Data Protection Agreement

Privacy Policy

Last Updated: April 30, 2026

Welcome to ClashVPN. We know how much online privacy matters to you. Protecting it is our responsibility and the reason we built this product. This Privacy Policy explains our data practices in a transparent and easy-to-understand way.

Core Commitment: Strict No-Logs Policy

ClashVPN guarantees that we never collect, store, or log any of the following activity data:

  • We do not log your real IP address or assigned VPN IPs.
  • We do not log your browsing history, destinations, or downloads.
  • We do not log connection timestamps or session durations.
  • We do not log your DNS queries.

Simply put, even we don't know what you do on ClashVPN. Since the data doesn't exist, we can't leak it, sell it, or hand it over to anyone.

2. Limited Info We Collect

To maintain our service and provide support, we only collect the bare minimum data, categorized into two types:

2.1 Info Required for Service

  • Email Address: When you sign up, we only require an email (anonymous ones are fine) for login, password resets, and billing info.
  • Payment Info: Purchases are handled securely by trusted third-party providers (e.g., Stripe/PayPal). ClashVPN never collects or stores full credit card numbers or bank details. We only keep order IDs and payment status to activate your plan.

2.2 App Diagnostics (Fully Anonymous)

To improve stability, our client may send fully de-identified crash reports. This data only includes system environment info (e.g., iOS 16 crash) and never your account or activity data. You can opt-out anytime in "Settings".

3. How We Use Info

Our use of limited information (like email) is strictly controlled and primarily used for:

  • Verifying your identity and allocating data limits.
  • Processing support requests and tickets.
  • Sending service status, security updates, or policy changes (we never send third-party spam).

4. Data Sharing & Third Parties

We never sell your data. This is our bottom line. We only share essential info with third parties in these limited scenarios:

  • Service Providers: We use third-party services (e.g., email providers, payment gateways) to assist operations. They only handle data necessary for their roles and are bound by strict confidentiality.
  • Legal Requirements: If faced with a legally binding warrant, we may be required to cooperate. However, due to our no-logs policy, we have no browsing activity or IP logs to hand over, even if servers are seized.

5. Data Security & Encryption

Beyond using industry-leading encryption (AES-256-GCM / ChaCha20), we maintain rigorous infrastructure security:

  • Our infrastructure runs in RAM-only mode. All cached data is physically erased instantly upon restart or power loss.
  • All databases and internal communications are forced to use strong encryption (TLS 1.3+).
  • We implement strict access controls (Zero-Trust), with server access limited to a few core engineers for troubleshooting only.

6. Your Rights

Under data protection regulations (like GDPR), you have full control over your data:

  • Right to Access & Export: You can request a copy of the personal data we hold (usually just your email and billing records).
  • Right to Erasure (To be Forgotten): You can request full account deletion via support. Once deleted, all associated records are permanently erased and cannot be recovered.
  • Right to Opt-Out: You can unsubscribe from service notifications (except critical security alerts) via the link in any email.

7. Policy Updates & Contact

We reserve the right to update this policy. Major changes will be notified via email, and the "Last Updated" date at the top will be updated.

Privacy questions?

Our legal and privacy team is happy to help. Please , and we will process it promptly.