Privacy Policy

• · We do not log traffic content, destinations, DNS queries, or IP addresses.
• · We keep the minimum needed to operate the service: an account email, billing record, and aggregate counters.
• · We do not sell, rent, or share your data with advertisers or governments.
• · Servers run RAM-only sing-box; nothing is written to disk.

Astrum (the "Service") is operated by Astrum Network Limited, a UK-incorporated company. We can be reached at privacy@astrumvpn.com.

Account

• · Email address (for activation codes, password resets, billing receipts)
• · Hashed password (argon2id; we never see your plaintext password)
• · Account creation timestamp and last-seen timestamp (for inactive-account cleanup)

Billing

• · Stripe customer ID (we never store card numbers; Stripe is our PCI-compliant processor)
• · Invoice history (amount, currency, date) — required by tax law
• · For Alipay payments, the Stripe-issued reference; we do not see Alipay account details

Service usage (aggregate only)

• · Per-account daily byte counters (for fair-use enforcement on unlimited plans)
• · Per-node aggregate connection counts (for capacity planning) — not linked to accounts
• · No timestamps of individual connections, no source IPs, no destinations

What we explicitly do not collect

• · Browsing history, DNS queries, or destination IPs
• · Source IP addresses of users connecting to nodes
• · Packet contents (it's an encrypted tunnel; we couldn't read them anyway)
• · Real names, addresses, phone numbers, or any KYC data

• · RAM-only servers: sing-box runs with tmpfs-backed working directories. The kernel is read-only. Reboot wipes everything except the systemd unit.
• · No syslog forwarding: rsyslog is disabled on edge nodes; journald is in-memory and capped to 50 MB.
• · No connection logs: sing-box is configured with log.disabled: true at the routing layer. We pull only Prometheus counters (aggregate gauges, no per-flow data).
• · The control-plane database stores account / billing / aggregate-usage rows; the schema is published in control-plane/schema.sql for verification.

The marketing site (this domain) uses one cookie (astrum_session) for dashboard authentication. We do not use Google Analytics, Facebook Pixel, ad networks, or third-party tracking scripts. Performance is monitored server-side via Prometheus.

We do not sell your data. We share it only when required by:

• · Stripe (payment processor) — receives billing data necessary to charge you
• · Cloudflare Turnstile (bot protection) — receives a one-time challenge token, no PII
• · Legal demand from a court of competent jurisdiction in England & Wales. Because we don't keep traffic logs, the most we can produce is account email + billing record. We publish a transparency report annually.

• · Access / Export: email privacy@astrumvpn.com for a JSON dump of all data we hold on you.
• · Deletion: account deletion is a button in your dashboard (/billing) and is irreversible. We retain billing records for 7 years to comply with UK tax law (HMRC requirements); this is the only data that survives account deletion.
• · Rectification: change your email at any time from the dashboard.
• · If you are an EEA / UK resident, GDPR / UK-GDPR rights apply and we respond within 30 days.

• · Passwords: argon2id (memory: 64 MiB, iterations: 3, parallelism: 1)
• · Subscription configs signed with ed25519; client verifies before connecting
• · Database TLS, daily encrypted backups in a separate region
• · Vulnerability disclosure: email security@astrumvpn.com. We aim for first response within 48h.

We will notify all account holders via email at least 14 days before any material change to this policy. The previous version remains accessible at /privacy/archive.