// Legal // Политика конфиденциальности

Privacy Policy

Политика конфиденциальности

Last updated: April 4, 2026 // Effective: April 4, 2026

1. Our Privacy Commitment

OmniShield ("we", "us", "the Service") was built on a single principle: the only way to truly protect your data is to never collect it in the first place. We operate a strict zero-logs VPN service across four stealth protocols: VLESS+Reality, VLESS+XHTTP, AmneziaWG 2.0, and Hysteria2.

RU: OmniShield не ведёт логи. Мы собираем только минимум, необходимый для биллинга, и удаляем платёжные записи через 30 дней.

2. Zero-Logs — Technical Explanation

Our zero-logs commitment is enforced at the infrastructure level, not just in policy:

  • All VPN nodes run with disk logging disabled (log: none in Xray, LogLevel=0 in AmneziaWG).
  • System logs (syslog, journald) are routed to /dev/null on all egress nodes.
  • No DNS resolver logs are kept — we run our own DNS-over-HTTPS resolvers in volatile memory only.
  • No NetFlow / sFlow / IPFIX is enabled on any interface.
  • Servers run a hardened Linux image with read-only root filesystem; only RAM-backed tmpfs is writable.
  • Connection state tables (conntrack) are flushed on a 60-second cycle.

3. Data We DO Collect

To operate the service, we must store the following minimum information:

  • Account identifier: A randomly generated account number (or your Telegram numeric ID if you sign up via the bot). No name, no email required.
  • Subscription metadata: Plan type, expiration date, and active/inactive status.
  • Payment records: OxaPay transaction ID, cryptocurrency used, amount, and timestamp. Stored for 30 days, then permanently deleted.
  • Aggregate bandwidth: Total bytes per account per day (free tier quota only). Reset daily.

4. Data We Do NOT Collect

  • Browsing history, visited domains, or URLs
  • DNS queries
  • Source IP addresses or geolocation
  • Connection timestamps or session duration
  • Traffic content, headers, or metadata
  • Server selection history
  • Device fingerprints, MAC addresses, or hardware IDs
  • Email, phone number, real name, or any KYC data

5. Data Retention Schedule

  • Active account: Retained while subscription is active.
  • Cancelled account: Purged within 7 days of cancellation.
  • Payment records: 30 days, then irreversibly deleted.
  • Bandwidth counters: Reset every 24 hours, no history.
  • Support tickets: Auto-deleted 30 days after resolution.

6. Third-Party Services

  • OxaPay: Cryptocurrency payment processor. Receives transaction amount and a callback ID. Does not receive your account details. See OxaPay terms.
  • Cloudflare: DDoS protection for the marketing website (omnishield.io) only. Cloudflare is NEVER used to proxy VPN traffic.
  • Telegram Bot API: If you register via the bot, Telegram sees your message metadata under their privacy policy.

7. Your Rights (GDPR / CCPA)

Even though we hold almost no data, you have full rights under GDPR, CCPA, and similar frameworks:

  • Right of access: Request a copy of all data tied to your account.
  • Right to erasure: Request immediate deletion (typically completed within 24 hours).
  • Right to data portability: Receive your data in a machine-readable JSON export.
  • Right to rectification: Correct inaccurate account data.
  • Right to object: Object to any specific processing of your data.
  • Right to withdraw consent: At any time, with no consequence other than service termination.

To exercise any of these rights, see our GDPR page or email [email protected].

8. Cookies & LocalStorage

Our website uses the absolute minimum: a session cookie for the dashboard login and LocalStorage entries for your selected locale and theme. We do not use any tracking cookies, advertising pixels, or third-party analytics. See our Cookie Policy for full details.

9. Children's Privacy

OmniShield is intended for users 18 years of age or older. We do not knowingly collect information from minors. If we discover that a minor has registered, the account will be terminated and any associated data deleted immediately.

10. Jurisdiction

OmniShield is operated from a privacy-friendly offshore jurisdiction with no mandatory data retention laws and no participation in 5/9/14-Eyes intelligence-sharing agreements. We are not subject to gag orders or national security letters from those jurisdictions.

11. Government Requests & Warrant Canary

We have never received a National Security Letter, gag order, or any government request that we have not been able to publicly disclose. The absence of this statement on a future revision of this page should be considered meaningful. Our public warrant canary is updated monthly at /canary.

12. Changes to This Policy

Material changes will be announced via our Telegram channel @omnishield_vpn and posted at the top of this page at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance.

13. Contact

For any privacy-related question or to file a data request, contact: