Privacy Policy

CloudEx Inc. ("we", "us", or "the Company") operates the Dunova VPN application and the web service available at dunovavpn.cloud-ex.biz (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you consent to the practices described here.

1. Our core commitment: a no-log VPN

Dunova VPN is built on a strict no-log policy. We do not record, store, or share any of the following:

  • Websites or services you visit while connected to the VPN
  • The content of any traffic that passes through our tunnel
  • DNS queries you make through our resolver
  • Your original IP address linked to your activity
  • Connection timestamps tied to your identity

The VPN tunnel is established directly between your device and our servers. Once your traffic exits our server it carries the server's public IP, never yours.

2. Information we collect

2.1 Information you provide

  • Account credentials if you sign in with Google — limited to your provider-issued unique user ID, email address, and (where you allow it) display name and profile picture. This information is used solely to identify you across your devices for subscription sharing.
  • Support correspondence when you contact us by email. The body of the message and any attachments you include are stored only as long as needed to handle your request.

2.2 Information collected automatically

  • Subscription / billing tokens issued by Google Play or RevenueCat. We use these tokens to verify your entitlement to premium features. We never receive your credit card information.
  • Anonymous crash reports via Firebase Crashlytics, when you have not disabled this in Settings. Crash reports contain stack traces, device model, OS version, and the app version. They do not contain personally identifiable information or any of your VPN traffic.
  • Approximate country code derived from your device locale or store storefront. We use this on-device to suggest a nearby VPN server; it is not sent to our servers for analytics.

2.3 Information we explicitly do not collect

  • Your real-time GPS coordinates or any location data more precise than the country level
  • Your phone number, contacts, calendar, photos, microphone, or camera
  • The names of apps installed on your device, except when you explicitly use the "Split tunneling" feature — and even then the selection is stored only on-device
  • Advertising identifiers (IDFA / AAID)

2.4 Permissions we request and why

Some features require operating-system permissions. Dunova VPN asks for the following only when you enable the relevant feature, and uses them strictly for the purpose described:

  • Location (ACCESS_FINE_LOCATION on Android) — required by the operating system to read the SSID (name) of your current Wi-Fi network, which we use for the "Auto-connect on public Wi-Fi" feature and the "Trusted Wi-Fi networks" list. We never read, store, or transmit your GPS coordinates. The permission is used only as an OS-mandated gate for the SSID API. Decline it to disable Wi-Fi auto-connect; the rest of the app continues to work.
  • Nearby Wi-Fi devices (NEARBY_WIFI_DEVICES on Android 13+) — replaces the location requirement on newer Android versions for the same SSID-reading purpose. Same handling: no location data is read.
  • VPN service (BIND_VPN_SERVICE on Android) — required by the operating system for any VPN app to establish an encrypted tunnel.
  • Notifications — not requested. Dunova VPN does not send notifications.

3. How we use information

We use the limited information we collect only to:

  • Operate and maintain the Service
  • Verify your subscription or purchase entitlement
  • Synchronize your premium status across the devices you sign in on
  • Diagnose and fix crashes (when you have opted in)
  • Respond to your support requests
  • Comply with applicable laws

4. Third-party services

Dunova VPN integrates the following third-party services. Each service has its own privacy policy that governs the data they process.

  • Firebase Authentication, Crashlytics (Google LLC) — sign-in identifiers and anonymous crash data
  • Google Sign-In (Google LLC) — used only when you tap "Sign in with Google"
  • RevenueCat (RevenueCat, Inc.) — subscription state tracking; we send your Firebase user ID and receive your entitlement status
  • Google Play Billing — payment processing handled entirely by the platform store

We do not share any data with advertising networks because Dunova VPN does not display in-app advertising.

5. DNS and ad blocking

Dunova VPN can route DNS queries through our own resolver. When ad blocking is enabled, the resolver replies with a sinkhole address for domains on our blocklist. We do not record which domains you query.

If you set a custom DNS server in Settings (Cloudflare, Quad9, Google, etc.), your DNS queries are sent to that provider rather than to us, and their privacy policy applies.

6. Data retention

  • Account identifiers: retained while your account exists; deleted within 30 days after account deletion.
  • Support emails: retained for 12 months after the last reply, then deleted unless required for legal reasons.
  • Crash reports: retained for 90 days then deleted.
  • VPN session metadata required for capacity planning (aggregate counts only, never tied to a user): retained for up to 30 days.

7. International transfers

Our company is based in Japan. Our VPN servers, support systems, and analytics providers are located in multiple countries around the world. When you use the Service, the minimal information described above may be processed outside your country of residence under standard contractual safeguards.

8. Your rights

Depending on your jurisdiction (EEA, UK, California, Japan, etc.) you may have rights to access, correct, delete, or export the limited information we hold about you. You can:

  • Sign out of the app to disconnect your device from the cross-device subscription system
  • Disable Firebase Crashlytics in Settings → Privacy → "Send crash reports"
  • Delete your account by contacting us at the address below — this purges your Firebase Auth user record and the linked RevenueCat profile.

9. Children's privacy

Dunova VPN is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect information from such children. If you believe we have, please contact us and we will delete the information promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available at this URL with an updated effective date. Material changes will be highlighted in the app where appropriate.

11. Contact

For privacy questions, data requests, or to report a concern, please email us at ifeeqp2002+dunovavpn@gmail.com.

CloudEx Inc., Japan.

Effective Date: 2025-01-01