Privacy Policy — Califax VPN

    Our Core Promise: Califax VPN is built on a zero-knowledge architecture. We cannot see your traffic, your browsing history, or your real identity. This is enforced by our technology, not just our policy.
  

1. Who We Are

Califax VPN is a product of GuardLinkX Inc. ("we", "us", "our"). We provide virtual private network (VPN) and privacy services through our mobile applications (Android), desktop applications (Windows), and website (califaxvpn.guardlinkx.com).

Contact: services@guardlinkx.com

2. Information We Do NOT Collect

We are committed to a strict zero-log policy. We do not collect, store, or monitor:

Your browsing history or website visits
Traffic data, content, or DNS queries
Your real IP address while connected to the VPN
Connection timestamps (when you connected/disconnected)
Session duration
Your physical location or GPS coordinates
Bandwidth usage or data transfer amounts
Any information about the applications you use while connected

Our servers operate on a volatile (RAM-only) architecture. No user data is ever written to persistent storage. When a server reboots, all data is irrecoverably destroyed.

3. Information We Collect

We collect the minimum information necessary to provide the service:

3.1 Account Information

Email address — for account creation, authentication, and service communications
Name (optional) — if provided during registration
Payment information — processed by Stripe (our payment processor). We do not store credit card numbers.

3.2 Device Information

Device identifier — a randomly generated UUID stored locally on your device, used to manage VPN sessions. This cannot be traced back to you or your device.

3.3 Analytics (Non-Personal)

Download count — we track the number of times our app is downloaded (not who downloads it)
Crash reports — anonymous, aggregated crash data to improve app stability

4. How We Use Your Information

To create and manage your account
To authenticate your VPN sessions
To process payments (via Stripe)
To send important service updates (security notices, account issues)
To improve our service quality (using anonymous, aggregated data only)

5. VPN Permissions Explained

Our app requests the following permissions on Android:

5.1 VPN Permission

Required to establish a secure encrypted tunnel between your device and our servers. This is the core function of the app. Android displays a system dialog asking you to approve VPN creation — this is a standard Android security requirement for all VPN applications.

5.2 Network State Permission

Used to detect your network type (WiFi, cellular) to optimize the VPN connection and select the best server for your current conditions.

5.3 Location Permission (Optional)

Only required if you enable the Location Privacy feature (Location Fuzzing). This feature protects your real GPS coordinates from being exposed to other apps. When enabled, it provides slightly randomized coordinates to other applications so they cannot pinpoint your exact position.

We never transmit your location data to our servers. Location processing occurs entirely on your device.

5.4 Notification Permission

Used to show VPN connection status in your notification bar so you always know when the VPN is active.

6. Data Sharing

We do not sell, rent, trade, or share your personal information with third parties, except:

Payment Processing — Stripe processes payments on our behalf under their own privacy policy
Legal Requirements — If required by law, though our zero-log architecture means we have no meaningful user data to provide. Our warrant canary system publicly verifies whether any government requests have been received.

7. Data Retention

VPN traffic data — Never stored. RAM-only servers ensure zero persistence.
Account information — Retained while your account is active. Deleted within 30 days of account closure.
Payment records — Retained as required by financial regulations (typically 7 years).

8. Data Security

We protect your data with:

Military-grade encryption on all VPN connections
Quantum-resistant encryption protocols to protect against future threats
Volatile (RAM-only) servers that retain no data on reboot
Hardware security vaults for encryption key storage
Regular independent security audits

9. Your Rights

You have the right to:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate data
Deletion — Request deletion of your account and all associated data
Portability — Request your data in a portable format
Objection — Object to specific uses of your data

To exercise these rights, contact services@guardlinkx.com.

10. Children's Privacy

Califax VPN is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided personal information, we will delete it immediately.

11. International Data Transfers

Our servers are located in multiple countries. By using our service, you consent to the transfer of your encrypted VPN traffic through servers in various jurisdictions. Because we maintain a zero-log policy, no personally identifiable data is stored in any jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Warrant Canary

GuardLinkX maintains a publicly verifiable warrant canary that is cryptographically signed and updated every 72 hours. This canary confirms that we have not received any government warrants, gag orders, or national security letters. The canary is independently verifiable by any third party.

14. Contact Us

For privacy-related questions or concerns:

Email: services@guardlinkx.com
Website: califaxvpn.guardlinkx.com/support