Privacy Policy
Last updated: 17 Oct 2025
Glitch VPN (“we”, “us”, “our”) is operated by GLITCH LABS LLC. We collect the minimum data needed to operate subscriptions, device management, and support.
We operate the VPN with no activity-logs: we do not persist traffic contents or destinations, DNS queries, original IP addresses, connection timestamps, session duration history, or per-account bandwidth histories.
Data we process
- Account Identifier:
user_code(random 16-character code).
Purpose: authenticate and provide the Service. Legal basis (GDPR): performance of a contract. - Devices:
device_id,os,device_type(mobile/desktop/browser).
Purpose: device limits, primary-device control, troubleshooting. Basis: contract/legitimate interests.
Deletion: device data is deleted upon sign out of that device. - Session Ephemera:
server_client_id(exists only while connected).
Purpose: routing and anti-abuse protections. Basis: legitimate interests.
Deletion: ephemeral; destroyed when the session disconnects. - Messaging-platform identifier: Telegram user ID (stored as is) to manage subscriptions and support (including deletion of sensitive messages in the bot).
As well stored in payments meta inforamtion as pseudonymized string. Basis: contract/legitimate interests.
Deletion: deleted as soon as the user signs out from the Telegram bot or when no longer needed for subscription management/support.
In payments - 3 years after payment as pseudonymized string.
We do not collect names, emails, passwords, or payment card details.
Payments
Payments are processed by third-party payment providers/platforms (which may change over time). We do not receive your card/bank information. The provider(s) you use at checkout process data under their own terms and privacy policies; details are disclosed in the checkout flow.
Cookies, analytics, and third parties
- We do not use trackers/analytics within the VPN Service.
- Our public website/CDN may rely on infrastructure providers (e.g., Cloud services, CDN/SSL) for performance and security. Such providers may process limited technical data (e.g., IP at the edge) under their own policies to deliver the site and mitigate abuse.
Subprocessors & international transfers
We may use infrastructure and platform providers to operate the Service. Server locations are various worldwide. Where personal data is transferred from the EEA/UK to a third country, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable.
Retention
user_code: retained up to 1 year from the last successful authorization, then deleted.
However, if paid time is active, the account will not be deleted until the end of the paid period or cancellation.devices: retained while linked; deleted upon device sign out or removal.server_client_id: ephemeral, deleted on disconnect.telegram_user_id: retained as needed for subscription management/support; deleted upon sign out from the Telegram bot or when no longer necessary.
Your rights
Where applicable (e.g., GDPR/UK GDPR/CCPA), you may request access or deletion. The most privacy-preserving path is via our support bot @glitch_vpn_support_bot or by emailing [email protected]. We may ask you to prove control of the primary device or the user_code.
Security
We design for no activity-logs. Operational protections rely on in-memory mechanisms and ephemeral state, plus standard network security controls. No method of transmission is 100% secure.
Children
The Service is for users at or above the age of majority in their country, and in any case 18+.
Law enforcement & transparency
We respond only to properly served, valid legal requests addressed to GLITCH LABS LLC under applicable law. Given our design, we typically cannot attribute network activity to a specific user. Where legally allowed, we will disclose if we have no matching records.
Changes
We may update this Policy. Material changes will be posted here with a new “Last updated” date.
Contact
Support: [email protected] • Legal: [email protected] • Telegram: @glitch_vpn_support_bot