§ Privacy Policy · Last updated 2026-04-21

Privacy Policy

We built Oxshield so we could not know what you do with it. This policy tells you exactly what data we collect, why, where it lives, and how long we keep it. No tracker pixels, no third-party advertising networks, no analytics on your traffic.

1. The no-logs position

Your VPN traffic — the websites you visit, DNS queries, time spent connected to any destination — is not logged. This is a protocol-level property of the Shadowsocks transport Oxshield uses and does not modify. It is not a policy we ask you to trust; it's the default behavior of the software.

We cannot produce traffic logs on court order because they do not exist. We publish our server configurations and take server snapshots publicly upon request to anyone who wants to audit this claim. If we ever change what the VPN software records, we will announce it in advance and offer refunds for any unused subscription period.

2. What we actually collect

We collect only what the service needs to function:

  • Account email + password hash — created at signup. Used to authenticate and recover accounts. Stored in Supabase (EU region). An anonymous account-number option is planned.
  • Subscription status and billing metadata — tier, next billing date, payment status. We do not store your card details. Polar (Polar Software Inc.), our payment processor, stores these under their own privacy policy.
  • Your VPN access records — which servers you have access keys for, and whether a key is currently marked active. This is required so we can route you to the correct server and apply your tier's rules. We record that an access key exists, not what you did with it.
  • Aggregated bandwidth counts per access key — from the server's transfer-metrics endpoint, so you can see your own bandwidth usage and we can bill free-tier data caps. This is a byte total, not a traffic log — destinations and timing are not recorded.
  • Session cookies — required to keep you logged in. Session-scoped, HttpOnly, Secure. We do not use analytics or advertising cookies.
  • Server logs of your own API requests to our dashboard — standard web-server access logs (IP, timestamp, endpoint, HTTP status). Retained 30 days. Used only for security incident investigation. This is not your VPN traffic, which is never logged.

That's the full list. If a field or table appears in our database that isn't here, it's a bug — please report it.

3. What we don't collect

  • Your VPN traffic (websites visited, DNS queries, any payload)
  • Your physical address, phone number, or government ID
  • Your payment card details
  • Behavioral analytics, heatmaps, or session recordings
  • Third-party tracker cookies or pixels

4. Third parties

Three third parties process data on our behalf:

  • Supabase (EU region) — hosts our application database and authentication. Holds your email, hashed password, subscription status, access-key records.
  • Polar (Polar Software Inc.) — payment processor and merchant of record. Handles your card checkout, stores payment credentials under their own terms. We receive only the minimum needed to recognise your subscription status.
  • DigitalOcean / Hetzner / AWS (case-by-case) — the underlying VPS providers for Oxshield-operated VPN servers. They see encrypted packet flow, not plaintext; they do not see your account identity. Community-contributor servers use the operator's VPS provider of choice.

We do not share data with advertisers, data brokers, or other customers. We do not use Google Analytics, Facebook Pixel, Mixpanel, Segment, Amplitude, PostHog, or similar.

5. Retention

  • Account data: kept for the lifetime of your account. Deleted within 30 days of account closure.
  • Access-key records: deleted when the key is revoked, or when you close your account.
  • Bandwidth counters: rolling 30 days (enforcement of free-tier data cap).
  • Dashboard access logs: 30 days.
  • Billing records (tax compliance): 7 years, as required by law. This is metadata (subscription amounts, dates) — not VPN traffic.

6. Your rights

Regardless of where you live, you have the right to:

  • Access the data we hold about you (we'll email you a JSON export on request)
  • Correct it
  • Delete your account and associated data
  • Export your data in a portable format

Email hello@oxshield.io for any of these. We respond within 30 days (often much faster).

7. Jurisdictional notes

GDPR / UK GDPR: we act as data controller for your account data. Lawful bases: contract (service provision), legitimate interest (security log review), and consent (where applicable).

CCPA / US state privacy laws: we do not sell or share personal information for cross-context behavioral advertising. You may request access or deletion via the channel above.

Children: Oxshield is not directed at children under 16. We do not knowingly collect information from anyone under 16. If you believe a child has created an account, please contact us and we will delete it.

8. Security

Supabase hosts data encrypted at rest. Our application enforces HTTPS end-to-end, two-factor authentication (optional), and cert-pinned HTTPS to every Oxshield server we manage. We run periodic security reviews internally and will commission an independent infrastructure audit when revenue supports it.

Oxshield inherits the audit chain of its open-source foundation (Outline by Google Jigsaw, Apache 2.0) — reviewed by Radically Open Security, Cure53, and the Open Technology Fund. Those reports are public and linked from our blog.

9. Changes

We may update this policy. Material changes are announced by email and in the dashboard at least 14 days before taking effect. Each version is timestamped at the top of this page.

10. Contact

Data rights requests and general privacy questions: hello@oxshield.io. Security issues, abuse reports, or anything you'd like us to act on urgently: abuse@oxshield.io.