firstVPN
firstdream.tech
Privacy CSAE

Privacy Policy

Last updated:

Overview

This Privacy Policy explains how firstVPN (“we”, “us”) processes information when you use the firstVPN mobile application and related services (the “Service”).

Contact

For privacy requests and questions, contact: ilkin.hasanoff@mail.ru

  • Data access / deletion requests
  • Account deletion requests
  • Account and subscription questions
  • Security reports

Information we process

  • Account and profile: phone number (if you use phone login), email (if provided by OAuth or added), name/username, profile avatar URL (when provided by the OAuth provider).
  • Authentication and sessions: access/refresh tokens (stored on your device), and a hashed record of issued refresh tokens on our server for security and session management.
  • Device and app identifiers: a per-install app device identifier and device platform (Android/iOS). We also receive a device “fingerprint” header used for trial anti‑abuse (see below).
  • VPN provisioning data: a VPN account identifier on our VPN management panel (Marzban) and a UUID used to generate your VLESS configuration, so the VPN can work.
  • Subscription records: subscription status (active/expired), start/end dates, plan/amount, and a payment/provider reference (when applicable).
  • Support content: support tickets and messages you send in the in‑app support chat.
  • Anti‑abuse signals: for free trial abuse prevention, we store a salted hash of your device fingerprint and may store a salted hash of your IP address (not the raw IP) to block repeated trials from the same device/network.
  • Basic server logs: like most services, our servers may process technical logs (for example request time, endpoint, status code, and IP address) to operate and secure the Service.

How we use information

  • Provide and operate the VPN service
  • Authenticate users and secure sessions
  • Verify premium access and manage subscriptions
  • Prevent fraud and abuse (including trial misuse)
  • Provide customer support
  • Improve reliability, performance, and security

VPN traffic & logs

firstVPN is a VPN service. VPN providers necessarily handle network traffic to route it through the tunnel. We do not sell your personal information.

  • We do not ask you to provide browsing history and we do not build advertising profiles.
  • Operational logging: to run and protect the service, we may process limited technical logs such as connection events, errors, and abuse signals. Log access is restricted.
  • Third‑party infrastructure: depending on hosting and VPN server configuration, additional technical logs may exist at the infrastructure level (for example, network and security logs). We aim to minimize what is stored.

Sharing

We do not sell personal information. We may share limited information in the following cases:

  • Service providers: hosting, infrastructure, and other vendors needed to operate the Service.
  • OAuth providers: if you sign in with Google or Yandex, we receive profile data from them (as permitted by your settings and their policies).
  • Payments: if/when a payment provider is used, it may process payment details under its own policy.
  • Legal and safety: to comply with law, enforce policies, and protect users and the public.

Data retention

We keep information only as long as reasonably necessary for the purposes described above, including operating the Service, preventing abuse, resolving disputes, and complying with legal obligations.

  • Account data: kept while your account is active, and deleted or anonymized on request when feasible.
  • Support messages: kept to handle your request and maintain support history.
  • Anti‑abuse hashes: kept to prevent repeated free-trial abuse.
  • Technical logs: kept for a limited period for reliability and security.

Your choices and rights

  • Access / correction: you can request a copy or correction of your account data.
  • Deletion: you can request account deletion by contacting us.
  • Support content: you can request deletion of support messages, subject to legal and security needs.

Children’s privacy

The Service is not intended for children. If you believe a child has provided personal information to us, contact us and we will take appropriate steps.

Security

We use reasonable technical and organizational measures to protect information. No method of transmission or storage is 100% secure, but we work to reduce risk and unauthorized access.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

© firstVPN · Privacy · CSAE