Secureferry

Privacy

Secureferry Privacy Policy

Secureferry ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use Secureferry's applications, websites, and related services (collectively, the "Services").

Effective
23 April 2026
Last updated
23 April 2026
Version
2026-04-23-6aac6038e2b6
Sections
16

Scope

This Privacy Policy applies to all Secureferry Services, including:

  • mobile applications
  • account, authentication, and identity services
  • route, device, and service management features
  • subscription and billing systems
  • support, diagnostics, and security operations

Secureferry uses Android's VPN permission to route device traffic at the system level. Android requires this permission for apps that establish device-level encrypted routes.

Information We Collect

We collect only the information necessary to operate, secure, and improve the Services.

Account And Profile Information

  • email address
  • authentication credentials or provider identifiers
  • display name, avatar, locale, and preferences
  • account settings and configuration

Device, Session, And Security Information

  • device identifiers and platform information
  • IP address
  • session identifiers and authentication metadata
  • user agent and connection metadata
  • sign-in activity and security timestamps

Service Configuration And Usage Data

  • route configurations and settings
  • device-to-route associations
  • selected locations, regions, or preferences
  • Customs clearance for apps, sites, or routing behavior
  • technical identifiers required to establish and maintain connections

If users configure Customs clearance based on apps, selected application package identifiers may be stored to apply those settings. Secureferry does not collect a full inventory of installed applications on the device.

Customs clearance for apps or domains is based on user configuration and is not used to track app usage.

Subscription And Purchase Information

  • product and subscription identifiers
  • purchase tokens and transaction metadata
  • subscription status, renewals, and expiration
  • pricing, currency, and tax information

Payments are processed by third-party platforms such as app stores, which handle payment details in accordance with their own policies.

Notification And Delivery Data

  • notification settings and preferences
  • push notification tokens
  • delivery metadata and inbox state needed to send service notifications

Operational, Diagnostic, And Security Data

  • crash reports and error logs
  • performance and reliability metrics
  • connection events and system health signals
  • fraud detection and abuse prevention signals

When a route is active, user network traffic is forwarded through the selected Secureferry route so it can be securely transported between checkpoints. Routing occurs only when the user explicitly activates a route and can be disabled at any time.

Secureferry does not read, inspect, store, or sell the contents of user network traffic (such as websites visited, messages, or payload data). Secureferry does not collect browsing history.

Crash and diagnostic data relate to application performance and stability, not user traffic content.

Information Stored On Your Device

We may store limited data locally to enable functionality and performance:

  • session state and authentication tokens
  • device identifiers generated locally
  • cached account or configuration data
  • route configurations and preferences
  • notification settings and sync state

Where supported, this data is protected using platform security features.

How We Use Information

We use collected information to:

  • provide and operate the Services
  • authenticate users and maintain sessions
  • configure and maintain routes and connectivity
  • process subscriptions and validate purchases
  • detect, prevent, and respond to fraud or abuse
  • diagnose issues and maintain system reliability
  • communicate service-related, billing, security, and notification updates
  • comply with legal obligations
  • improve and develop features

We do not use your data for behavioral advertising or data brokerage.

Data Protection Framework And Lawful Basis

Secureferry applies data protection principles and lawful bases intended to keep collection, use, and disclosure of personal information bounded to the service we provide.

Data Protection Principles

  • lawfulness, fairness, and transparency
  • purpose limitation
  • data minimization
  • accuracy
  • storage limitation
  • integrity and confidentiality

Frameworks This Policy Aligns With

  • South Africa's Protection of Personal Information Act
  • the General Data Protection Regulation
  • platform requirements such as Google Play Data Safety

Lawful Bases For Processing

  • contractual necessity to provide the Secureferry service, including accounts, routes, sessions, and subscriptions
  • legitimate interests in maintaining security, preventing fraud, and improving reliability
  • legal obligation to comply with applicable laws and regulatory requirements
  • consent where required for optional features or jurisdiction-specific requirements

Data Minimization, Privacy By Design, And Payload Protection

Secureferry is designed with strict data minimization principles:

  • we collect only metadata required to operate the service
  • we implement explicit controls intended to prevent logging of payload data
  • we do not store request or response bodies or routed traffic content as part of normal service logging
  • selective logging is intended to use allow-lists rather than broad catch-all collection
  • sensitive fields are excluded or redacted where feasible
  • aggregation and anonymization are applied where feasible
  • minimal data collection and secure defaults are part of feature design
  • feature-level data isolation and ongoing review of data flows are used where practical

Secureferry does not read, inspect, store, or sell the contents of user network traffic (such as websites visited, messages, or payload data). Secureferry does not collect browsing history.

How We Share Information

We may share information in limited circumstances.

Service Providers

We may share information with vendors supporting:

  • infrastructure and hosting
  • authentication
  • billing and subscription management
  • diagnostics and crash reporting
  • notification delivery

Where required:

  • Data Processing Agreements or comparable contractual controls are put in place
  • processors are bound to confidentiality and security obligations
  • processors may process data only on Secureferry's documented instructions

Data is processed by service providers solely on behalf of Secureferry and not for their independent use.

