Back to home

PRIVACY POLICY

of the CredoVPN service

Revision dated 11 April 2026.

This Privacy Policy defines how information relating to users of the CredoVPN service is processed, used, stored, and protected. The service is provided by Dolphin LLC (ООО «Дельфин»), INN 6633019190, OGRN 1126633001153, Russian Federation, Yekaterinburg, hereinafter the “Operator” or “Contractor”. OGRN information may be verified via public registry sources.

This Policy applies to credovpn.ru, Telegram bots, and other official CredoVPN interfaces through which users receive services, support, payments, plans, setup, and subscription management.

By using the website, Telegram bot, service interfaces, paying for a plan, activating trial access, contacting support, or otherwise interacting with CredoVPN, the user confirms that they have read this Policy and agree to its terms.

1. General provisions

1.1. This Policy governs how information about users of the CredoVPN service is processed.

1.2. The Policy applies to all data the Operator receives from the user:

  • when using the website;
  • when using the Telegram bot;
  • when purchasing and paying for access;
  • when activating a trial period;
  • when contacting support;
  • when using service features.

1.3. This Policy is an integral part of the legal documents of the CredoVPN service and applies together with the Public Offer, Refund Policy, Terms of Service, No-Logs Policy, and other documents published by the Operator.

1.4. If any provision of this Policy conflicts with mandatory law, the mandatory provisions apply.

1.5. The Operator follows the principle of processing only the minimum data necessary to provide access, process payments, support users, ensure security, and meet its obligations.

2. Definitions

2.1. User — an individual, sole proprietor, or representative of a legal entity using the CredoVPN service.

2.2. Personal data — any information relating directly or indirectly to an identified or identifiable user.

2.3. Technical data — information automatically generated when using the website, bot, service, or infrastructure, including device, connection, errors, request time, software environment parameters, and other technical information.

2.4. Processing — any action or set of actions with data, including collection, recording, systematization, storage, updating, use, transfer, anonymization, blocking, deletion, and destruction.

2.5. Service — the CredoVPN service, including the website, Telegram bot, software and technical infrastructure, and related interfaces.

2.6. Supported application — the WireGuard application for which the Operator provides technical support for using the service.

3. Categories of data that may be processed

3.1. The Operator may process the following categories of user data.

3.1.1. Identification and contact data

  • name, nickname, username, or other profile name;
  • Telegram ID, Telegram username, and other Telegram identifiers;
  • email address;
  • other contact data voluntarily provided when contacting support or using the service.

3.1.2. Account and subscription data

  • selected plan information;
  • access validity period;
  • trial period information;
  • activation and expiry dates;
  • internal identifiers for account, subscription, ticket, order, or transaction.

3.1.3. Payment data

  • payment fact;
  • date and time of payment;
  • amount;
  • currency;
  • payment method;
  • payment status;
  • transaction, order, invoice, blockchain hash, or other technical payment identifiers;
  • partially anonymized data from payment partners.

3.2. The Operator is not required and does not seek to obtain full bank card details if those are processed directly by a payment provider, acquirer, or other specialized payment intermediary.

3.1.4. Device and connection technical data

  • IP address or derived connection data where needed for the website, infrastructure protection, antifraud, diagnostics, abuse prevention, or handling a request;
  • browser, app version, OS, device type;
  • connection errors, system failures, request statuses;
  • time zone, interface language, session information;
  • request logs for the website, bot, or technical interface to the extent needed for operation and security.

3.1.5. Support and ticket data

  • content of messages to support;
  • attachments, images, screenshots;
  • ticket conversation history;
  • user actions in support flows;
  • additional explanations on payments, access, connection, and refunds.

3.1.6. Automatically collected data

  • cookies;
  • local session identifiers;
  • page visit information;
  • interface technical events;
  • information needed for stability analytics, bug fixes, and UX improvements.

