SkyPath VPN ("SkyPath", "we", "us", or "our") operates the SkyPath VPN Android application (the "App") and the website at skypath.cloud (the "Website"). This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the rights you have. We wrote it to be as clear and short as we could without leaving anything out.
If you do not agree with this policy, please do not use SkyPath.
1. The Short Version
- You do not need an account, email, phone number, or any personal information to use SkyPath.
- We do not log your browsing, DNS queries, or the content of your internet traffic.
- We do not sell, rent, or trade user data. Ever.
- We collect only the minimum technical data needed to run the VPN and keep the App stable.
- You can opt out of analytics and crash reporting in the App's Settings.
- You can request deletion of any data we hold about you at any time.
2. Who Controls Your Data
The data controller responsible for any information collected through the App and Website is SkyPath. You can contact the controller at privacy@skypath.cloud.
If you are in the European Economic Area (EEA) or the United Kingdom, you may also contact us at the same address for any matter relating to the EU General Data Protection Regulation (GDPR) or the UK GDPR.
3. Our VPN Service Commitment
SkyPath is a VPN app that uses Android's VpnService API. In line with Google Play's Developer Program Policies for VPN apps, we make the following explicit commitments about how the VPN connection is used:
- The VPN connection is used solely to provide the VPN service you ask for when you tap Connect.
- We do not inspect, read, modify, rewrite, or redirect the content of your traffic for any purpose.
- We do not collect personal or sensitive information from your traffic.
- We do not use the VPN tunnel to inject advertisements, affiliate links, tracking scripts, or to alter any data that passes through it.
- We do not use the VPN to manipulate advertising or monetization in any app, including our own.
4. Data Safety Summary
This summary mirrors the categories in Google Play's Data Safety form so you can see at a glance what is collected, why, and whether it is shared.
| Data type | Collected | Shared | Purpose | Optional |
|---|---|---|---|---|
| Personal info (name, email, phone, address) | No | No | — | — |
| Email address (only if you contact support) | Yes | No | Respond to your message | Yes — only if you email us |
| Financial info | No | No | — | — |
| Precise or approximate location | No | No | — | — |
| Photos, videos, audio, files, contacts, calendar, SMS, call logs | No | No | — | — |
| Web browsing history, search history, DNS queries, traffic content | No | No | — | — |
| App activity (in-app events, e.g. "tapped Connect", server selected) | Yes | No | Analytics & product improvement | Yes — opt out in Settings |
| Crash logs and diagnostics (device model, OS version, app version, stack trace) | Yes | No | Fix bugs and improve stability | Yes — opt out in Settings |
| Performance data (non-fatal errors, load times) | Yes | No | Fix bugs and improve performance | Yes — opt out in Settings |
| Device or other IDs (Firebase installation ID, Android advertising ID if ads enabled) | Yes (installation ID) | No | Analytics and crash attribution | Yes — opt out in Settings |
| VPN connection metadata (session start/end times, chosen server, bandwidth used) | Yes | No | Run the VPN, plan capacity, prevent abuse | No — required to provide the service |
Data encryption in transit: yes — all VPN traffic is encrypted via WireGuard; all App-to-server API calls use HTTPS.
Data deletion requests: yes — see Section 12.
Commitment to the Play Families Policy: yes.
5. Details of What We Collect
5.1 Information you provide
You do not need to create an account or provide any personal information to install or use the App. If you email us for support, we receive your email address and the content of your message solely so we can reply.
5.2 Information collected automatically
- VPN connection metadata. Start and end timestamps of your VPN session, the server location you connected to, and the amount of bandwidth used during the session. This is required to operate the service, plan capacity, and prevent abuse. We do not link this metadata to your real identity and we do not retain your originating IP address alongside it.
- Crash reports. If the App crashes, diagnostic data (device model, Android version, App version, stack trace, and a random Firebase installation ID) is sent to Firebase Crashlytics so we can reproduce and fix the issue.
- Anonymous analytics events. Anonymous product events — for example "Connect tapped", "Server list opened" — sent through Firebase Analytics. We use these to understand aggregate usage patterns.
- Device and connection properties on the Website. Standard server logs (IP address, user-agent, request path) that are retained for up to 30 days for security and to detect abuse.
5.3 What we deliberately do NOT collect
- We do not keep logs of the websites you visit, the apps you use, your DNS queries, or any other content of your traffic.
- We do not store your originating IP address together with your VPN session in a way that links them to you.
- We do not request location, contacts, SMS, call log, microphone, camera, photos, files, or calendar permissions.
- We do not read the content of any app or message.
- We do not use the Android Advertising ID unless advertising is explicitly enabled in a future version — and even then we will update this policy and give you a clear choice before any such change takes effect.
6. How We Use Information
- Operate the service — establish, maintain, and terminate your VPN tunnel; route traffic; scale capacity.
- Keep it safe — detect and block abuse, DDoS, and attempts to disrupt the service.
- Fix bugs — reproduce crashes and performance problems using Firebase Crashlytics.
- Improve the App — analyze anonymous, aggregated usage via Firebase Analytics to make the App faster and easier to use.
- Answer your support questions — if you email us.
- Comply with the law — if we receive a valid legal request. Because we retain very little data, we usually have very little to share.
We do not use your data for automated decision-making that produces legal or similarly significant effects on you. We do not engage in profiling.
