Privacy Policy

1. Who We Are

This Privacy Policy describes how VPN Gratis Limited, a company registered in England and Wales (the "Company", "we", "us"), collects, uses, and shares information when you use the Free VPN Gratis mobile application for iOS (the "App"). VPN Gratis Limited is the data controller of personal data processed in connection with the App, except where stated otherwise below.

2. Scope

This Policy applies to the App and to any related services that link to it. It does not apply to any third-party services or websites you may access through the VPN tunnel, which are governed by their own privacy policies.

3. What We Do Not Collect

Privacy is the reason this App exists. We have specifically designed Free VPN Gratis so that we do not collect or store:

• Your browsing history or the websites you visit;
• The contents of any traffic that passes through the VPN tunnel;
• DNS queries you make through the App;
• Your originating IP address or the IP addresses of websites you access;
• Connection timestamps tied to your identity;
• Bandwidth usage tied to your identity;
• Your name, postal address, phone number, date of birth, or any other directly identifying personal information (we do not require account registration to use the App).

4. What We Do Collect

To keep the App running reliably, we collect a small amount of strictly necessary diagnostic data on a fully anonymous, aggregated basis. This data is not linked to your name, account, email address, or any other personal identifier maintained by us.

4.1 Connection success / failure metrics

When the App attempts to establish a VPN tunnel, we record whether the attempt succeeded or failed and a non-personal error category if it failed (e.g., "timeout", "auth_error", "network_unavailable"). These metrics are aggregated across all users so we can monitor the overall health of our server fleet and improve product quality. They do not contain identifiers that allow us to single you out.

4.2 Crash and stability diagnostics

If the App crashes, the iOS operating system or our crash reporting SDK may generate a stack trace describing the technical failure. These reports help us reproduce and fix bugs. Stack traces typically include the device model, iOS version, App version, and the technical state of the App at the moment of the crash. They do not include the contents of your traffic or your browsing activity.

4.3 Subscription & purchase status

If you purchase a subscription, the App receives a transaction receipt issued by Apple confirming whether your subscription is active. We use this only to determine whether to unlock paid features. The actual purchase is processed by Apple, not by us, and we do not receive your payment card details or your full Apple ID information.

5. Third-Party SDKs and Their Data

The App integrates with the following third-party services. Each provider acts as an independent data controller (or, where applicable, data processor) for the data it collects directly from your device. Their use of data is governed by their own privacy notices.

5.1 Google AdMob (advertising)

The free, ad-supported version of the App displays advertising served by Google AdMob. AdMob may collect:

• The Apple Advertising Identifier (IDFA) — only if you grant tracking permission through Apple's App Tracking Transparency prompt;
• A non-personal identifier for advertising (IDFV);
• Coarse device information (model, iOS version, language, country);
• Approximate location derived from your IP address (Google does not share your precise GPS location with us);
• Ad impression and click events.

For more information, see the Google Privacy Policy and the AdMob Data Disclosures.

5.2 Google Firebase (analytics & crash reporting)

We use Firebase for crash reporting and basic product analytics. Firebase may collect:

• A non-personal app instance ID;
• Standard device and OS metadata;
• Crash stack traces and technical diagnostic logs;
• Aggregated usage events (such as which screen the user opened) — these events do not contain the content of your traffic or any sensitive personal information.

For more information, see the Firebase Privacy and Security page.

5.3 Apple StoreKit / App Store

Subscriptions and in-app purchases are processed by Apple. Apple receives the information necessary to complete the transaction, subject to its own Privacy Policy.

6. Why We Use This Data

The limited data described above is used solely for the following purposes:

• Service reliability. Identifying and fixing connectivity, stability, and performance issues.
• Product improvement. Understanding aggregate usage patterns to improve the App.
• Subscription enforcement. Verifying whether you have an active Premium subscription.
• Advertising in the free tier. Showing ads that support the free version of the App, where you have provided the necessary consent.
• Legal compliance. Complying with applicable laws and protecting our rights.

We do not sell or rent your personal data to anyone, and we do not use the data we collect to build advertising profiles of you.

7. Legal Basis (UK / EEA Users)

Where the UK GDPR or EU GDPR applies, the legal bases on which we rely are:

• Performance of a contract — to provide the App and process subscriptions you request;
• Legitimate interests — to monitor service reliability, prevent abuse, and improve the App, balanced against your rights;
• Consent — for advertising-related processing that requires consent under Apple's ATT or applicable e-privacy rules;
• Legal obligation — where we are required by law to retain or disclose information.

8. Sharing of Information

We do not sell your personal data. We share information only with:

• The third-party SDK providers listed in Section 5;
• Cloud and infrastructure vendors that host our servers, acting as data processors under appropriate contractual safeguards;
• Professional advisers (lawyers, accountants, auditors) where strictly necessary;
• Authorities, where compelled by valid legal process and only to the extent legally required.

9. Data Retention

Aggregated connection metrics and crash reports are retained for a limited period (typically up to 12 months) and then deleted or further aggregated so they cannot be associated with any individual session. Data held by third-party SDK providers is retained according to their own retention policies.

10. Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you;
• Request correction or deletion of your personal data;
• Object to or restrict certain processing;
• Withdraw consent (where processing is based on consent);
• Lodge a complaint with a supervisory authority — UK users may complain to the Information Commissioner's Office (ICO);
• Opt out of the "sale" or "sharing" of personal information, if you are a resident of California or another U.S. state with similar rights — note that we do not sell personal data.

Because we do not maintain user accounts, we typically have very little personal data tied to a specific individual. To exercise your rights, please email yongrongli@vpngratis.xyz with the subject "Privacy Request" and the App version you are using.

11. Apple App Tracking Transparency & Consent

On iOS, the App will present Apple's App Tracking Transparency ("ATT") prompt before any third-party SDK accesses the IDFA for cross-app advertising purposes. You can choose to allow or deny tracking, and you may change your decision at any time in iOS Settings → Privacy & Security → Tracking. Denying tracking does not stop you from using the App or any of its core functionality; it only restricts personalised advertising. If you deny tracking, ads in the free tier may still be shown but will be non-personalised.

You can also limit ad personalisation system-wide via iOS Settings → Privacy & Security → Apple Advertising → Personalised Ads, and reset your advertising identifier at any time.

11.1 How to request data deletion

Because the App does not require an account and does not store directly identifying personal information about you, in most cases there is no individual user record for us to delete. If you would like us to confirm this, or if you would like us to ask our SDK providers to delete data they have associated with your device, please email yongrongli@vpngratis.xyz with the subject "Data Deletion Request" and the IDFA / IDFV (if you have it) you wish to be deleted. We will respond within 30 days, in line with applicable law.

12. International Data Transfers

VPN Gratis Limited is based in the United Kingdom. Our infrastructure providers and third-party SDK providers may process data in the United States, the European Economic Area, and other countries. Where required, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or equivalent mechanisms.

13. Security

We implement industry-standard administrative and technical safeguards to protect the limited information we hold, including encrypted transport (TLS), restricted access controls, and regular review of our infrastructure. No system can guarantee absolute security, but we work continuously to keep risks low.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the App, or applicable law. The updated policy will be posted on this page with a new "Last updated" date. Material changes will, where reasonable, be highlighted in the App or via in-product notice.

15. Contact Us

If you have questions about this Privacy Policy or our handling of personal data, please contact us: