Privacy rules written to match the product

Our core commitment

Aevora does not log your browsing activity. We never monitor, record, store, or share: websites you visit, DNS queries, content of your traffic, or your originating IP address for tracking.

This is a technical design decision, not just a policy statement. Our VPN servers are configured to not retain traffic logs.

Data we collect

We collect the minimum data necessary to operate the VPN service, verify your subscription, and provide support.

Your device identifier is a random UUID generated on your device. It is not your Apple ID, phone number, or any other personally identifying information.

• Subscription status and Apple transaction identifier — to verify your access
• Anonymous device identifier and device metadata — to register your device and check compatibility
• WireGuard public key — to establish the encrypted VPN tunnel
• VPN connection data: assigned server, duration, total bytes transferred — for service operation and abuse prevention
• Last handshake timestamp — to monitor connection health
• Diagnostics — only if you explicitly opt in, redacted by default
• Push notification token (APNs) — to deliver service notifications if you enable them

Optional account sign-in

You may optionally sign in with Apple or Google to sync your subscription across multiple devices. If you do, we receive only your name and email address if you choose to share them.

Sign-in is entirely optional. Aevora works fully without an account.

App analytics

To improve app stability and understand feature usage, we use the following services: Firebase Crashlytics (Google) for crash reporting; Yandex AppMetrica for product analytics; Facebook SDK for install attribution (disabled in regions with restrictive internet policies); Singular for advertising attribution measurement.

These services receive only app interaction data — screen views, crash logs, and install events. They have zero access to your VPN traffic, DNS queries, or browsing activity. Analytics data is linked to your vendor device identifier (IDFV), not to your Apple ID or personal identity.

Advertising identifier

We may request access to your device's Advertising Identifier (IDFA) through Apple's App Tracking Transparency prompt to measure the effectiveness of our advertising campaigns. This identifier is collected only if you grant permission. If you deny or later revoke access, we do not collect it.

Data we never collect

Aevora is intentionally designed to avoid categories that would reveal where you browse or who you contact.

We use analytics services (see App analytics above) solely to improve app quality. These services never have access to your VPN traffic.

• Browsing history or visited URLs
• DNS queries or browsing lookups
• Content of your internet traffic
• Your real IP address for tracking or analytics
• Location data, contacts, or photos

No third-party sharing

We do not sell, rent, or share your personal data with data brokers or advertising networks.

The following services process limited data to operate and improve Aevora: Apple (App Store) for payment processing; Apple Push Notification service for notification delivery; Firebase Crashlytics (Google) for crash reporting; Yandex AppMetrica for product analytics; Facebook SDK for install attribution (disabled in RU/CN/IR/TM); Singular for advertising attribution. Infrastructure providers only see encrypted VPN traffic. None of these services have access to your VPN traffic, DNS queries, or browsing activity.

Retention

Data is retained only as long as needed. After the retention period expires, data is automatically and permanently deleted.

• VPN connection metadata: 14 days
• Aggregated usage statistics: 90 days
• Diagnostics uploads: 30 days
• Subscription and billing records: duration of subscription plus legally required retention
• Device registrations: until revoked plus 30 days

Data security

All VPN traffic is encrypted end-to-end. Your VPN private key is generated on your device and never leaves it. Authentication uses token-based verification with no passwords stored.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data, object to processing, or withdraw consent for optional processing such as diagnostics.

To exercise any of these rights, contact us at [email protected].

European Economic Area (GDPR)

If you are in the EEA, our legal bases for processing are: contract performance for subscription verification, device registration, and VPN operation; legitimate interest for aggregated usage analysis and abuse detection; consent for diagnostics collection; legal obligation for billing record retention.

You have the right to lodge a complaint with your local supervisory authority.

California (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.

Children's privacy

Aevora is not directed to children under 18. We do not knowingly collect personal data from anyone under 18 years of age.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last Updated" date above. Your continued use of Aevora after changes constitutes acceptance of the updated policy.

Contact

Privacy inquiries: [email protected]. General support: [email protected]. Entity: WHEELE ACTIVITY SOFTWARE INC.

Apple may independently collect data in accordance with Apple's Privacy Policy.