Privacy Policy

1. Overview

Tunnely ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. What We Don't Collect

We do NOT collect or store:

• Browsing history or traffic logs
• DNS queries
• IP addresses associated with your activity
• Connection timestamps
• Bandwidth usage per session

Our multi-hop relay architecture is designed so that no single server can associate your identity with your destination.

3. What We Collect

We collect the minimum data necessary to operate the service:

• Account information: Email address and encrypted password hash for authentication.
• Subscription data: Payment status and plan type (processed by Stripe; we never see your card details).
• Aggregate metrics: Server load, total active connections (not per-user), and network health data to maintain service quality.

4. Payment Processing

All payments are processed by Stripe, Inc. We do not store credit card numbers, CVVs, or bank account information. Stripe's privacy policy governs the handling of your payment data.

5. Data Storage & Security

Account data is stored in a secured PostgreSQL database with row-level security policies. Authentication tokens are stored in your operating system's native keychain (Windows Credential Manager, macOS Keychain, or Linux Secret Service).

6. Third-Party Services

• Supabase: Authentication and database hosting
• Stripe: Payment processing
• Vercel: Website hosting

7. Your Rights

You have the right to:

• Access your personal data
• Request deletion of your account and data
• Export your data in a portable format
• Withdraw consent at any time

8. Contact

For privacy-related questions, contact us at privacy@tunnely.com.