become aware that we have collected Personal Data from a Child without the consent of their legal guardian, we will immediately delete the relevant data and notify the legal guardian. If you are a legal guardian and discover that your child has provided Personal Data to us, please contact us immediately.

8. Changes to This Policy

We may revise this Policy from time to time to adapt to changes in laws, regulations, or service functions. The revised Policy will be published in the OctoProxy App (via in-app notifications) and on our official website. We will indicate the "Effective Date" of the revised Policy.

If the revised Policy involves material changes (such as expanding the scope of data collection, changing the purpose of processing, or adjusting your core rights), we will notify you through prominent channels (such as pop-up notifications in the App or emails) at least 7 days before the effective date. Your continued use of the App and Services after the effective date of the revised Policy constitutes your acceptance of the revised terms.

9. Contact Us

If you have any questions, complaints, or requests regarding this Policy or the processing of your Personal Data, please contact us through official channels at support@octoproxy.app.