Logging & Retention Data

This document describes what data the TuxlerVPN Mobile service generates or receives, how long each category is kept, where it is stored, and what triggers deletion. The authoritative source is the Privacy Policy, in particular sections 2, 5, 7, and 8. Where this page summarises that policy, the Privacy Policy controls in the event of any conflict.

Our default position

TuxlerVPN Mobile’s default position is no retention of VPN-session data. We do not log the contents of your VPN traffic, the websites you visit, your DNS queries, your originating IP address, the bandwidth used, the gateway selected, or session timestamps. Connection metadata is held only for the duration of an active session and is discarded when the session closes (Privacy Policy §2.6 and §8).

What we collect, by category

Each category below lists the data type, the purpose, the retention window, and the storage location. Where the Privacy Policy does not name a specific number of days, we describe the retention condition rather than invent one.

App-instance UUID and device information. A randomly generated identifier created on first launch, plus device manufacturer, device model, Android version, and TuxlerVPN Mobile app version. Purpose: associate your device with its VPN session and deliver a compatible configuration. Retention: held only during the active VPN session and discarded on disconnect. Storage: the TuxlerVPN Mobile backend at apivpn.tuxlervpn.app and, for crash events, Sentry. Source: Privacy Policy §2.1 and §8.

Subscription and payment data. Google Play purchase tokens and payload sent to apivpn.tuxlervpn.app for entitlement checks (Premium users). The token is paired with the same app-instance UUID held for Standard users. No email is collected as part of subscription verification, since Google Play Billing does not pass user emails to apps by default. We do not store full payment details (card numbers, billing address, etc.). Those are held by Google. Retention: kept while the subscription is active and for the period required by tax and accounting law in Panama, deleted on request afterwards. Storage: TuxlerVPN Mobile backend, with full payment data held by Google. Source: Privacy Policy §2.2 and §8.

Customer support correspondence. Email correspondence with [email protected] from people who have chosen to write to us. The email address is collected only as a byproduct of an inbound message, since the app does not transmit it. Purpose: respond to your enquiry and any follow-up. Retention: as long as needed to handle the request and any follow-up. Deleted on request. Storage: a third-party customer-support provider (USA) acting as a processor, and the TuxlerVPN Mobile backend. Source: Privacy Policy §2.3 and §8.

In-app feedback and ratings. When a user submits in-app feedback or a rating, the message and the app-instance UUID are sent to our backend. No name or email is collected. Retention: as long as needed to evaluate the feedback. Deleted on request. Storage: TuxlerVPN Mobile backend. Source: Privacy Policy §2.3.

Crash reports and diagnostics (Sentry). Crash type, stack trace, app version, Android version, device model. Crash reports do not include your name, email, advertising identifier, or VPN traffic. The Sentry SDK is configured to send data only when an actual crash occurs: session events, UI-tap breadcrumbs, network-connectivity breadcrumbs, system-event breadcrumbs, app and Activity lifecycle breadcrumbs, low-memory and configuration-change breadcrumbs, screenshot attachments, and view-hierarchy attachments are all explicitly disabled. Retention: Sentry’s standard schedule (typically 90 days) after which records are deleted. Storage: Sentry, operated by Functional Software, Inc. (USA). Source: Privacy Policy §2.4 and §8.

Server-region selection. Your chosen VPN server region (for example, “United States” or “Germany”). Purpose: route your session to the appropriate gateway. Retention: held only during the active session. Storage: TuxlerVPN Mobile backend. Source: Privacy Policy §2.5 and §8.

Website cookies. Strictly-necessary cookies set by the TuxlerVPN Mobile website. Purpose: basic site functionality and security. Retention: per the cookie’s individual lifetime as listed in the Cookie Policy. Storage: your browser. Source: Privacy Policy §2.7 and the Cookie Policy.

Storage locations

The data controller, Tuxler Digital Services Corp., is incorporated in Panama. Personal data may be processed in additional jurisdictions depending on which processor is involved: the United States (Sentry crash reporting and third-party customer-support delivery), Canada, the United States, and/or the Netherlands (cloud infrastructure behind apivpn.tuxlervpn.app), and various countries worldwide where Tuxler operates VPN gateway servers. Source: Privacy Policy §5.

Where data is transferred outside the European Economic Area or the United Kingdom, TuxlerVPN Mobile relies on Standard Contractual Clauses approved by the European Commission and the UK Addendum where applicable, or on the recipient’s certification under a recognised adequacy framework. A copy of the relevant SCCs is available on request from [email protected]. Source: Privacy Policy §4 and §5.

Deletion triggers

Records are deleted when one of the following occurs:

• The active VPN session ends (session-only categories).
• A subscriber cancels Premium and requests deletion of any remaining backend entitlement records (see Privacy Rights and Delete Your Account).
• A support ticket is fully resolved and any follow-up window has lapsed.
• Sentry’s retention schedule expires.
• A statutory retention period (for example, tax law in Panama) expires.
• The lifetime of a strictly-necessary cookie ends.

To submit a deletion request, follow the steps described in the Privacy Policy §11 and on our Privacy Rights page. Deletion is actioned within 30 days.

What we do not log

Specifically, TuxlerVPN Mobile does not retain or record:

• The websites you visit while connected to the VPN
• The contents of your traffic (URLs, payloads, downloads, uploads)
• DNS queries themselves
• Your originating IP address during a VPN session
• Connection metadata (session timestamps, bandwidth used, gateway selected) after a session closes
• Your name, address, phone number, government identifiers, advertising identifiers, or precise location
• Payment card numbers (handled exclusively by Google Play)

Source: Privacy Policy §2.6 and §2.8.

Updates

This document is reviewed when the Privacy Policy is reviewed or when our retention practices change. Last reviewed: 5 May 2026.