TuxlerVPN Mobile
Get App

User Data Governance

GDPR NOTICE FOR GOOGLE PLAY USERS

1. INTRODUCTION

This GDPR Notice applies to users in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland who download and use the TuxlerVPN Mobile Android app from the Google Play Store. It explains, specifically for that audience, how Tuxler Digital Services Corp. (“TuxlerVPN Mobile”, “we”, “us”, “our”) processes personal data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.

This notice is a focused supplement to our full Privacy Policy, which remains the canonical description of every data flow in the app. Where this notice and the Privacy Policy describe the same processing activity, both documents are intended to be consistent. If they conflict, the Privacy Policy controls.

2. DATA CONTROLLER INFORMATION

The entity responsible for your personal data (“Data Controller”) is:

Tuxler Digital Services Corp.

World Trade Center 200-B, Suite 157, Calle 53 Este, Marbella, PA, Republica de Panama

Email: [email protected]

TuxlerVPN Mobile operates under Panamanian law, which does not impose mandatory data retention obligations on VPN providers. When we offer Services to users in the EEA, UK, or Switzerland, our processing is aligned with the GDPR (and UK GDPR) regardless of where our processing takes place.

3. NO USER ACCOUNT: HOW WE IDENTIFY YOUR INSTALLATION

The TuxlerVPN Mobile Android app does not have user accounts. There is no signup, no login form, no password, no email-based registration, and therefore no password-recovery or multi-factor-authentication flow.

  • Free tier: every device authenticates using static built-in credentials (tuxler / free) that are identical for every user. These are not personal credentials and contain no information about you.
  • Premium tier: entitlement is verified by sending the Google Play Billing purchase token issued to your device to our backend at apivpn.tuxlervpn.app. We do not create a separate Tuxler login.

Instead of an account, the app generates a random app-instance UUID on first launch and stores it locally. The UUID is sent to our backend whenever the app fetches a VPN configuration. It is not derived from, and cannot be linked to, your name, email, phone number, advertising ID, or any government identifier. See Privacy Policy §2.1.

4. WHAT DATA WE PROCESS FOR EU/EEA USERS

The categories below describe everything the app collects, generates, or transmits for users in the EEA, UK, and Switzerland. Each category is mapped to its GDPR Article 6 lawful basis.

4.1 App-instance UUID and device information. Manufacturer, model, Android version, app version and the locally generated UUID are sent to apivpn.tuxlervpn.app at connect time so we can deliver compatible VPN configurations and diagnose connectivity issues. Lawful basis: performance of a contract (Art. 6(1)(b)) and our legitimate interest in operating a working service (Art. 6(1)(f)).

4.2 VPN server-region selection (approximate location). When you pick a server region (for example, “Germany” or “United States”), that selection is sent to our backend so we can route you to the corresponding gateway. We do not request, collect, or have access to your GPS coordinates, Android location services, or any precise location. Lawful basis: performance of a contract (Art. 6(1)(b)).

4.3 Subscription verification (premium users). Your Google Play Billing purchase token and associated payload are sent to apivpn.tuxlervpn.app so we can confirm your subscription status. Card numbers, billing addresses, and other payment details are handled by Google and never reach us. Lawful basis: performance of a contract (Art. 6(1)(b)) and compliance with tax/accounting obligations (Art. 6(1)(c)).

4.4 Customer-support correspondence. If you write to [email protected], we process the email address you write from, the contents of your message, and any device or subscription information you choose to share. Lawful basis: performance of a contract (Art. 6(1)(b)) where the request relates to your subscription, and our legitimate interest in providing support (Art. 6(1)(f)) otherwise. Support is delivered exclusively by email (there is no chatbot, live-chat widget, or in-app messenger), and email support coverage is available 24 hours a day, 7 days a week.

4.5 Crash reports and diagnostics (Sentry). The app sends crash reports to Sentry (operated by Functional Software, Inc., USA). A crash report contains the type of crash, a stack trace, the app version, the Android version, and the device model. It does not contain your name, email, advertising identifier, or VPN traffic content. The Sentry SDK is configured so that nothing is transmitted between actual crash events: session tracking, breadcrumbs (UI taps, network-connectivity changes, system events such as battery and airplane mode, app and Activity lifecycle, low-memory and configuration changes), screenshot attachments, and view-hierarchy attachments are all explicitly disabled. Lawful basis: legitimate interest in maintaining service stability and fixing bugs (Art. 6(1)(f)).

