Privacy Policy
1. Overview
CityLink Global provides user-initiated VPN service, along with account management, membership status, device binding, diagnostics, and support workflows. This policy explains what data we collect, why we collect it, how long we keep it, and how you can request data deletion or account closure.
2. Data We Collect
2.1 Account Data
We may collect account information used for registration, sign-in, account recovery, and support, such as:
- Username or account identifier;
- Email address, phone number, or other contact details when those features are enabled;
- Password hash (we do not store plaintext passwords);
- Sign-in times, account status, and role.
2.2 Membership Data
We may collect and retain membership and entitlement information, such as:
- Membership plan, status, start and expiry times;
- Manual grants or extensions during beta or operations;
- Order or payment reference information if payment is enabled in the future;
- Membership audit records for support and abuse prevention.
2.3 Device Data
For device binding and device limits, we may collect:
- App-generated device identifier;
- Device display name you provide;
- Platform type and basic device information within available scope;
- Binding status, creation time, last online time, and revocation status.
2.4 VPN Configuration Data
To provide VPN service, we process configuration-related data, such as:
- Selected node ID and node region or type;
- Client public key and assigned VPN address;
- Server endpoint and DNS settings needed to build WireGuard configuration;
- Device identifier associated with the generated VPN configuration.
Private keys are generated on the client and used for VPN configuration. We do not intentionally record full private keys. Diagnostic and app logs must redact private keys and other credentials.
2.5 Connection Status Data
For service stability and support, we may collect limited connection status information, such as:
- Connection success or failure status;
- Selected node ID;
- Error codes and user-visible error categories;
- Connection and diagnostic timestamps;
- App version and platform information when needed for troubleshooting.
2.6 Diagnostic Logs
You may voluntarily export or submit diagnostic logs, which may include:
- App version, platform, selected node, and connection stage;
- API request status and structured error codes;
- Native VPN status, probe results, and recent client events;
- Redacted cached configuration summaries.
Diagnostic logs must not include full tokens, Authorization headers, passwords, private keys, or client private keys.
2.7 Administrative Action Logs
For operational accountability, admin actions on beta accounts may produce audit logs, such as:
- Administrator account identifier;
- Target user identifier;
- Action type (e.g., membership grant, device revocation, user disable or enable);
- Reason, timestamp, and before/after metadata where available.
3. What We Do Not Collect (Important)
We do not intentionally collect or store the following content related to your browsing behavior for the purpose of providing this service:
- Browsing content (web pages, in-app content, or similar material accessed through the VPN);
- Visited site lists (complete browsing history of sites or domains you visited);
- DNS query history (DNS resolution records used for browsing behavior);
- Communication payloads (message, file, page, or application data content transmitted through the VPN).
Network quality may vary by node, region, carrier, and device settings, but we do not inspect user traffic content to provide this service.
4. How We Use Data
We use collected data to:
- Provide VPN connections and configuration generation;
- Support account sign-in, membership status, and device binding;
- Provide customer support and beta troubleshooting;
- Prevent fraud, abuse, and account security risks;
- Maintain operational audit trails;
- Improve service stability and reliability.
5. Data Sharing
We do not sell user traffic data.
At this stage, the app does not integrate third-party advertising SDKs for ad tracking, and we do not use data for ad tracking. If new third-party services are introduced in the future, we will update this policy before they take effect.
We may disclose information only when required by law, necessary to protect the service from abuse, or necessary for infrastructure operations and support workflows.
6. Data Security
We apply reasonable technical and administrative safeguards, including:
- Transport encryption where applicable;
- Password hashing instead of plaintext password storage;
- Redaction of tokens and credentials in logs;
- Administrator access controls for user and membership management;
- Audit logs for sensitive administrative actions.
We continue to improve secure storage of client credentials to reduce exposure risk.
7. Data Retention
Retention periods may change with business and legal requirements. Current principles:
- Account data: retained while the account is active;
- Membership and order records: retained as needed for support, audit, and dispute handling;
- Device binding records: retained while the account is active or until removed;
- Diagnostic logs: retained only as long as needed for troubleshooting;
- Administrative audit logs: retained as needed for operational accountability and abuse prevention.
8. Data Deletion and Account Closure
You may request:
- Account deletion;
- Removal of device bindings;
- Deletion of diagnostic logs where applicable;
- Review of membership data subject to operational and legal retention requirements.
Contact support@citylink.club, or see our Account Deletion page. If the app provides self-service deletion or closure, you may also follow in-app instructions.
9. Children and Restricted Users
CityLink Global is not designed specifically for children. Confirm the minimum applicable age under your local laws and use the service only if you meet those requirements.
10. Changes to This Policy
We may update this policy as features, payment methods, infrastructure, or legal requirements change. For material changes, we will notify users in a reasonable manner before they take effect.
11. Contact Us
Controller / operator: CityLink Club
Support email: support@citylink.club
Privacy policy URL: https://speedcn.citylink.club/en/privacy