Identity And Payment Platforms

Third-party platforms such as app stores and identity providers may process data independently under their own policies.

Legal And Safety Requirements

We may disclose information where required to:

  • comply with applicable laws
  • respond to lawful requests
  • enforce terms and policies
  • protect users, rights, or public safety

Business Transfers

Information may be transferred in the event of a merger, acquisition, financing, or restructuring, subject to applicable safeguards.

We do not sell personal data to third parties.

Data Retention And Account Closure

We retain information only as long as necessary to provide the Services, maintain security and operational integrity, and meet legal and regulatory obligations.

Where possible, data is deleted, anonymized, aggregated, or archived after use.

Indicative Retention Schedule

  • crash reports and diagnostics: 7-14 days, then deleted or aggregated
  • performance metrics: up to 30 days, then aggregated
  • security logs: 14-90 days, depending on threat analysis needs
  • session data: active session plus a short operational buffer, then automatic expiry
  • account data: while the account is active, then deleted on request subject to legal exceptions
  • subscription records: as required by law for tax and financial compliance

Retention Extensions

Retention periods may be extended where strictly necessary for:

  • security investigations
  • legal compliance
  • fraud prevention

Deletion And Account Closure

Users may request deletion of their data at any time.

Secureferry provides an in-app account deletion flow in Account > Security > Danger zone.

Secureferry also provides a web account deletion request page at https://www.secureferry.com/account-deletion. Sign in with the Secureferry account you want deleted, type DELETE, and submit the request.

If an account has an active Google Play subscription, that subscription must be canceled in Google Play before account deletion can proceed.

Accepted account deletion requests are scheduled with a 48-hour cooling-off period. During that period, the user may sign in to the web account page and cancel the deletion request before deletion starts.

Deletion Scope

Deletion may include:

  • account profile data
  • route and configuration data
  • associated identifiers where feasible

Retention Extensions And Exceptions

Retention periods may be extended, or deletion may be limited, where strictly necessary for:

  • security investigations
  • legal compliance
  • fraud prevention
  • security or audit requirements

Deletion Request Channels

Secureferry may provide:

Certain data may be retained after account deletion where permitted or required by law, or where needed for security, billing, financial compliance, dispute handling, or system integrity.

Operational app data such as profiles, routes, maps, zones, and session records is intended to be removed through the account deletion flow. Billing, audit, and version-history records may still be retained where required or permitted.

International Transfers And Safeguards

Your information may be processed in jurisdictions outside your country of residence.

Where required, Secureferry implements safeguards such as:

  • contractual protections
  • adequacy-based transfer mechanisms where applicable
  • security controls intended to provide equivalent protection

Security Measures

We implement layered security controls.

Technical Safeguards

  • encryption in transit
  • encrypted tunnels where applicable
  • key rotation and secure key storage
  • network isolation and segmentation

Organizational Safeguards

  • role-based access control
  • least-privilege enforcement
  • staff confidentiality obligations
  • security awareness practices

Operational Safeguards

  • monitoring and anomaly detection
  • incident response procedures
  • regular system updates and patching

No system is completely secure, and we cannot guarantee absolute security.

Google Play Data Safety Disclosure Alignment

Secureferry's data practices are intended to align with Google Play disclosure requirements.

Data Collected

  • account information
  • device and app activity limited to diagnostics and security metadata
  • app interactions and operational metadata needed for core functionality

Data Sharing

  • shared only with service providers needed for core functionality
  • not sold to third parties

Data Security

  • data encrypted in transit
  • access controls enforced
  • no payload inspection or logging as part of normal service operation

User Controls

  • data deletion available
  • diagnostic or notification controls may be available where applicable

Your Rights And Choices

Depending on your jurisdiction, you may have rights relating to access, correction, deletion, objection, consent, portability, and account controls. Secureferry will respond to requests within reasonable timeframes in accordance with applicable law.

General Privacy Rights

  • access your personal data
  • correct inaccurate data
  • request deletion
  • restrict or object to processing
  • withdraw consent where applicable
  • request data portability where applicable

Account And Device Controls

  • update your profile in-app
  • manage subscriptions via app stores
  • control notifications at device or app level
  • request account deletion

POPIA Rights In South Africa

Users in South Africa may:

  • request access to personal information
  • request correction or deletion
  • object to processing under certain conditions
  • lodge complaints with the Information Regulator

GDPR-Style Rights Where Applicable

Users under GDPR-style frameworks where applicable may:

  • access, rectify, or erase personal data
  • restrict or object to processing
  • request portability where applicable
  • withdraw consent

Data Breach Notification

In the event of a data breach, we may:

  • assess risk and impact
  • notify affected users where required
  • notify regulators where legally required
  • take corrective and preventive measures

Children's Privacy

Secureferry is not intended for children who cannot legally consent to data processing in their jurisdiction.

We do not knowingly collect such data. If identified, we will take appropriate action.

Changes To This Policy

We may update this Privacy Policy periodically.

We will update the "Last updated" date and provide notice where required.

Contact

For privacy inquiries or data protection requests:

Secureferry
Email: [email protected]