4.6 VPN traffic. While the tunnel (WireGuard over Android’s VpnService API) is active, your traffic is encrypted between your device and our gateways. We do not log the content of your traffic, the websites you visit, or your DNS queries. See Privacy Policy §2.6 for full detail and the limited connection metadata we retain. Lawful basis: performance of a contract (Art. 6(1)(b)).

What we do not collect or use: the Android app contains no Firebase, no Google Analytics, no advertising SDK, no attribution SDK, and no general-purpose analytics SDK. The Sentry crash reporter described in §4.5 is the only third-party telemetry component in the app.

5. PROCESSORS AND RECIPIENTS

We share personal data only with the following categories of processors, each engaged under a written data-processing agreement and limited to the purposes described above. This list mirrors Privacy Policy §4:

  • Google LLC (Google Play Billing): subscription management and payment processing for Google Play purchases.
  • Sentry, Functional Software, Inc. (USA): crash reports and diagnostics.
  • Customer-support provider (USA): email-based customer-support delivery on our behalf.
  • Cloud and hosting infrastructure providers: hosting for apivpn.tuxlervpn.app, our VPN gateway servers, and supporting infrastructure, under standard data-processing terms.

We do not sell or rent personal data, and we do not share personal data for advertising or cross-context behavioural-advertising purposes.

6. INTERNATIONAL DATA TRANSFERS

Tuxler Digital Services Corp. is established in Panama. Several of our processors are established in the United States (Sentry, our customer-support provider), and our cloud infrastructure provider operates data centers in Canada, the United States, and the Netherlands. Personal data of EEA, UK, and Swiss users may therefore be transferred outside the EEA. Where required, transfers rely on the European Commission’s Standard Contractual Clauses (SCCs) (and the UK Addendum, where applicable) supplemented by technical and organisational measures including HTTPS/TLS in transit and access controls. A copy of the relevant SCCs is available on request from [email protected].

7. RETENTION

We keep personal data only as long as necessary for the purposes set out above. Concrete retention periods per data category are listed in Privacy Policy §8. After the applicable period, data is deleted or anonymised.

8. YOUR GDPR RIGHTS

If you are in the EEA, UK, or Switzerland you have the following rights under the GDPR / UK GDPR:

  • Right of access: obtain confirmation of, and a copy of, the personal data we process about you (Art. 15).
  • Right to rectification: have inaccurate or incomplete data corrected (Art. 16).
  • Right to erasure (“right to be forgotten”): have your personal data deleted (Art. 17).
  • Right to restriction of processing: limit how we process your data while a dispute is resolved (Art. 18).
  • Right to object: object to processing carried out on the basis of legitimate interests (Art. 21).
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format (Art. 20).
  • Right to withdraw consent: withdraw any consent you have given, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).
  • Right to lodge a complaint: complain to a supervisory authority, in particular in the EU/EEA Member State or UK region of your habitual residence, place of work, or place of the alleged infringement (Art. 77).

How to exercise these rights, and how to identify yourself without an account. Because there is no email-based account to authenticate against, when you contact us please include whichever of the following you have available, so that we can locate your data:

  • the app-instance UUID shown on the About screen of the app, if your version exposes it.
  • if you are a premium user, the Google Play order ID, which we can match against our entitlement records.
  • the approximate dates and country from which you used the app.

Send your request to [email protected] with “GDPR Request” in the subject line. We will respond within one month (extendable by a further two months for complex requests, in accordance with Art. 12(3) GDPR).

9. HOW TO DELETE YOUR DATA

Because there are no accounts, “account deletion” means purging the records tied to your installation:

  • Backend records at apivpn.tuxlervpn.app: your app-instance UUID, device fields, server-region selection, and (for premium users) the subscription verification record.
  • Crash logs at Sentry, associated with your app-instance UUID.
  • Subscription records for premium users, handled in conjunction with Google Play.

Self-service:

  • Free users: uninstalling the app destroys the local UUID and stops any further data collection. To also remove historical backend and crash records, email us as below.
  • Premium users: cancel your subscription via Google Play. To also remove historical backend records, email us as below.

By email: send a deletion request to [email protected]. We will action it and confirm by reply within 30 days.

10. CONTACT US, AND YOUR SUPERVISORY AUTHORITY

For any GDPR-related question or request, contact:

Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the data protection authority of your EU/EEA Member State, the UK Information Commissioner’s Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable.

11. CHANGES TO THIS NOTICE

We may update this notice to reflect changes in our processing or in applicable law. Material changes will be communicated through Google Play Store update notes or in-app notifications. The current version is always available at this URL.