KermVPN API — Privacy Policy
Last updated: 2026-05-23
KermVPN API ("we", "us") provides a VPN client that lets you tunnel
your traffic through servers we operate. We respect your privacy; this
document explains exactly what we store and what we do not.
1. What we store
- Email or phone (whichever you provide at registration) and a
password hash (Argon2id). We need this to identify your account
across devices.
- A unique VPN credential (VLESS UUID + subscription token) we
generate for you in the underlying panel. This is what your device
uses to connect to our servers.
- Aggregate data-volume counters per calendar month
(bytes in/out) so we can enforce the free-tier quota. We do not
log which sites you visit or which apps you use.
- Ad-watch counter for the daily AdMob reward. Stored per day
with the AdMob transaction IDs to prevent double-credit.
- Device fingerprint (a per-install random UUID, app version,
"android"). Used only for support diagnostics.
2. What we do not store
- Browsing history, DNS queries, websites visited.
- Connection logs (timestamps + IP pairs).
- Payment details (Phase 2 will use Google Play billing exclusively).
- Contact lists, photos, location.
3. AdMob
When you watch a Rewarded Ad to earn bonus data, the Google AdMob SDK
shows an ad chosen by Google. Google may use your device's advertising
ID and basic technical data (model, language) to personalize that ad —
this is governed by Google's privacy policy, not ours. We only learn
that an ad was finished, and only via Google's signed
Server-Side-Verification callback.
4. Data deletion
Email support@kermvpn.app from
the account address. We delete your account, all quota and ad-reward
rows, and revoke your VPN credential within 7 days.
5. Contact
support@kermvpn.app