Privacy Policy — ZenVault VPN

Provided by Infracloud LLC (Armenia) — infracloud.am
Last updated: January 30, 2026 Effective date: January 30, 2026

This Privacy Policy explains how ZenVault VPN (“ZenVault”, “we”, “us”) processes information when you use our Android application and related services (the “Service”). It also describes our no-logs approach, how we use service providers such as Google/Firebase, and the choices available to you.

1. Controller & Scope

ZenVault VPN is provided by Infracloud LLC (“Company”), a limited liability company registered in Armenia. For the purposes of applicable data protection laws, Infracloud LLC acts as the controller of personal data processed under this Privacy Policy.

This Policy applies to the ZenVault VPN Android application and related services we operate. It does not cover third-party websites, apps, or services that you may access through ZenVault.

2. Information We Process

2.1 Information you provide

  • Account identifiers: email address and user ID (UID).
  • Sign-in method: Google Sign-In and/or email/password authentication.
  • Profile data (optional): display name and profile photo URL (for example, from Google Sign-In).
  • Optional profile fields (if you choose to enter them): phone number, gender, and date of birth.

2.2 Information processed automatically when you use the Service

  • Device information: platform (Android), device model, and OS version (stored as a “device label”).
  • Subscription and trial data: plan name, trial days, trial start date, subscription expiry, and related status fields.
  • VPN operational data required to provide the Service, such as:
    • selected protocol (e.g., WireGuard), connection status, and sync status across servers;
    • server reference used for your connection;
    • assigned internal VPN addresses (e.g., IPv4/IPv6 inside the tunnel);
    • the client configuration required to establish the VPN tunnel (e.g., WireGuard client configuration and client name).
  • Traffic summary history (shown in the app): upload/download totals (MB), session duration, VPN interface name, server endpoint used, and your external IP address as observed by the VPN server during a session (where recorded).
Permissions note: ZenVault does not require access to location, contacts, SMS, call logs, or device storage to provide VPN connectivity.

3. VPN Traffic & No-Logs

3.1 What we do not collect

We do not collect or store:

  • browsing history or the websites you visit;
  • DNS queries you make while using the VPN;
  • the content of your traffic (payload);
  • records that link specific websites/apps you use to your account or a VPN session.

3.2 What we process to operate the VPN

A VPN cannot function without processing certain technical data (for example, the server endpoint, internal tunnel IPs, and the configuration needed to connect). We may also record traffic totals (upload/download), session duration, and limited connection technical metadata to provide the in-app history feature, troubleshoot issues, and protect the Service against abuse.

“No-logs” means we avoid collecting data about your online activity and traffic contents. It does not mean the Service operates with zero operational data.

4. Purposes

We use the information described above to:

  • create and manage your account and authenticate you (including Google Sign-In);
  • provide VPN connectivity and related features (including generating and syncing VPN configuration);
  • operate subscriptions and trials and show subscription status in the app;
  • display connection status and traffic summary history (if enabled/available in your app version);
  • send service and product communications, including in-app notifications;
  • maintain security, prevent fraud and abuse, and protect our infrastructure;
  • comply with legal obligations where applicable.

Use of the Service is subject to the Acceptable Use provisions in our Terms of Service. Violation of Acceptable Use may result in account suspension or termination as described in the Terms.

5. Legal Bases

Where data protection laws require a legal basis (for example, in the European Economic Area), we generally rely on one or more of the following, as applicable:

  • Contract: to provide and operate the Service you request.
  • Legitimate interests: to secure, maintain, improve, and prevent abuse of the Service.
  • Consent: where we ask for optional features or communications and you choose to enable them.
  • Legal obligation: to comply with applicable laws and lawful requests.

6. Sharing & Service Providers

We do not sell your personal data. We share information only as needed to run the Service:

  • Google:
    • Google Sign-In (if you choose to sign in with Google);
    • Google Play Billing for purchases, renewals, cancellations, and refunds.
  • Firebase / Google Cloud:
    • Firebase Authentication (account sign-in);
    • Cloud Firestore (account profile, subscription/trial status, VPN configuration/metadata, notifications, and traffic summaries).
  • VPN infrastructure providers: our VPN servers process your traffic in transit to provide the VPN connection.

We may also share information if required by law, to protect our rights, to enforce our Terms, or to investigate fraud or abuse.

7. Notifications

ZenVault may use Firebase Cloud Messaging (FCM) to deliver push notifications (for example, service updates or important account messages) depending on your device settings. You can disable notifications at any time in your Android system settings.

8. Advertising & Tracking

ZenVault does not run third-party advertising networks in the app and does not use third-party tracking SDKs for behavioral advertising or profiling.

Note: Google Play and Google services may process data under their own terms when you use Google Sign-In or manage subscriptions in Google Play.

9. Retention

We keep data only as long as necessary for the purposes described in this Policy.

9.1 Typical retention (high level)

  • Account data: kept while your account is active.
  • Subscription/trial data: kept while needed to manage access and for accounting/records.
  • VPN configuration and operational data: kept while needed to provide the Service.
  • Traffic summary history: kept while your account is active (unless you delete your account or we change the feature).
Backups: copies of some data may remain in encrypted backups for a limited period and are deleted on a rolling basis.

Google Play purchase history is controlled by Google. We cannot delete Google’s records of your purchases or subscription history.

10. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of storage or transmission is 100% secure.

11. Legal Requests

We evaluate legal requests on a case-by-case basis and may respond to legally valid requests where required by applicable law.

Due to our no-logs approach, we cannot provide:

  • browsing history or websites visited;
  • DNS queries;
  • traffic contents or destinations;
  • activity logs linking your account to specific sites or services.

We may be able to provide, if applicable and legally required:

  • whether an account exists for a given email address;
  • account creation date;
  • aggregate bandwidth used (upload/download totals);
  • subscription status.

We will notify users of legal requests unless prohibited by law or court order.

12. Your Rights

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal data, and to object or restrict certain processing. You can update some profile fields in the app. You can request deletion as described in Account Deletion.

13. Age Requirement (18+)

The Service is intended for adults. You must be at least 18 years old to use ZenVault. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will take appropriate steps.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates when the latest changes became effective. If changes are material, we may provide additional notice where appropriate.

15. Contact

Infracloud LLC (Armenia)

Privacy and data requests: [email protected]

Website: infracloud.am