Last Updated: July 16, 2026 (revision 8)
Privacy Policy
1. Overview
BratVPN ("the App") provides secure, encrypted VPN connections to protect your privacy and secure your internet connection. Legal company information is available on the Imprint page.
This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have regarding your data. By downloading, accessing, or using the App, you consent to the data practices described in this policy.
The App is designed with your privacy in mind. We follow a principle of minimal data collection:
- The App does not require account creation or sign-up.
- We do not collect your name or phone number. Email is optional for activation-code delivery, website checkout recovery, subscription billing receipts, and support.
- We do not log your browsing activity, connection timestamps, or IP addresses.
- We never sell or rent your data to third parties.
- The App contains no advertising SDKs, no in-app advertisements, and no advertising tracking identifiers. The website may display advertising as described in section 9.
2. Data We Collect
2.1. Information You Provide
When you use the App, you may voluntarily provide the following:
- Server preferences and saved configurations within the App.
- Support requests sent via email.
- Optional email address entered during website checkout so we can send the paid activation code, help recover the order, and allow the billing provider to send receipts or subscription-management links.
We do not collect:
- Your name, phone number, or email address unless you voluntarily provide it for website checkout, billing, or support.
- Your browsing history or DNS queries.
- Your originating IP address or the IP addresses of VPN servers you connect to.
- Connection timestamps or session durations.
- Your precise location or GPS data.
- Any social media or third-party account information.
2.2. Automatically Collected Information
To maintain and improve the App, we automatically collect certain technical information:
- Device model and type.
- Operating system version.
- App version.
- Crash logs and performance diagnostics.
- Website analytics and performance diagnostics, including page path, locale, navigation timing, Core Web Vitals, browser/device class, connection type when available, and static resource load summaries.
- General usage statistics (e.g., feature interaction frequency), collected in anonymised or aggregated form.
- Sanitised application diagnostic logs, keyed by a randomly generated install identifier stored in the device's secure storage. Bearer tokens, API keys, and similar secrets are redacted client-side before transmission.
- If website advertising is enabled, consent choices and limited online identifiers used for advertising delivery and measurement, as described in section 9.
This technical data does not personally identify you and is used solely for improving the App's stability and performance. The App does not collect or process the iOS Advertising Identifier (IDFA) or the Android Advertising ID (AAID).
3. How We Use Your Data
We use the information we collect for the following purposes:
- To provide and maintain VPN connectivity services.
- To optimize server performance and network routing.
- To maintain, improve, and optimize the App's performance and user experience.
- To manage subscription services and communicate with Apple, Google, or our website payment processor regarding billing and website orders.
- To deliver activation codes and transactional messages requested during website checkout.
- To diagnose technical issues and resolve crashes or bugs.
- To serve and measure advertising on the website where permitted by applicable law and your consent choices.
We never sell or rent your data. We do not share your browsing activity, VPN traffic, or connection logs with any third party. We do not use VPN traffic, app data, or connection logs for advertising, and we do not show in-app advertisements. Website advertising, when enabled, is described in section 9 and controlled by the choices available to you.
4. How Your Data Is Processed
4.1. VPN Traffic
When you connect to BratVPN, your internet traffic is encrypted and routed through our VPN servers. We do not inspect, log, or store your VPN traffic. The encrypted connection is maintained only for the duration of your session.
4.2. Local Storage
App preferences, saved server selections, and connection settings are stored locally on your device. We do not create a persistent customer account merely because you enter an email at checkout. We retain the limited order and delivery records needed to fulfil and support that purchase.
5. Data Retention
We retain your data only for as long as necessary to provide the App's services:
- VPN connection data is not logged and therefore not retained.
- App preferences persist only while they remain on your device. Uninstalling the App removes all local data.
- Crash logs and diagnostic data are retained for a limited period to support troubleshooting and are subsequently deleted.
- Website order, optional email, activation-code linkage, and transactional delivery records are retained only as long as reasonably needed to fulfil the purchase, recover the order, prevent duplicate delivery, meet legal obligations, and handle support or payment disputes.
- We do not maintain long-term archives of your usage data or build personal profiles based on your activity.
6. Payment Information
Payments may be processed by Apple through the App Store, Google through Google Play, or the applicable website payment processor for website checkout. We do not collect, store, or have access to your full payment details, including card numbers, bank credentials, wallet private keys, or other sensitive payment credentials.
