130 lines
5.2 KiB
Markdown
130 lines
5.2 KiB
Markdown
# Privacy Policy — Montana VPN
|
|
|
|
**Effective:** May 18, 2026
|
|
**Publisher:** Montana Network (efir369999@gmail.com)
|
|
**Application:** Montana VPN (`quest.montana.vpn`)
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
Montana is a decentralized VPN protocol with a built-in wallet. We do **not** collect personal data, do **not** store traffic logs, and do **not** identify users. Below is a detailed breakdown of what the app does and what data is processed.
|
|
|
|
---
|
|
|
|
## 1. What data the app processes
|
|
|
|
### 1.1 Seed phrase (24 BIP39 words)
|
|
|
|
- **Storage:** only on user's device, in app `localStorage`. Never leaves the device.
|
|
- **Server transmission:** none.
|
|
- **Export option:** user can view 24 words on the "Wallet" screen to write down.
|
|
- **Deletion:** uninstall app or tap "Sign out of wallet".
|
|
|
|
### 1.2 Wallet address
|
|
|
|
- **Origin:** deterministically derived from 24 words via BIP39 + PBKDF2-HMAC-SHA512 + SHA-256.
|
|
- **Server transmission:** yes — sent in each heartbeat to credit Ɉ to the correct wallet.
|
|
- **What the server sees:** only 40-hex characters of the address. Cannot be linked to a specific person — address is randomly generated on first launch.
|
|
|
|
### 1.3 Network traffic
|
|
|
|
- **VPN traffic:** routed through cascade Helsinki → Frankfurt/NewYork/Helsinki → open internet.
|
|
- **Logging on servers:** xray and haproxy on VPN nodes operate with `access logs disabled`. Long-term connection logging is **not maintained**.
|
|
- **Content inspection:** none.
|
|
- **Third-party sharing:** none.
|
|
|
|
### 1.4 User IP
|
|
|
|
- **What we see:** on first VPN connection — user IP at haproxy level (Helsinki) for 24-hour stick-table routing.
|
|
- **Storage:** in-memory only on one node, not persisted to disk.
|
|
- **Removal:** automatically after 24 hours of inactivity.
|
|
|
|
### 1.5 Heartbeat metadata
|
|
|
|
- **Sent every 5 seconds:** wallet address (40-hex), nonce (timestamp), Ed25519 public key, signature.
|
|
- **Server-side storage:** atomic JSON file with balance, seconds online, last connection node.
|
|
- **Retention:** records with zero balance and ≥30 days inactive are automatically purged.
|
|
|
|
---
|
|
|
|
## 2. What we do NOT collect
|
|
|
|
- **Name, email, phone** — app never requests.
|
|
- **Geolocation** — no permission requested, GPS not used.
|
|
- **Contacts** — no permission requested.
|
|
- **Photos / media** — no permission requested.
|
|
- **Device identifiers** (IMEI, Android ID, Advertising ID) — not read.
|
|
- **Analytics** — Firebase, Google Analytics, Crashlytics **not integrated**.
|
|
- **Ads** — no ads shown, no ad SDKs.
|
|
- **Cookies and trackers** — absent.
|
|
|
|
---
|
|
|
|
## 3. Android permissions
|
|
|
|
| Permission | Purpose |
|
|
|------------|---------|
|
|
| `INTERNET` | connecting to VPN servers and backend |
|
|
| `ACCESS_NETWORK_STATE` | detecting active network (WiFi / mobile) |
|
|
| `CHANGE_NETWORK_STATE` | `setUnderlyingNetworks` on WiFi/mobile switching |
|
|
| `FOREGROUND_SERVICE` | keeping VPN active with screen off |
|
|
| `FOREGROUND_SERVICE_SPECIAL_USE` | Android 14+ requirement for VPN services |
|
|
| `POST_NOTIFICATIONS` | showing VPN status in notification shade |
|
|
| `WAKE_LOCK` | preventing CPU sleep while VPN is active |
|
|
| `RECEIVE_BOOT_COMPLETED` | VPN auto-start after reboot (optional) |
|
|
|
|
`BIND_VPN_SERVICE` is requested through system dialog on first VPN activation (standard Android VpnService API procedure).
|
|
|
|
---
|
|
|
|
## 4. Third-party data sharing
|
|
|
|
**None.** Montana is an open-source project. Source code: `https://hub.montana.quest/efir369999/montana`.
|
|
|
|
The only third parties in the data flow are:
|
|
- **Hosting providers of nodes:** Timeweb (Frankfurt), THE.Hosting (NewYork, Helsinki). They see only encrypted TLS Reality traffic, not content.
|
|
- **DNS resolvers:** on first connection WebView may resolve `cdn.montana.quest` via `1.1.1.1` (Cloudflare) and `8.8.8.8` (Google). These providers **do not receive** traffic content.
|
|
|
|
---
|
|
|
|
## 5. Security
|
|
|
|
- **Device encryption:** Android FBE (File-Based Encryption) automatic when device is off.
|
|
- **Network encryption:** TLS 1.3 + XTLS Reality (X25519 key exchange, ChaCha20-Poly1305 AEAD).
|
|
- **Wordlist tampering protection:** SHA-256 integrity check on bundled `bip39-en.txt` at every launch.
|
|
- **Cryptographic authentication:** every heartbeat signed by Ed25519 from a key derived from BIP39 seed.
|
|
|
|
---
|
|
|
|
## 6. User rights
|
|
|
|
Under GDPR (EU), CCPA (California), and Russian Federal Law 152-FZ:
|
|
|
|
- **Right to access:** user sees address and balance in the app at any time.
|
|
- **Right to deletion:** uninstall app = delete all local data. Server record is removed after 30 days inactivity or upon request to `efir369999@gmail.com`.
|
|
- **Right to portability:** 24 BIP39 words are portable — user can recover wallet on any device with Montana app.
|
|
- **Right to rectification:** balance is auto-synced with server, manual intervention not provided.
|
|
|
|
---
|
|
|
|
## 7. Children
|
|
|
|
App is not intended for persons under 13 (COPPA) / 14 (RF). Financial functionality (accumulating Ɉ for VPN session) is not suitable for minors.
|
|
|
|
---
|
|
|
|
## 8. Policy changes
|
|
|
|
This policy may be updated. New version is published at the same URL with effective date. Material changes are announced via in-app notification.
|
|
|
|
---
|
|
|
|
## 9. Contacts
|
|
|
|
- Email: `efir369999@gmail.com`
|
|
- GitHub Issues: `https://github.com/efir369999/Montana-App/issues`
|
|
- Telegram: `@efir369999`
|
|
|
|
All requests processed within 30 days.
|