Privacy Policy

CloudEx Inc. ("we", "us", or "the Company") operates the Dunova VPN application and the web service available at dunovavpn.cloud-ex.biz (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you consent to the practices described here.

1. Our core commitment: a no-log VPN

Dunova VPN is built on a strict no-log policy. We do not record, store, or share any of the following:

  • Websites or services you visit while connected to the VPN
  • The content of any traffic that passes through our tunnel
  • DNS queries you make through our resolver
  • Your original IP address linked to your activity
  • Connection timestamps tied to your identity

The VPN tunnel is established directly between your device and our servers. Once your traffic exits our server it carries the server's public IP, never yours.

We do not sell, use, or disclose to third parties any data for any purpose. The limited service providers described in section 4 process data solely on our behalf and under our instructions, and are contractually prohibited from using it for their own purposes.

2. Information we collect

2.1 Information you provide

Dunova VPN requires no account, registration, or sign-in. The only information you can provide is:

  • Support correspondence when you contact us by email. The body of the message and any attachments you include are stored only as long as needed to handle your request.

2.2 Information collected automatically

  • Subscription / billing tokens issued by the platform store (Google Play or the Apple App Store). We use these tokens to verify your entitlement to premium features. We never receive your credit card information.
  • Anonymous crash reports via Firebase Crashlytics, when you have not disabled this in Settings. Crash reports contain stack traces, device model, OS version, and the app version. They do not contain personally identifiable information or any of your VPN traffic.
  • Approximate country code derived from your device locale or store storefront. We use this on-device to suggest a nearby VPN server; it is not sent to our servers for analytics.

2.3 Information we explicitly do not collect

  • Your real-time GPS coordinates or any location data more precise than the country level
  • Your phone number, contacts, calendar, photos, microphone, or camera
  • The names of apps installed on your device, except when you explicitly use the "Split tunneling" feature — and even then the selection is stored only on-device
  • Advertising identifiers (IDFA / AAID)

2.4 Permissions we request and why

Some features require operating-system permissions. Dunova VPN asks for the following only when you enable the relevant feature, and uses them strictly for the purpose described:

  • Location (ACCESS_FINE_LOCATION on Android) — required by the operating system to read the SSID (name) of your current Wi-Fi network, which we use for the "Auto-connect on public Wi-Fi" feature and the "Trusted Wi-Fi networks" list. We never read, store, or transmit your GPS coordinates. The permission is used only as an OS-mandated gate for the SSID API. Decline it to disable Wi-Fi auto-connect; the rest of the app continues to work.
  • Nearby Wi-Fi devices (NEARBY_WIFI_DEVICES on Android 13+) — replaces the location requirement on newer Android versions for the same SSID-reading purpose. Same handling: no location data is read.
  • VPN service (BIND_VPN_SERVICE on Android) — required by the operating system for any VPN app to establish an encrypted tunnel.
  • Notifications — not requested. Dunova VPN does not send notifications.

3. How we use information

We use the limited information we collect only to:

  • Operate and maintain the Service
  • Verify your subscription or purchase entitlement
  • Diagnose and fix crashes (unless you have disabled crash reporting in Settings)
  • Respond to your support requests
  • Comply with applicable laws

4. Service providers (data processors)

We do not sell, use, or disclose to third parties any data for any purpose. To operate the Service we rely on a small number of service providers that process a limited set of data strictly on our behalf and under our instructions. Each of them is contractually bound to process that data only to provide their service to us, and is prohibited from selling it, disclosing it, or using it for their own purposes, including advertising or analytics.

  • Firebase Crashlytics (Google LLC) — processes anonymous crash reports on our behalf (crash reporting can be turned off in Settings)
  • RevenueCat (RevenueCat, Inc.) — verifies your subscription entitlement on our behalf; it receives a randomly generated anonymous app user ID and your purchase token, nothing else
  • Google Play Billing / Apple App Store — payment processing handled entirely by the platform store

None of these providers receives your VPN traffic, browsing activity, DNS queries, or your original IP address tied to your activity. Dunova VPN contains no advertising networks, no third-party analytics, and no tracking SDKs, and we never share, sell, or rent any user data to data brokers or marketers.

5. DNS and ad blocking

Dunova VPN can route DNS queries through our own resolver. When ad blocking is enabled, the resolver replies with a sinkhole address for domains on our blocklist. We do not record which domains you query.

If you set a custom DNS server in Settings (Cloudflare, Quad9, Google, etc.), your DNS queries are sent to that provider rather than to us, and their privacy policy applies.

6. Data retention

  • Support emails: retained for 12 months after the last reply, then deleted unless required for legal reasons.
  • Crash reports: retained for 90 days then deleted.
  • VPN session metadata required for capacity planning (aggregate counts only, never tied to a user): retained for up to 30 days.

7. International transfers

Our company is based in Japan. Our VPN servers and support systems are located in multiple countries around the world. When you use the Service, the minimal information described above may be processed outside your country of residence under standard contractual safeguards.

8. Your rights

Depending on your jurisdiction (EEA, UK, California, Japan, etc.) you may have rights to access, correct, delete, or export the limited information we hold about you. You can:

  • Disable Firebase Crashlytics in Settings → Privacy → "Send crash reports"
  • Request access to or deletion of any information we hold about you (such as support correspondence) by contacting us at the address below.

9. Children's privacy

Dunova VPN is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect information from such children. If you believe we have, please contact us and we will delete the information promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available at this URL with an updated effective date. Material changes will be highlighted in the app where appropriate.

11. Contact

For privacy questions, data requests, or to report a concern, please email us at ifeeqp2002+dunovavpn@gmail.com.

CloudEx Inc., Japan.

Effective Date: 2026-06-12