TuxlerVPN Mobile
Get App

User Data Governance

Data Processing Overview

This page summarises TuxlerVPN Mobile’s processing activities in a structure aligned with Article 30 of the GDPR (records of processing activities). It restates information already published in the Privacy Policy (sections 2 to 5 and 8) in a format that is convenient for data protection authorities, business reviewers, and researchers. The Privacy Policy controls in the event of any conflict.

Controller

Tuxler Digital Services Corp., incorporated in Panama. Postal address: World Trade Center 200-B, Suite 157, Calle 53 Este, Marbella, PA, Republica de Panama. Contact: [email protected]. A Data Protection Officer has not been appointed. Privacy and data-rights enquiries are handled through the email address above. Source: Privacy Policy §13.

Categories of data subjects

  • Standard (free) users: typically identifiable only by an app-instance UUID generated locally on first launch (Privacy Policy §2.1).
  • Premium subscribers: identified by the same app-instance UUID as Standard users, with a Google Play purchase token used solely for entitlement verification.
  • Website visitors: visitors to tuxlervpn.app, who interact only with strictly-necessary cookies (Privacy Policy §2.7).
  • Customer-support contacts: anyone who emails [email protected] or submits in-app feedback or a rating.

Processing activities

For each activity below we list the purpose, lawful basis, data categories, recipients, and retention.

1. Service operation (VPN tunnel). Purpose: deliver the VPN service requested by the user. Lawful basis: performance of a contract. Data: app-instance UUID, device manufacturer / model, Android version, app version, server-region selection, and (during the active session only) connection metadata. Recipients: the TuxlerVPN Mobile backend at apivpn.tuxlervpn.app and the Tuxler-operated VPN gateway servers. Retention: held only during the active session and discarded on disconnect (Privacy Policy §2.6, §8).

2. Subscription verification (Premium). Purpose: confirm that a Premium-feature request comes from an entitled subscriber. Lawful basis: performance of a contract. Data: Google Play purchase token and associated payload. Recipients: Google LLC (Google Play Billing) and the TuxlerVPN Mobile backend. Retention: per Google’s billing records and for the period required by tax and accounting law in Panama (Privacy Policy §2.2, §8).

3. Payment processing. Purpose: collect subscription fees. Lawful basis: performance of a contract. Data: payment instrument data (card / billing details). Recipients: Google LLC. Retention: held by Google per their billing terms. TuxlerVPN Mobile does not store full payment details (Privacy Policy §2.2).

4. Customer support. Purpose: respond to user enquiries and resolve issues. Lawful basis: performance of a contract or legitimate interest, with consent where required. Data: email address used to contact us, the message contents, and any information you choose to share. Recipients: a third-party customer-support provider (USA) acting as a processor, and the TuxlerVPN Mobile backend. Retention: as long as needed to handle the request and any follow-up, deleted on request (Privacy Policy §2.3, §8).

5. Crash reporting and diagnostics. Purpose: identify and fix bugs and crashes. Lawful basis: legitimate interest. Data: crash type, stack trace, app version, Android version, device model. Recipients: Sentry (Functional Software, Inc., USA). Retention: Sentry’s standard schedule, typically 90 days (Privacy Policy §2.4, §8). The Sentry SDK is configured to send data only on actual crashes; session-tracking pings and non-crash breadcrumbs (UI taps, network-connectivity changes, system events, app/Activity lifecycle, low-memory and configuration changes), screenshot attachments, and view-hierarchy attachments are all explicitly disabled.

6. In-app feedback and ratings. Purpose: collect product feedback. Lawful basis: legitimate interest, with consent at submission. Data: the message you submit and the app-instance UUID. No name or email is collected, for Premium and Standard users alike. Recipients: TuxlerVPN Mobile backend, with deletion on request (Privacy Policy §2.3, §11).

7. Website hosting. Purpose: keep the website online and protected from abuse. Lawful basis: legitimate interest. Data: standard web-server access logs at the hosting provider plus strictly-necessary cookies. Recipients: a third-party web hosting provider. Retention: per the hosting provider’s documented log-retention policy. The website does not currently use analytics, advertising, or social-media tracking cookies, and no third-party cookies are placed on visitors’ devices (Privacy Policy §2.7).

8. Fraud, abuse, and legal compliance. Purpose: detect and prevent abuse of the Service, comply with applicable law, and respond to valid legal process. Lawful basis: legitimate interest and legal obligation. Data: the minimum necessary to act on the specific report or legal process. Recipients: where required, payment partners and competent authorities (see Law-Enforcement Request Policy). Retention: as required by law or by the specific matter (Privacy Policy §3, §4).

Sub-processors

TuxlerVPN Mobile engages the following categories of sub-processors (Privacy Policy §4).

  • Payment processing. Google LLC, Google Play Billing.
  • Crash reporting. Sentry, operated by Functional Software, Inc. (USA).
  • Customer-support delivery. Third-party provider (USA).
  • Web hosting. A third-party web hosting provider.
  • Cloud infrastructure for backend services. Third-party hosting providers operating the servers behind apivpn.tuxlervpn.app and supporting infrastructure under standard data-processing agreements.

VPN gateway servers are operated by Tuxler on infrastructure leased from hosting providers; the hosting providers act as sub-processors in line with Privacy Policy §4. The gateways route VPN traffic with no content logging (Privacy Policy §2.6, §4).

International transfers

Personal data may be processed in:

  • Panama: the controller.
  • United States: Sentry crash reporting and third-party customer-support delivery.
  • Canada, the United States, and/or the Netherlands: cloud infrastructure behind apivpn.tuxlervpn.app, depending on routing.
  • Various countries worldwide: VPN gateway servers operated by Tuxler.

Where data is transferred outside the EEA or the UK, we rely on the European Commission’s Standard Contractual Clauses, the UK Addendum where applicable, or on the recipient’s certification under a recognised adequacy framework. A copy of the relevant SCCs is available on request from [email protected]. Source: Privacy Policy §5.

Updates log

This document is updated when sub-processors change or when a new processing activity begins. Material changes also trigger an update to the Privacy Policy.

Last reviewed: 5 May 2026.