Privacy Policy

Iaye VPN, operated by 2810156 ALBERTA INC. ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information when you use the Iaye VPN application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account and Purchase Information

When you purchase a subscription, we collect your email address in order to deliver your access credentials and communicate service-related information. Purchases made on our website are processed by Stripe; purchases made through Apple In-App Purchase within the app are processed by Apple. In neither case do we store full payment card details on our servers.

1.2 VPN Connection Data — No-Logging Policy

We operate a strict no-logging policy for VPN traffic. We do not collect, store, or share:

• Your originating IP address during VPN sessions;
• Your browsing activity, DNS queries, or destination sites/IPs;
• The content of your internet traffic;
• Session timestamps or connection durations.

1.3 Error and Crash Reports

The Application may collect anonymized crash and error reports via Sentry to help us identify and fix issues. These reports do not contain VPN traffic data or personally identifiable information beyond what is necessary to reproduce the error.

1.4 VPN Credentials and Access Tokens

To connect you to the VPN, our server generates a WireGuard keypair on your behalf. The private key is delivered to the app over an encrypted HTTPS connection and is never stored on our servers after delivery. The public key and a hashed version of your access token are retained on the server solely to maintain your VPN configuration and verify your identity on reconnect. The access token is valid for the full duration of your plan and expires when the plan ends. It does not contain your email address or any other personally identifiable information.

2. How We Use Your Information

The following explains exactly how each type of data we collect is used:

• Email address: used solely to deliver your access credentials after purchase, send transactional service notifications (e.g., subscription status, policy updates), and respond to support requests. We do not send marketing or promotional emails.
• Payment information: processed by Stripe (web) or Apple (in-app) to verify your purchase and grant access to the Service. We do not receive or store your full payment card details.
• WireGuard public key and access token hash: retained on our VPN server solely to authenticate your device and maintain your encrypted VPN tunnel configuration. The private key is generated server-side, delivered to your device over HTTPS, and immediately discarded from our servers — we do not store it.
• Crash and error reports: used exclusively to identify, diagnose, and fix software bugs. These reports are anonymized and are never used for profiling or advertising.

We do not use any collected data for advertising, profiling, or sale to third parties. All email communications from us are transactional and service-related.

3. Sharing of Information

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

• Service Providers: We work with trusted third-party vendors (e.g., Stripe and Apple for payments, AWS for infrastructure, Sentry for error tracking) who process data on our behalf and are contractually obligated to protect it.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority. Because we do not log VPN traffic, we have no browsing data to provide even if compelled.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law:

• Account data (email address, subscription status): deleted or anonymized within 30 days of account deletion or subscription expiry.
• Financial and transaction records: retained for 7 years as required under applicable Alberta and federal Canadian law.
• Crash and error reports: retained for a rolling 90-day window, after which they are automatically purged.

Because we do not log VPN session data, there is no VPN usage history to retain or delete.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Our VPN infrastructure uses the WireGuard® protocol, which employs state-of-the-art cryptography.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law.

We are committed to periodic independent security reviews of our no-logging infrastructure. Any third-party audit results will be disclosed publicly as part of our transparency practices.

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data in certain circumstances.

We do not sell your personal information.

6.1 EU/EEA Users — GDPR

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. We process your data on the following legal bases:

• Performance of a contract: processing necessary to provide the Service you purchased;
• Legitimate interests: fraud prevention, security, and improving service reliability, where these interests are not overridden by your rights;
• Legal obligation: retention of financial records as required by applicable law.

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have processed your data unlawfully.

6.2 California Users — CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you;
• Right to Deletion: request deletion of personal information we have collected, subject to certain exceptions;
• Right to Opt Out of Sale: we do not sell personal information, so this right is not applicable;
• Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

You may designate an authorized agent to submit requests on your behalf by providing written permission and verifying your identity with us.

To exercise any of these rights, please contact us at team@iaye.net. We will respond within 30 days.

7. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe a minor has provided us with personal information, please contact us at team@iaye.net so we can take appropriate action.

8. Third-Party Services and Links

The Service may contain links to or integrate with third-party services (e.g., the Apple App Store, Stripe). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to review the privacy policies of any third-party services you use.

9. Cookies

Our website uses a limited set of essential cookies required for the Service to function:

• Payment processing (Stripe): session cookies used to securely complete web transactions. Apple In-App Purchases are processed entirely within the App Store and do not use our website cookies.
• Error tracking (Sentry): anonymous session identifiers used to correlate error reports.

We do not use advertising, behavioral tracking, or third-party marketing cookies. Essential cookies cannot be disabled without preventing core functionality such as checkout.

10. International Data Transfers

Your information may be processed in countries other than the one in which you reside. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. Where required, we apply appropriate safeguards (such as standard contractual clauses) for international transfers.

11. Apple App Store Privacy Nutrition Labels

As required by Apple, the following summarizes the data we collect:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the effective date above and, where appropriate, providing notice through the Application or by email. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, or to exercise your privacy rights, please contact us at team@iaye.net. We will respond to your inquiry within 30 days.