For website checkout, the payment processor handles the payment form and payment processing. We receive only the limited information needed to fulfil the order, such as the selected tariff, order status, transaction identifier, order ID or anonymous website checkout user ID, and issued activation code. If you enter an email address at checkout, we use it to send the activation code and support order recovery. The website billing provider may also use it for receipts, subscription management, and payment recovery.
Apple, Google, and our website payment processor handle transaction processing and refund workflows according to their own policies. Please review their privacy policies to understand how your payment data is handled.
7. Children's Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently received data from a child under 13, we will take immediate steps to delete such data from our systems.
If you are a parent or guardian and believe your child has provided data through the App, please contact us at support@bratvpn.app so that we can take appropriate action.
8. Data Security
We take the security of your information seriously and implement appropriate technical and organizational measures to protect it, including:
- Encrypted VPN connections.
- Encrypted data transmission between the App and our infrastructure using HTTPS/TLS encryption.
- Secure server infrastructure with restricted access controls.
- Regular security assessments, monitoring, and software updates.
- Minimal data collection practices to reduce the scope of potential exposure.
While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may arise.
9. Third-Party Services
The App integrates with third-party services in the following categories. These providers operate under their own privacy policies and terms of service:
- Apple — App Store distribution, subscription management, payment processing, and crash reporting. See Apple's Privacy Policy.
- Google — Google Play distribution, subscription management, and payment processing. See Google's Privacy Policy.
- Google Analytics — website analytics and performance diagnostics used to measure page load speed, Core Web Vitals, navigation readiness, and aggregate site usage. Google Analytics is not used for advertising personalisation by BratVPN. See Google's Privacy Policy.
- Google AdSense — website advertising. Where enabled, Google and its advertising technology providers may use cookies or similar technologies, IP address, browser and device information, and consent signals to serve, measure, limit, or personalise ads according to your choices and applicable law. Before we serve personalised advertising to visitors in the EEA, the UK, or Switzerland, we use a Google-certified consent management platform. See Google's Privacy Policy and Google's advertising technologies.
- Website checkout payment processor — website checkout payment processing for supported methods and subscription billing.
- Resend — transactional delivery of activation-code emails requested during website checkout. Resend processes the recipient address, message content, delivery events, and related technical metadata. We use an Ireland sending region where available; Resend states that account and message metadata may still be stored in the United States. See Resend's Privacy Policy.
- Firebase (Google) — App analytics, performance monitoring, crash reporting, and remote feature configuration. Data is collected in anonymised and aggregated form where possible. See Firebase Privacy Information.
- PostHog (PostHog Inc., EU Cloud —
eu.i.posthog.com) — sanitised application diagnostic logs and website performance diagnostics used to investigate bugs, speed issues, and operational problems. Bearer tokens, API keys, and similar secrets are redacted client-side before transmission. Logs are keyed by a randomly generated install identifier where applicable; we do not send your name, email address, IP address, or VPN traffic to PostHog. Data is hosted in the European Union. See PostHog's Privacy Policy. - Crisp — In-app and on-website live chat and support ticketing. When you initiate a chat, Crisp processes the content of your messages, your IP address, browser/device information, and session cookies required to operate the chat widget. This data is used solely to deliver support and is not used for advertising. See Crisp's Privacy Policy.
We are not responsible for the privacy practices of these third-party services. Please review the privacy policy shown by the relevant store, website checkout, analytics, diagnostics, or support provider to understand how your data may be handled.
10. Your Rights
You have the following rights regarding your data:
- Access & Deletion: You may request access to or deletion of any data associated with your use of the App at support@bratvpn.app.
- Device Permissions: You can manage the App's access to VPN configuration at any time through your device's Settings.
- In-App Data Management: You can reset saved preferences and server selections directly within the App at any time.
- Advertising choices: If website advertising is enabled, you can use the privacy and consent controls shown on the website to change or withdraw your choices. You may uninstall the App at any time to cease its local data collection.
We will respond to all data access and deletion requests within a reasonable timeframe and in accordance with applicable laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted within the App or on our website, and the "Last Updated" date at the top of this page will be revised accordingly.
Your continued use of the App following any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this page periodically to stay informed about how we protect your data.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
Support: support@bratvpn.app Company details: legal/imprint