🔒 Privacy Policy

Last Updated: January 15, 2025

🛡️ Technical Zero-Log Guarantee

We cannot provide data we don't have. Our zero-log commitment is not a policy statement, but a technical implementation at the code level that makes it technically impossible to provide user network activity data, even under coercive measures.

1. Technical Architecture Guarantee

🔧 Xray-core Log Configuration

"log": {
  "loglevel": "none",
  "error": ""
}

loglevel: "none" - Completely disables all logging

error: "" - Even error messages are not recorded

🌐 Nginx Access Log Configuration

access_log off;

• Completely disables HTTP access logging

• Cannot record access time, source IP, or request content

🗑️ Automatic System Log Cleanup

# Cron job configuration
0 3 * * 0 journalctl --vacuum-time=7d

• Weekly automatic cleanup of system logs older than 7 days

• Daily clear memory cache

2. Data We Technically Cannot Record

Due to the above configuration, the following data is technically impossible for us to collect or store:

  • Websites and domains you visit
  • Content and data of your network traffic
  • Your DNS query records
  • Connection timestamps and duration
  • Bandwidth usage amounts
  • Your real IP address
  • Your network activity patterns
  • Any metadata that could identify network behavior

3. Limited Data We Actually Collect

3.1 Account Management (Stored in Firebase Firestore)

  • UUID Identifier: System-generated anonymous ID
  • Account Expiration Time: Service validity verification
  • Payment Status: Whether paid (no payment details)

3.2 Optional Data

  • Email (1-hour trial only): Used and deleted, not linked to account

4. Open Source Client Verification

Our clients are completely open source, allowing anyone to verify their security:

Open source code ensures:

  • Clients don't collect additional data
  • Configuration files are completely transparent
  • No hidden data transmission
  • Community can continuously audit code

5. Reality Protocol Privacy Protection

Additional protection provided by VLESS + Reality protocol:

  • Traffic Masquerading: VPN traffic disguised as normal HTTPS traffic
  • Deep Packet Inspection Resistance: Cannot be identified as VPN traffic
  • Forward Secrecy: X25519 key exchange
  • End-to-End Encryption: AES-256 encryption protection

6. Legal Request Response

⚖️ Technical Reality

We cannot provide data we don't have. No matter how coercive the measures, we can only provide extremely limited account status information (UUID and expiration time), because user network activity data has never been recorded.

If we receive legal requests, our standard response includes:

  1. Technical Proof: Provide configuration files proving inability to record data
  2. Open Source Verification: Point to GitHub repositories for technical verification
  3. Limited Cooperation: Only provide existing account status data
  4. Transparency Report: Publicly disclose request statistics within legal limits

7. User Rights and Control

7.1 Account Management

  • Delete Anytime: Contact support to delete account and related data
  • Data Export: Obtain copy of account status data
  • Complete Erasure: Thorough deletion of all data within 30 days

7.2 Technical Verification Rights

  • Review open source client code
  • Verify server configuration files
  • Monitor network traffic to confirm no data leaks
  • Participate in security audits and vulnerability reports

8. Policy Update Mechanism

  • Major changes notified 30 days in advance
  • Technical architecture changes require reconfirmation
  • Maintain core technical zero-log commitment
  • Update history publicly transparent

🛠️ Technical Verification & Support

We welcome security experts and technical users to verify our configuration:

Technical Support: support@xiexievpn.com
Open Source: GitHub @xiexievpn
Live Discussion: Telegram @xiexievpn

We encourage independent technical audits and commit to cooperating with any good-faith security research.

🌐 中文