Privacy Policy

• · We do not log traffic content, destinations, DNS queries, or IP addresses.
• · We keep the minimum needed to operate the service: an account email, billing record, and aggregate counters.
• · We do not sell, rent, or share your data with advertisers or governments.
• · Servers run RAM-only WireGuard; nothing is written to disk.

Astrum (the "Service") is operated by Astrum Network Limited. We can be reached at privacy@astrumvpn.com.

Account

• · Your Apple Sign In identifier (an opaque per-app string Apple gives us). It's how we recognise you on next sign-in.
• · The email address Apple shares with us (often Apple's @privaterelay.appleid.com forwarder unless you opt in to share your real one). Used only for support replies and transactional notices.
• · Account creation timestamp and last-seen timestamp (for inactive-account cleanup).

Billing

• · Apple in-app purchase transaction IDs (Apple is the payment processor; we never see your card details or PayPal).
• · Subscription status, renewal date and product ID — necessary to enable or disable your tunnel.
• · No card numbers, no bank details, no addresses pass through our servers.

Service usage (aggregate only)

• · Per-account daily byte counters (for fair-use enforcement on unlimited plans)
• · Per-node aggregate connection counts (for capacity planning) — not linked to accounts
• · No timestamps of individual connections, no source IPs, no destinations

What we explicitly do not collect

• · Browsing history, DNS queries, or destination IPs
• · Source IP addresses of users connecting to nodes
• · Packet contents (it's an encrypted tunnel; we couldn't read them anyway)
• · Real names, addresses, phone numbers, or any KYC data

• · RAM-only servers: the WireGuard kernel module runs againsttmpfs-backed working directories. Server private keys live in tmpfs; reboot regenerates them. Nothing about your connection is written to disk.
• · No syslog forwarding: rsyslog is disabled on edge nodes; journald is in-memory and capped to 50 MB.
• · No connection logs: the WireGuard kernel module only emits handshake counters into wg show — we pull aggregate Prometheus gauges from that, but never the per-peer endpoint IP or transfer log.
• · The control-plane database stores account / billing / aggregate-usage rows; the schema is published in control-plane/schema.sql for verification.

The marketing site is static and uses no cookies for you the visitor — no Google Analytics, no Facebook Pixel, no ad networks, no third-party tracking scripts. Performance is monitored server-side via Prometheus, which never sees per-visitor data.

We do not sell your data. We share it only with:

• · Apple — handles all payment processing and subscription state via App Store in-app purchase. Apple shares with us only your sub-identifier and (optionally) your email.
• · Cloudflare — hosts this marketing site and terminates TLS for the API. Receives standard HTTP request metadata; no Astrum-specific PII.
• · A court of competent jurisdiction in England & Wales, following a valid legal request. Because we keep no traffic logs, the most we can produce is the Apple sub-identifier we received at signup and the subscription state.

• · Access / Export: email privacy@astrumvpn.com for a JSON dump of all data we hold on you (it's small).
• · Deletion: sign out and revoke the Astrum app in Settings → Apple ID → Sign In with Apple → Astrum → Stop Using, then email us at privacy@astrumvpn.com. We delete the row from our database within 14 days. We don't retain anything Apple bills you for — that lives in your Apple transaction history.
• · If you are an EEA / UK resident, GDPR (or UK-GDPR) rights apply and we respond within 30 days. Other jurisdictions: applicable local data-protection rights are honoured.

• · Authentication: Sign in with Apple (no passwords stored on our side).
• · Subscription configs signed with ed25519; client verifies before connecting
• · Database TLS, daily encrypted backups in a separate region
• · Vulnerability disclosure: email security@astrumvpn.com. We aim for first response within 48h.

We will notify all account holders via email at least 14 days before any material change to this policy. The previous version remains accessible at /privacy/archive.