Privacy Policy for BunnyWhisper SecureNet

Last Updated: 11/12/2025

We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your information. This policy governs the BunnyWhisper SecureNet service (the "Service"). By using the Service, you agree to the terms outlined below.

1. Data Collection

A. Mandatory Data

Device Information: IP address, Android OS version, device model, unique identifiers (e.g., IMEI, MAC address).
Connection Logs: Server location, timestamp, session duration, bandwidth usage (retained ≤30 days).
Performance Metrics: Error reports, crash logs, connection stability data.

B. Ad-Related Data

Non-Personal Identifiers: Device type, geographic location (country/city), language preferences.
Ad Interaction Data: Impressions, click-through rates (CTR), user dwell time.

C. Optional Data

User Feedback: Submitted support tickets, feature requests, survey responses.
Account Information: If you choose to create an account, we collect email/phone number (for updates or security alerts).

2. Purpose of Data Processing

Service Functionality: Provide encrypted connections (via Android VPNService), server allocation, and diagnostics.
Advertising & Monetization: Support free service through non-intrusive ads (Google AdMob, AdSet).
Legal Compliance: Adhere to Google Play policies and respond to legal requests.

3. Data Sharing

Third-Party Partners: We share anonymized data with Ad Networks (Google AdMob) and Analytics Tools (Firebase).
Restrictions: User data is never sold to third parties for direct marketing.

4. User Rights

You have the right to access, correct, or delete your data. Deletion requests can be submitted via our contact email and require identity verification.

5. Data Security Measures

We use TLS 1.3 for data in transit and AES-256 for local data storage. Employees access data via multi-factor authentication (MFA).

6. International Data Transfers

Data may be stored in the U.S. (AWS), EU (Frankfurt), or Asia (Singapore), complying with GDPR Standard Contractual Clauses (SCCs).

7. Data Retention Periods

Data Type	Retention Period
Connection Logs	≤30 days (auto-deleted)
Ad Data	Anonymized after 90 days
User Feedback	6 months (auto-deleted)
Account Data	Deleted immediately upon logout

8. Policy Updates & Notifications

Significant changes are communicated via in-app notifications. Users must confirm acceptance of new terms within 14 days.

9. Contact & Complaints

Contact Information:
Email: nyhkcaawy@outlook.com

GDPR users can submit complaints via the EU Data Protection Board.

Compliance Notes: This Service utilizes the Android VPNService API to provide core VPN functionality. We ensure that data transmitted via the secure tunnel is encrypted and handled in accordance with Google Play's Prominent Disclosure requirements.