Privacy Policy
Last updated: May 18, 2026
GridlockOnline ("we", "our", or "us") operates the ExonVPN mobile application. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
1. Information We Collect
We adhere to the principle of data minimization. We collect only the information strictly necessary to provide the ExonVPN service:
- Device Identifier: Your Android ID is used for account creation and authentication. We do not collect your name, email, or phone number.
- Local Usage Data: Connection duration and data transfer volume (upload/download) are stored locally on your device only for display in the app's usage chart. This data is NOT transmitted to our servers.
- App Preferences: Settings such as your compliance agreement status and connection preferences are stored locally on your device in encrypted storage. These are never transmitted to our servers.
2. VpnService Usage & Data We Do NOT Collect
Our Core Service relies on the Android VpnService API to establish a secure, encrypted virtual private network tunnel. This tunnel encrypts your connection and routes your internet traffic through our secure VPN servers. Regarding this process:
- We do NOT decrypt, inspect, or log your browsing history, DNS queries, or the content of your traffic.
- We do NOT track the websites you visit or the applications you use while connected.
- We do NOT store your originating IP address after the VPN session ends.
- We operate a strict no-logs policy regarding your online activities and VPN tunnel usage.
3. How We Use Your Information
- To authenticate your device and maintain your account.
- To provide, maintain, and improve the VPN service.
- To monitor aggregate service usage for capacity planning.
- To detect and prevent fraud, abuse, or violations of our Terms.
4. Third-Party Services & Advertising
To improve app quality, optimize performance, and support the free tier of our Service, we integrate third-party SDKs provided by Google. These services operate under Google's Privacy Policy:
- Google AdMob: Serves advertisements to support our free VPN service tier. AdMob collects pseudonymous device identifiers (such as the Google Advertising ID / GAID), IP addresses (for location detection and serving relevant local ads), and ad interaction metrics (views and clicks). You can manage or reset your Advertising ID via your Android device settings.
- Firebase Analytics: Collects anonymous, aggregated usage data such as app opens, feature usage, and session duration. This data does NOT include your browsing activity or any information about the content of your VPN traffic.
- Firebase Crashlytics: Automatically collects crash reports including device model, OS version, and stack traces to help us fix bugs. No personal data or VPN traffic content is included in crash reports.
- Firebase Performance Monitoring: Collects app startup time and network request latency (to our API servers only, NOT your VPN-tunneled traffic) to optimize performance.
- Firebase Cloud Messaging (FCM): Used to deliver push notifications such as service announcements and maintenance alerts. Your FCM token is stored securely and is not shared with third parties.
Important: None of these services have access to, or collect any data about, the content of your VPN-encrypted traffic. All analytics and ad telemetry data is processed securely and is completely separated from your VPN activity.
5. Data Sharing & Third Parties
We do NOT sell, trade, or rent your personal information to third parties. We may share data only in the following limited circumstances:
- When required by law or in response to valid legal process.
- To protect our rights, privacy, safety, or property.
- With the third-party analytics providers listed in Section 4 above, strictly for the purposes described.
6. Data Retention
Device identifiers are retained for the duration of your account's existence. Aggregated usage statistics are retained for up to 12 months for service improvement purposes. You may request account deletion at any time by contacting us.
7. Data Security
We employ industry-standard security measures including:
- AES-256-GCM encryption for all API communications.
- TLS 1.2+ for all network connections.
- Request signing (HMAC) to prevent tampering.
- Encrypted local storage using MMKV with per-app encryption keys.
8. Children's Privacy
Our Service is not directed to children under 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
9. Your Rights
Under applicable data protection laws — including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) — you may have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Object to or restrict processing of your data.
- Data portability.
To exercise any of these rights, please contact us at the email address below.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
[email protected]