3.3. The Operator does not process special categories of personal data unless the user voluntarily provides them in support. Even then, the Operator seeks not to use or store excessive sensitive information without necessity.

4. Data not collected under the no-logging policy

4.1. Under the stated CredoVPN architecture, the Operator does not keep logs of user network activity that would include:

  • browsing history;
  • Internet traffic content;
  • payload content;
  • text of messages sent through third-party services;
  • lists of files uploaded or sent over the network;
  • a full history of the user’s actions on the Internet.

4.2. No-logging principles are additionally governed by a separate No-Logs Policy, if published by the Operator.

4.3. This Privacy Policy primarily governs personal, contact, technical, payment, and service data—not a description of network logging as such.

5. Purposes of processing

5.1. The Operator processes user data for the following purposes:

5.1.1. Providing access to the service

  • registration and identification;
  • creating, maintaining, and servicing access;
  • delivering configuration, instructions, and connection parameters;
  • providing trial access;
  • activating and managing subscription.

5.1.2. Payment processing

  • accepting, confirming, and recording payment;
  • payment identification;
  • transaction status checks;
  • resolving payment disputes;
  • refunds where applicable.

5.1.3. Technical support

  • responding to user requests;
  • connection troubleshooting;
  • reviewing errors, screenshots, tickets;
  • linking the user with support staff;
  • escalating to a human operator when needed.

5.1.4. Security and antifraud

  • preventing abuse;
  • detecting suspicious activity;
  • limiting repeated improper trial use;
  • preventing fraud and technical attacks;
  • protecting the website, bot, and infrastructure from unauthorized interference.

5.1.5. Service improvement

  • interface stability analysis;
  • bug fixes;
  • better support flows;
  • developing the website, bot, and checkout;
  • aggregated or anonymized usage statistics.

5.1.6. Legal compliance

  • complying with applicable law;
  • responding to lawful authority requests;
  • protecting the Operator’s rights and legitimate interests.

6. Legal bases for processing

6.1. The Operator processes data on the following bases:

  • user consent expressed through use of the service, acceptance of the offer, support contact, forms, payment, or other actions;
  • performance of a contract or steps prior to entering a contract;
  • compliance with legal obligations;
  • legitimate interests of the Operator where processing is proportionate, necessary, and does not override user rights.

6.2. Where applicable law requires separate consent, it is deemed given by the relevant action or collected separately if the law requires.

7. How data is processed

7.1. The Operator processes data with or without automation.

7.2. Processing may include:

  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • updating;
  • retrieval;
  • use;
  • transfer;
  • anonymization;
  • blocking;
  • deletion;
  • destruction.

7.3. The Operator implements reasonable organizational and technical measures to protect data against:

  • unauthorized access;
  • loss;
  • alteration;
  • disclosure;
  • destruction;
  • other unlawful processing.

7.4. Access is granted only to employees, contractors, support operators, technical providers, and partners who need it for their functions and who are bound by confidentiality.

8. Disclosure to third parties

8.1. The Operator may disclose data to third parties only to the extent necessary to operate the service and fulfill obligations to the user.

8.2. Disclosure may be made to:

  • payment systems;
  • banks;
  • acquirers;
  • crypto processors;
  • antifraud services;
  • hosting providers;
  • datacenters;
  • email, messenger, and cloud infrastructure providers;
  • contractors for the website, bot, support, and analytics;
  • processors acting on the Operator’s instructions;
  • government and other authorized bodies where expressly required by law.

8.3. When disclosing data, the Operator follows the sufficiency principle and shares only what is objectively necessary.

8.4. The Operator does not sell personal data or transfer it to ad brokers as a standalone commodity.

9. Cross-border transfers

9.1. CredoVPN is intended for international use. Some infrastructure, payments, support, hosting, messaging, monitoring, or analytics may be located outside the user’s country of residence.

9.2. The user agrees that data may be processed and stored on servers in various jurisdictions to the extent necessary for the service to function.

