TuxlerVPN Mobile
Get App

Network Control & Transparency

Law-Enforcement Request Policy

This page describes how TuxlerVPN Mobile responds to formal legal requests for user data. We comply with valid legal process. We resist invalid or overreaching requests. And we notify affected users when legally permitted. The categories of data we can actually produce are limited by what we retain. See Logging & Retention Data and Privacy Policy §8.

Jurisdiction

The data controller, Tuxler Digital Services Corp., is incorporated in Panama. Panama is our primary legal jurisdiction (Privacy Policy §10).

For requests originating outside Panama we generally require service through:

  1. Mutual Legal Assistance Treaty (MLAT) channels.
  2. Letters rogatory transmitted via diplomatic channels.
  3. Other internationally recognised legal-cooperation mechanisms to which Panama is a party.

We do not respond to informal or extra-legal requests from non-Panamanian authorities.

Valid process we recognise

We respond to:

  • Court orders issued by competent Panamanian courts.
  • MLAT requests properly transmitted via Panama’s central authority.
  • Civil subpoenas served in accordance with Panamanian civil procedure.
  • Other legal process valid under Panamanian law and applicable international regulations (Privacy Policy §4).

We do not respond to:

  • Informal requests without a clear legal basis.
  • Requests served on the wrong entity. For example, a request for Google Play billing data should be served on Google, not on TuxlerVPN Mobile.
  • Requests that exceed the scope of valid process or that would require us to produce data we do not retain.
  • Requests in violation of constitutional or international human-rights protections.

Each request is reviewed by counsel for legal validity before any response (Privacy Policy §4, “after reviewing the validity of the request”).

What we can produce

Because of how TuxlerVPN Mobile is designed (see Logging & Retention Data and Privacy Policy §2.6, §8), the data available for production is structurally limited.

We do not retain:

  • The content of VPN traffic
  • The websites you visit, URLs, or payloads
  • DNS queries
  • Your originating IP address during a VPN session
  • Connection metadata after the session closes (session timestamps, bandwidth used, gateway selected)
  • Browsing history

We may retain, and could be compelled to produce within the limits of valid legal process:

  • The Google Play purchase token paired with the app-instance UUID for Premium users, for as long as the subscription is active or as required by Panamanian tax and accounting law (Privacy Policy §2.2, §8). We do not hold the subscriber’s email, since Google Play Billing does not pass user emails to apps.
  • Google Play subscription verification records, that is, the purchase token and the timing of entitlement checks (Privacy Policy §2.2, §8). For primary billing data and the underlying Google account identity, requests should be directed to Google.
  • Customer-support correspondence held while a matter is being resolved (Privacy Policy §2.3, §8).
  • Sentry crash reports for as long as Sentry retains them on its standard schedule, typically 90 days (Privacy Policy §2.4, §8).

We cannot produce data we do not retain. This is a structural property of the service, not a discretionary policy.

Intake and authentication

Send legal process to [email protected] with the subject line “Legal Process: [your jurisdiction], [case or matter number]”.

Please include:

  • The originating court, agency, or counsel.
  • The legal basis for the request (statute, treaty, etc.).
  • The specific data requested and the matter to which it relates.
  • The legal-hold or response deadline, if any.
  • A point of contact for follow-up, including a verifiable phone number or official email.

We authenticate requests by independent verification with the issuing court or agency before responding. Where authentication is incomplete we will reply asking for the additional information needed. Authentication is not a substitute for legal validity. Both are required.

User notification

We notify the affected user before producing data in response to a legal request, except where:

  • Notification is prohibited by law, for example, a non-disclosure order accompanying the request.
  • Notification would create an imminent risk of death or serious physical harm.
  • The user’s account information is unavailable to us, for example, a Standard-tier user whose installation has been removed and for whom no app-instance UUID is reachable.

Where a non-disclosure order has expired or has been lifted, we notify the affected user retrospectively where we are able to do so.

Cost recovery

Where permitted by law, we may seek reimbursement of reasonable costs incurred in responding to legal process, for example, counsel review and data-production work.

Emergency disclosures

We may voluntarily disclose limited information without legal process where we believe in good faith that there is an imminent risk of death or serious physical harm. Any such disclosure is made on the narrowest basis necessary, is logged, and will be counted in our Transparency Report under “Emergency disclosure requests”.

Counts to date

TuxlerVPN Mobile has not yet launched publicly, so there is no reporting period to count. The schema, categories, and methodology that future counts will follow are published in our Transparency Report framework.

What this policy is not

  • It is not a substitute for the Privacy Policy, which is the authoritative description of what data we collect and how we process it.
  • It is not the DMCA Policy, which handles copyright complaints under a separate process.
  • It is not a privacy-rights pathway. To exercise GDPR or CCPA rights, see Privacy Rights.

Contact

[email protected]. For legal process, use the subject line described under “Intake and authentication” above.

Updates

Last reviewed: 3 May 2026.