How we collect, store, and use user data.

Privacy Policy

This is a plain-language description of our practice, not a legal document. We’ve tried to write it without legalese: what we collect, why, how long we keep it, how to delete it. If any of our rules conflict with the law of your country — the law wins.

The short version

We store only what’s needed for the services to work: VPN/proxy client configs.
DNS remembers nothing: no client IPs, no resolved domains.
No cookies, no analytics, no data sales.
There’s a single operator — the project’s administrator. There’s no formal company.

Who processes your data

The operator is the project administrator. The project is non-commercial; there’s no legal entity behind it.

For privacy-related questions, write in the private channel through which you got access. We reply within 1–2 days.

What data we collect

DNS (Blocky): nothing is logged. Neither client IPs nor resolved domains are saved.

VPN and Proxy: client configs (keys, endpoint) are stored on the server so they can be re-sent or revoked. Session counters for an active connection — yes; connection logs, endpoint IPs, or session history — no.

Why we collect it

In GDPR terms — the legal basis for processing:

VPN/proxy client configs — with your consent: you got access in order to use the services.
Backups — to ensure service integrity: necessary so the services recover after failures.

How long we keep it

Live data (DNS cache, config files) — on the main server in Falkenstein (fsn1, Germany). Disks are encrypted at the OS level.
Backups run daily to Backblaze B2 (S3, United States) — retention 14/8/6/2 (daily/weekly/monthly/yearly, ~2 years end-to-end).
All backups are encrypted client-side via Restic. Without the repository password, the archives can’t be read — even if leaked.
Only project administrators have access — via SSH keys to the server and via Pulumi config for secrets.

Where your data may travel

Backblaze B2 — California, United States. Backups there are encrypted on our side with Restic and a repository password: Backblaze only receives an opaque encrypted archive, and the key stays with the administrator. This substantially mitigates the cross-border transfer risk, but formally: the data physically lands in the US.

Your rights

Under GDPR you can:

See what we have on you — we’ll produce an export on request via the private channel.
Delete your data — see the next section.
Withdraw consent — for any processing whose legal basis is consent.
Complain to a supervisory authority:
- in the EU — your national DPA;
- directly in Germany — Saxon State Commissioner for Data Protection (the server sits physically in Saxony);
- for Russia-based users — Roskomnadzor.

We reply to such requests within 30 days (usually sooner).

How to delete your data

DNS: nothing to delete — no query data is stored.

VPN and Proxy: your config is revoked on request — the key stops working. The config file itself is wiped on the next secrets rotation (on average quarterly).

Backups: we don’t do targeted deletes from backups — that would defeat the point of a backup. Data ages out naturally in B2 according to the 14/8/6/2 retention, up to 2 years.

Cookies, trackers, analytics

We don’t use any. The site is static, no sessions, no third-party analytics scripts and no cookies.

Age

The services are intended for people aged 16 and older. This is the GDPR threshold for processing personal data without parental consent.

Changes to this policy

Significant changes are posted to the private ProsveTECH Telegram channel at least one week before taking effect.