Overview
This Privacy Policy explains how we process personal data when you use Lynx VPN. We do not operate a website for Lynx VPN and we do not use cookies. By using the app, you agree to this Policy.
Controller/Operator: Free Connected Limited, registered in Hong Kong, Room 1003, 10/F, Tower 1 Lippo Centre, 89 Queensway, Admiralty, Hong Kong (we, us, our).
Contact: [email protected].
No logs of your online activity: We do not log or store your browsing content, DNS queries, destination IPs/domains, your originating IP address, or the VPN server IP you connect to.
Minimal data only: We process only what is necessary to operate, secure, and support the service.
Ephemeral diagnostics: Technical diagnostics, if processed, are automatically deleted within 48 hours (see Sections 3(c) and 3(f)).
Anonymous by default: No account is required to use the service.
Limited third-party SDKs: We use Google AdMob to display ads in the free version of the app, and we use Google Firebase to monitor crashes/performance on mobile. No other ad networks or analytics SDKs are integrated.
EU data location (our systems): Personal data we control is processed and stored in the European Union. Third-party providers (e.g., Google) may process data globally (see Section 6).
Single support channel: Support is by email only; we do not request or retain screenshots, videos, or file attachments.
We collect only what is necessary to operate and support Lynx VPN: (i) an app-generated Device ID to validate subscriptions and prevent abuse (no account required); (ii) subscription and purchase metadata from Apple/Google (status, product tier, and receipt/transaction IDs—no card or bank details); (iii) short-lived connection diagnostics such as timestamps, protocol type, network type, and error codes, which are deleted within 48 hours; (iv) coarse, country-level location inferred at session start without storing your IP address; (v) your email address and message content when you contact support (we do not request or retain screenshots, videos, or file attachments); (vi) crash/performance telemetry via Google Firebase (crash traces and technical app/OS information, not user content); and (vii) advertising data processed by Google AdMob to deliver and measure ads in the free version, which may include advertising identifiers (IDFA/GAID), device IP address, coarse location, device/app information, and ad interactions—personalized ads are shown only where required consent is obtained. We do not log your browsing content, DNS queries, destination IPs/domains, your originating IP address, or the VPN server IP you connect to. For legal bases and retention periods, see Sections 5 and 8.
Advertising: We share limited device/app information with Google AdMob to serve and measure ads. AdMob may receive identifiers (IDFA/GAID), your device IP address, and other signals as described in Section 3(g).
Crash/performance: We use Google Firebase for mobile crash and performance monitoring as described in Section 3(f).
Service providers: We may use EU-based infrastructure or security vendors acting as processors under written agreements and our instructions only. They may not use data for their own purposes.
Sale or “sharing” for cross-context behavioral advertising:
Our systems: Processing and storage occur in the European Union.
Third parties: Google (AdMob/Firebase) and certain service providers may process data on servers located outside the EU/EEA, including in the United States.
Safeguards: Where personal data is transferred internationally, we implement safeguards such as standard contractual clauses (SCCs), access controls, and data minimization.
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls and least-privilege practices, administrative access logging, and security reviews. No method of transmission or storage is completely secure; you are responsible for the security of your device and network.
Connection diagnostics (our systems): Deleted within 48 hours.
Device ID (our systems): Retained while installed and/or subscription active; deleted upon verified request.
Subscription and transaction metadata (our systems): Retained up to 7 years or as required by law.
Support emails (our systems): Retained up to 24 months, unless deletion is requested and legally permissible.
Firebase/AdMob (Google): Retention is managed by Google under their policies; we do not control those periods.
How to delete: Contact us at [Support/Privacy Email] with your Device ID and relevant store receipt identifiers so we can locate and delete records held in our systems, subject to legal requirements. This will not affect data held by Google; please consult Google's privacy settings and policies for their services.
EU/UK: You may request access, rectification, erasure, restriction, portability, and object to processing. You may lodge a complaint with your local supervisory authority. We respond within one month, extendable as permitted.
California (CCPA/CPRA): You may request to know/access, delete, and correct personal information. We do not sell personal information. We may “share” personal information for cross-context behavioral advertising via AdMob when you allow personalized ads; you can opt out by disabling personalized ads in-app (if available) or in your device settings (reset/limit IDFA on iOS; Ads Personalization on Android).
Consent management (EEA/UK): We will display a consent prompt for advertising. You can change or withdraw your consent at any time in the app (if available) or by adjusting your device settings. If you do not consent, we will serve non-personalized ads or no ads, as required.
Apple ATT: On iOS, we will request permission to access the advertising identifier (IDFA) for personalized ads. You can allow or deny this in iOS settings at any time.
Exercising rights: Email [Support/Privacy Email] and include your Device ID and relevant store receipt identifiers. We will verify your request and may decline unverifiable or excessive requests.
The service is not directed to children and must not be used by anyone under 16 years of age, or a higher age where required by local law. We do not knowingly collect data relating to children. If you believe a child has provided data, contact us so we can delete it. Personalized advertising is not knowingly enabled for minors where prohibited by law.
We may restrict access to the service in jurisdictions subject to comprehensive sanctions or where use would violate applicable export control laws.
We may update this Policy to reflect changes to our practices or law. Material changes will be communicated in-app. The effective date above indicates when the latest version took effect. Continued use after that date constitutes acceptance.
Email: [email protected]