# Privacy Policy — Montana VPN **Effective:** May 18, 2026 **Publisher:** Montana Network (efir369999@gmail.com) **Application:** Montana VPN (`quest.montana.vpn`) --- ## Summary Montana is a decentralized VPN protocol with a built-in wallet. We do **not** collect personal data, do **not** store traffic logs, and do **not** identify users. Below is a detailed breakdown of what the app does and what data is processed. --- ## 1. What data the app processes ### 1.1 Seed phrase (24 BIP39 words) - **Storage:** only on user's device, in app `localStorage`. Never leaves the device. - **Server transmission:** none. - **Export option:** user can view 24 words on the "Wallet" screen to write down. - **Deletion:** uninstall app or tap "Sign out of wallet". ### 1.2 Wallet address - **Origin:** deterministically derived from 24 words via BIP39 + PBKDF2-HMAC-SHA512 + SHA-256. - **Server transmission:** yes — sent in each heartbeat to credit Ɉ to the correct wallet. - **What the server sees:** only 40-hex characters of the address. Cannot be linked to a specific person — address is randomly generated on first launch. ### 1.3 Network traffic - **VPN traffic:** routed through cascade Helsinki → Frankfurt/NewYork/Helsinki → open internet. - **Logging on servers:** xray and haproxy on VPN nodes operate with `access logs disabled`. Long-term connection logging is **not maintained**. - **Content inspection:** none. - **Third-party sharing:** none. ### 1.4 User IP - **What we see:** on first VPN connection — user IP at haproxy level (Helsinki) for 24-hour stick-table routing. - **Storage:** in-memory only on one node, not persisted to disk. - **Removal:** automatically after 24 hours of inactivity. ### 1.5 Heartbeat metadata - **Sent every 5 seconds:** wallet address (40-hex), nonce (timestamp), Ed25519 public key, signature. - **Server-side storage:** atomic JSON file with balance, seconds online, last connection node. - **Retention:** records with zero balance and ≥30 days inactive are automatically purged. --- ## 2. What we do NOT collect - **Name, email, phone** — app never requests. - **Geolocation** — no permission requested, GPS not used. - **Contacts** — no permission requested. - **Photos / media** — no permission requested. - **Device identifiers** (IMEI, Android ID, Advertising ID) — not read. - **Analytics** — Firebase, Google Analytics, Crashlytics **not integrated**. - **Ads** — no ads shown, no ad SDKs. - **Cookies and trackers** — absent. --- ## 3. Android permissions | Permission | Purpose | |------------|---------| | `INTERNET` | connecting to VPN servers and backend | | `ACCESS_NETWORK_STATE` | detecting active network (WiFi / mobile) | | `CHANGE_NETWORK_STATE` | `setUnderlyingNetworks` on WiFi/mobile switching | | `FOREGROUND_SERVICE` | keeping VPN active with screen off | | `FOREGROUND_SERVICE_SPECIAL_USE` | Android 14+ requirement for VPN services | | `POST_NOTIFICATIONS` | showing VPN status in notification shade | | `WAKE_LOCK` | preventing CPU sleep while VPN is active | | `RECEIVE_BOOT_COMPLETED` | VPN auto-start after reboot (optional) | `BIND_VPN_SERVICE` is requested through system dialog on first VPN activation (standard Android VpnService API procedure). --- ## 4. Third-party data sharing **None.** Montana is an open-source project. Source code: `https://hub.montana.quest/efir369999/montana`. The only third parties in the data flow are: - **Hosting providers of nodes:** Timeweb (Frankfurt), THE.Hosting (NewYork, Helsinki). They see only encrypted TLS Reality traffic, not content. - **DNS resolvers:** on first connection WebView may resolve `cdn.montana.quest` via `1.1.1.1` (Cloudflare) and `8.8.8.8` (Google). These providers **do not receive** traffic content. --- ## 5. Security - **Device encryption:** Android FBE (File-Based Encryption) automatic when device is off. - **Network encryption:** TLS 1.3 + XTLS Reality (X25519 key exchange, ChaCha20-Poly1305 AEAD). - **Wordlist tampering protection:** SHA-256 integrity check on bundled `bip39-en.txt` at every launch. - **Cryptographic authentication:** every heartbeat signed by Ed25519 from a key derived from BIP39 seed. --- ## 6. User rights Under GDPR (EU), CCPA (California), and Russian Federal Law 152-FZ: - **Right to access:** user sees address and balance in the app at any time. - **Right to deletion:** uninstall app = delete all local data. Server record is removed after 30 days inactivity or upon request to `efir369999@gmail.com`. - **Right to portability:** 24 BIP39 words are portable — user can recover wallet on any device with Montana app. - **Right to rectification:** balance is auto-synced with server, manual intervention not provided. --- ## 7. Children App is not intended for persons under 13 (COPPA) / 14 (RF). Financial functionality (accumulating Ɉ for VPN session) is not suitable for minors. --- ## 8. Policy changes This policy may be updated. New version is published at the same URL with effective date. Material changes are announced via in-app notification. --- ## 9. Contacts - Email: `efir369999@gmail.com` - GitHub Issues: `https://github.com/efir369999/Montana-App/issues` - Telegram: `@efir369999` All requests processed within 30 days.