9.3. The Operator takes reasonable steps to ensure such transfers remain necessary for service delivery and comply with applicable law.

10. Cookies and similar technologies

10.1. The website and interfaces may use cookies, pixels, session tokens, local storage, and similar technologies.

10.2. These technologies may be used for:

  • authentication and session maintenance;
  • saving interface settings;
  • abuse prevention;
  • website stability analysis;
  • improving user experience.

10.3. The user may restrict cookies in the browser; some features may not work correctly as a result.

11. Retention periods

11.1. The Operator retains data no longer than necessary for the processing purposes, unless a longer period is required or permitted by law.

11.2. Categories may be retained for different periods, including:

  • account and subscription data — for the active service period and a reasonable time thereafter;
  • payment data — as long as needed for accounting, disputes, refunds, and legal obligations;
  • support tickets — as long as needed to handle requests, prevent repeat abuse, improve support, and resolve disputes;
  • technical logs — for a limited period needed for security, diagnostics, and stable operation.

11.3. When purposes are achieved or storage is no longer needed, data is deleted, anonymized, or destroyed unless law requires retention.

12. User rights

12.1. The user may:

  • obtain confirmation of processing;
  • request data clarification;
  • request correction of inaccurate or outdated data;
  • request deletion where there is no lawful basis to continue processing;
  • request restriction where provided by law;
  • withdraw consent where processing is consent-based;
  • contact the Operator with questions, complaints, or claims about processing.

12.2. Certain rights may be limited where necessary to:

  • perform the contract;
  • comply with the law;
  • protect the Operator’s rights and legitimate interests;
  • prevent fraud and abuse;
  • meet mandatory record-keeping requirements.

12.3. To exercise rights, the user may contact:

  • email: support@credovpn.ru;
  • Telegram: @credovpnsupportbot;
  • other official channels published by the Operator.

13. User obligations

13.1. The user shall provide accurate data to the extent needed to use the service, pay, and receive support.

13.2. The user should not send excessive data unrelated to the request, especially sensitive categories not needed to resolve the issue.

13.3. The user is responsible for the accuracy of provided data and for the consequences of inaccurate information.

14. WireGuard-only support

14.1. Technical support is provided for connecting and using the service through the WireGuard application.

14.2. If the user relies on third-party apps, protocols, VPN clients, or unsupported solutions, the Operator may limit consultation or refuse full technical support for that connection method.

14.3. This limitation concerns the scope of support and does not waive this Policy for data provided via the website, bot, payments, support, and other interfaces.

15. Data security

15.1. The Operator applies reasonable security measures appropriate to the data and risks.

15.2. Measures may include:

  • access restrictions;
  • role-based access for staff;
  • encrypted connections;
  • logging of administrative actions;
  • backups and infrastructure controls;
  • technical monitoring of failures and incidents;
  • antivirus, network, and other protective measures.

15.3. Despite these measures, no Internet transmission can guarantee absolute security.

16. User communications and contacting the Operator

16.1. When the user contacts support (Telegram bot, website, email), the Operator may store: message content; user replies; files and screenshots; internal case notes; conversation history with support; information about escalation from automated support to a human operator.

16.2. Messages with a human operator are processed to:

  • resolve the user’s issue;
  • monitor support quality;
  • prevent abuse;
  • analyze compliance with obligations.

17. Policy changes

17.1. The Operator may amend this Policy at any time.

17.2. A new version takes effect upon publication unless the text specifies a different date.

17.3. The user shall monitor the current Policy version in official service channels.

17.4. Continued use after publication of a new version constitutes acceptance.

18. Operator contacts

Operator: Dolphin LLC (ООО «Дельфин»).

INN: 6633019190.

OGRN: 1126633001153.

Country: Russian Federation.

City: Yekaterinburg.

Website: credovpn.ru.

Support email: support@credovpn.ru.

Support Telegram: @credovpnsupportbot.