7. Legal Bases (EEA / UK)
If you are in the EEA or UK, the legal bases on which we rely under the GDPR are:
- Performance of a contract (Article 6(1)(b)) — to provide the VPN service you tapped Connect on.
- Legitimate interests (Article 6(1)(f)) — keeping the service secure, preventing abuse, and fixing bugs. These interests are balanced against your privacy, which is why we collect minimal data.
- Consent (Article 6(1)(a)) — for non-essential analytics. You can withdraw consent at any time in the App's Settings.
- Legal obligation (Article 6(1)(c)) — to comply with applicable law.
8. Sharing and Disclosure
We do not sell your data. We share data only in these limited cases:
- Service providers (processors). We use a small number of service providers who process data on our behalf under contractual data protection terms. See Section 9 for the full list.
- Legal requirements. We may disclose information if compelled by a valid legal process — court order, warrant, or similar — or to protect our rights, safety, or those of our users. Because we do not log browsing activity and do not store identifying information alongside VPN sessions, we generally have very little to disclose.
- Business transfers. If SkyPath is acquired, merged, or reorganized, data may transfer as part of that transaction. We will notify users through the App or the Website before any change affects how your data is handled.
9. Third-Party Services (SDKs)
For transparency, here is every third party that may receive any data from the App, what they get, and why.
| Provider | Purpose | Data processed | Policy |
|---|---|---|---|
| Google Firebase Crashlytics | Crash reporting | Device model, OS version, app version, stack trace, installation ID | Firebase Privacy |
| Google Firebase Analytics | Anonymous product analytics | Anonymous event names, installation ID, coarse device metadata | Firebase Privacy |
| Google Play Services | App distribution, updates, security checks | Managed by Google Play on the device | Google Privacy |
| WireGuard (open-source library) | VPN protocol on-device | No data leaves the device through WireGuard itself | WireGuard |
If we ever add a new SDK that collects or shares data (for example, ads), we will update this list and the Google Play Data Safety form before it ships to users.
10. Data Retention
- VPN connection metadata — retained in aggregated form for up to 30 days for capacity planning and abuse prevention, then deleted.
- Crash reports — retained for up to 90 days, then automatically deleted by Firebase Crashlytics.
- Analytics events — retained in anonymous, aggregated form for up to 14 months, per Firebase's default retention settings.
- Support correspondence — retained for up to 12 months after resolution, then deleted.
- Website server logs — retained for up to 30 days.
11. Data Security
We take reasonable technical and organizational measures to protect the data we handle, including:
- Encrypting all VPN traffic with the WireGuard protocol (Curve25519, ChaCha20, Poly1305, BLAKE2s, SipHash24, HKDF).
- Using HTTPS for every connection between the App and our infrastructure.
- Restricting server and console access to a small number of authorized administrators using strong credentials and two-factor authentication.
- Applying operating system and library security updates on a regular schedule.
No system is ever 100% secure. While we work to protect your information, we cannot guarantee absolute security.
12. Your Rights
Wherever you are, you can:
- Access — ask what data we hold about you.
- Correct or update — ask us to fix any inaccurate data.
- Delete — ask us to erase your data. Since we collect very little that is identifying, in most cases there is almost nothing to delete.
- Opt out of analytics and crash reporting — open the App and turn the toggles off in Settings.
- Uninstall — at any time. Uninstalling the App stops all collection from your device going forward.
To exercise any of these rights, email privacy@skypath.cloud with the subject line "Privacy Request". We will respond within 30 days. We may ask you to confirm details to prevent malicious requests.
12.1 If you are in the EEA or UK (GDPR / UK GDPR)
In addition to the rights above, you have the right to: restrict processing; object to processing based on legitimate interests or for direct marketing (we do no direct marketing); data portability; withdraw consent at any time; and lodge a complaint with your national data protection authority.
12.2 If you are in California (CCPA / CPRA)
California residents have the right to know what personal information we collect, to request its deletion, to correct inaccuracies, and to opt out of the "sale" or "sharing" of personal information. SkyPath does not sell or share personal information as those terms are defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit under CPRA. We will not discriminate against you for exercising any of these rights.
12.3 Account and data deletion
SkyPath does not use accounts, so there is no account to delete. To request deletion of any data we hold that relates to you (for example, support correspondence, or any diagnostic data tied to your App installation), email privacy@skypath.cloud with the subject line "Delete My Data". Include your device model and the approximate install date so we can locate the relevant records. We will confirm deletion within 30 days.
13. Children's Privacy
SkyPath is not directed at children under 13 (or the equivalent minimum age under your local law; for example, 16 in some EU member states). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child in violation of applicable law, we will delete it promptly. If you believe a child has provided us with personal information, contact privacy@skypath.cloud.
14. International Data Transfers
SkyPath operates servers in multiple countries. When you connect to a VPN server, your encrypted traffic passes through that server's location. Crash reports and analytics are processed by Google Firebase, which may transfer data to the United States or other countries where Google operates, under transfer mechanisms described in Google's privacy documentation (including Standard Contractual Clauses where applicable). By using SkyPath you understand that data may be processed in countries different from your own.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will:
- Update the "Last updated" date at the top of this page.
- Notify you in the App (for example, via a banner on the home screen) or by prominent notice on the Website before the changes take effect.
Your continued use of SkyPath after changes are posted means you accept the updated policy. If you do not agree with a change, please stop using the service.
16. Contact
- Privacy questions or requests: privacy@skypath.cloud
- General support: support@skypath.cloud