Legal

Privacy Policy

Last updated: June 7, 2026.

This Privacy Policy explains what data is processed when you use the Nafanya VPS application (the “App”) and its related services. The App is a client for private and secure internet access (VPN) on iOS, Android, macOS and Windows. We follow the principle of collecting only the minimum data necessary.

The data controller is sole proprietor Dmitriev Maksim Aleksandrovich (“we”). For any data-related questions, contact support@nafanya.llc.

In short

We do not log your traffic, visited websites or online activity.
We do not sell or share your data with third parties and do not use it for advertising.
The App does not create user accounts: it works as a client that connects using an imported configuration.
Server configurations and settings are stored only on your device.
The App contains no ads, no advertising identifiers and no cross-app tracking.

What data is processed

1. Data stored only on your device

The following data is stored locally in the device’s secure storage and is never sent to our servers:

imported connection configurations (vless:// links and server lists obtained via an import link);
the selected server or the “Fastest” mode;
your settings: kill switch, custom DNS, routing settings (iOS), split tunneling and the list of selected apps, local-network sharing (Android).

You can delete this data at any time within the App or by uninstalling the App.

2. Data required to operate the VPN connection

Device IP address. When a VPN connection is established, your IP address is technically visible to the server you connect to — this is required to route traffic. We do not keep connection logs and do not link your IP address to your identity.
Transferred traffic volume. Our server infrastructure may account for the aggregate traffic volume to monitor node load and availability. This accounting does not reveal the content of your traffic or your browsing history.
Optimal server request. In “Fastest” mode the App queries our service endpoint (kuzya.fit) for a priority-ordered server list. The request contains only the technical information needed to respond.
Server list import. If you use an import link, the App downloads the list of available servers and its validity period from it.

3. Crash diagnostics (anonymized)

In case of an error or failure in the App, anonymized technical data about the failure is sent via Google Firebase Crashlytics. It helps us find and fix problems and includes: device model, operating system version, App version, time and circumstances of the failure, the call stack, and a technical installation identifier generated by Crashlytics. This data does not identify you personally and contains no content of your traffic. Diagnostics are not sent in debug builds.

4. Update checks

To notify you about available updates, the App uses Google Firebase Remote Config and compares the current version with the latest one. No personal data is collected for this.

Authorization on kuzya.online (optional)

During initial setup the App offers, but does not require, authorization on the kuzya.online website to obtain a link for importing the server list. Authorization is used solely to account for the volume of traffic used. No user data is stored in the App — only the imported configuration is saved. You can use the App without authorization by manually pasting your own vless:// link.

What we do not do

We do not log the content of your traffic, DNS queries, visited sites or apps.
We do not sell, rent or share personal data with third parties.
We do not use the VPN connection to display ads or alter content in other apps.
We do not track you across other apps and websites; no advertising identifiers are used.
We do not request access to contacts, photos, camera, microphone, location or Bluetooth.

Third-party services

The App uses Google services (Firebase Crashlytics and Firebase Remote Config). Their processing of data is governed by the Google Privacy Policy. The VPN technology is built on the open-source Xray Core; the list of open-source components is available on the Licenses page.

Encryption

The VPN connection is encrypted using standard modern cryptographic protocols (based on the Xray Core engine with TLS and AES-family encryption). Communication with service endpoints and import links uses the secure HTTPS/TLS protocol.

Retention periods

Configurations and settings are stored locally until you delete them in the App or uninstall the App.
Anonymized crash data is stored in Firebase Crashlytics for the period set by Google (typically up to 90 days).
We do not create or keep user-linked connection logs.

Your rights

Depending on your jurisdiction (including the GDPR for EU users and the CCPA for California users), you may have the right to access, correct, delete and restrict the processing of your data, as well as the right to object to processing. To exercise these rights, contact support@nafanya.llc.

Data deletion

Since the App does not create user accounts, to delete local data it is enough to remove the imported configuration inside the App or uninstall the App. If you created an account on the kuzya.online website, you can request its deletion together with the associated data by writing to support@nafanya.llc — we will process the request within a reasonable time.

Children

The App is not intended for individuals below the age at which, under the laws of their country, they can independently consent to data processing. We do not knowingly collect data from children.

Changes to this Policy

We may update this Policy from time to time. The current version is always available on this page; the last updated date is shown above.

Contact

ControllerDmitriev Maksim Aleksandrovich, IP

Emailsupport@nafanya.llc

Terms of Servicenafanya.llc/en/terms-of-service