Privacy Policy for “VPS Connect”

Effective date: [YYYY-MM-DD]

This Privacy Policy explains what information the VPS Connect browser extension ("Extension", "we", "us") processes and why, how we use it, and what choices you have. This policy applies to the Extension and the related backend services that support authentication and user settings synchronization. It does not cover websites you visit or services operated by others.

1) What this Extension does

The Extension helps you establish and manage a connection to your own VPS resources. It configures your browser’s network settings so your outbound connections can be directed through your VPS endpoint when you enable the connection. The Extension itself does not provide network tunneling to the public, and it does not inspect the content of the web pages you visit.

2) Information we process

• Account data: the email address you provide to register, sign in, and verify your account.
• Authentication data: a JSON Web Token (JWT) issued after successful login or email verification.
• Extension settings: connection status (enabled/disabled), connection mode, and your list of allowed sites (URL list) that you manage in the Extension.
• Connection metadata: when the connection is enabled, your browser establishes outbound connections via your VPS endpoint. To operate the connection, destination hosts/domains and other technical headers are inherently processed by the network path. For HTTPS destinations, page content remains end‑to‑end encrypted between your browser and the destination site.
• Diagnostics and security logs: minimal server-side events necessary to operate, secure, and troubleshoot the service.

3) How we use information

• To create and manage your account and authenticate you.
• To enable and control the connection from your browser to your VPS endpoint, including attaching an authentication token during connection handshakes.
• To synchronize your allowed-sites list with your account (if you use this feature).
• To maintain reliability, prevent abuse, and meet security and legal obligations.

4) What we do not do

• We do not sell your personal information.
• We do not collect or store the content of the web pages you visit.
• We do not use third‑party analytics libraries in the Extension.

5) Browser permissions we request (purpose only)

• Network configuration: to adjust how your browser connects so it can reach your VPS endpoint when enabled.
• Web request handling: to attach authentication information to connection handshakes and handle authentication challenges.
• Storage: to save your token and Extension settings locally on your device.
• Alarms: to schedule internal housekeeping tasks (e.g., state checks).
• Access across sites: to apply your chosen connection settings consistently across websites you visit.

6) Storage and retention

• On your device: your token and settings are stored locally in your browser and remain until you log out or remove the Extension.
• On our servers: your account data (e.g., email) and synchronized items (e.g., allowed-sites list) are stored while your account is active or as required for legitimate business or legal purposes. You may request deletion (see “Your rights”).
• Logs: operational and security logs are retained for a limited time and deleted or anonymized when no longer needed.

7) Sharing and transfers

We do not share personal information with third parties for marketing. We use hosting and network infrastructure providers to operate our authentication and account services. Access is restricted and governed by contracts and security controls.

8) Security

We implement technical and organizational measures appropriate to the risk. For HTTPS destinations, content remains encrypted end‑to‑end between your browser and the destination site even when the connection via your VPS is enabled.

9) Your choices and rights

• Access/Correction/Deletion: contact us to request access to, correction of, or deletion of your personal information.
• Log out: you can log out in the Extension at any time, which removes the local authentication token.
• Uninstall: you can remove the Extension at any time via your browser.

10) Children’s privacy

The Extension is not directed to children and should not be used by individuals under the age of 16 or the age required by local law.

11) Changes

We may update this policy from time to time. We will post the updated version at this URL and revise the effective date above.

12) Contact

Email: support@noreplay.tech