Controller: Matora Inc. · Effective 2026-07-15

matoraVPN Privacy Policy

Data minimization is part of the architecture: we do not build browsing-activity profiles, and process only what is needed for connection delivery, subscriptions, device recovery, abuse prevention, and support.

No browsing content logs

We do not retain visited URLs, page content, or search terms.

No personal DNS history

We do not retain destination DNS-query history tied to an individual.

No raw IP in the app database

Abuse controls use irreversible HMAC buckets instead of writing source IPs to the application database.

  1. 1. Scope and controller

    This Policy covers the matoraVPN website, iOS and macOS clients, control plane, subscriptions, and support. Matora Inc. is the controller; its address is 8 The Green, Dover, DE 19901-3618, United States.

    Third-party sites and Apple or Stripe interfaces are governed by their own policies.

  2. 2. Data we process

    We process the following minimum data by function:

    • Pseudonymous account and entitlement data: random account ID, irreversible recovery-credential hashes, language, plan, entitlement status, and expiration;
    • Device and session data: random device ID, platform, user-chosen device name, fingerprint hash, token hashes, last-use time, and revocation state;
    • Connection control data: short-lived session ID, assigned node, coarse region, selected service lane, configuration version, expiration, and aggregated success/failure signals;
    • Billing data: Stripe customer/subscription/price/event IDs or Apple original transaction IDs, plan, status, and billing period. We do not receive full card numbers;
    • Support data: ticket subject, user-provided messages, state, assignment, and replies. Optional email is hashed and is reversibly encrypted only when a dedicated key is configured for alerts;
    • Security and abuse data: a source address is used transiently to create irreversible rate-limit/HMAC buckets; the raw value is not stored in the application database;
    • Site session data: an HttpOnly, Secure, SameSite account cookie and browser-local references to the random account or an anonymous support ticket.
  3. 3. Connection activity we expressly do not collect

    matoraVPN does not write browsing history, visited URLs, page content, search terms, destination DNS queries, communication content, or a complete person-level connection timeline to its business database.

    Network nodes must process packets transiently to provide the VPN, but content is not retained for advertising, profiling, or sale. Infrastructure providers may process limited network metadata for security and availability under access, contract, and retention controls.

  4. 4. Purposes and legal bases

    We perform the service contract by delivering connections, syncing entitlement, managing devices, processing payment, and supporting customers. We rely on legitimate interests to prevent fraud, secure systems, aggregate service health, and improve reliability; legal obligations for required accounting and lawful requests; and consent for optional processing where law requires it.

    We do not sell personal information, share it for cross-context behavioral advertising, or use sensitive connection activity for targeted advertising.

  5. 5. Processors and disclosures

    We disclose only what is needed to service providers: Cloudflare (network edge and security), Vultr (server infrastructure), Stripe (web payments), Apple (App Store billing and distribution), and Google Workspace (authorized support notifications and internal collaboration).

    We may also disclose necessary data in response to valid legal process, to protect users or systems, in a corporate reorganization, or at your direction. We cannot give advertisers browsing-activity profiles that we do not create.

  6. 6. Retention and deletion

    The final support-ticket retention period is 730 days after closure, and required billing/tax records are retained for 7 years. Active account, device, and entitlement records remain while needed to provide service. Revoked tokens and security records remain only as needed for replay prevention, fraud, disputes, or law.

    Aggregated node health is not used to identify individuals. Expired data is deleted or de-identified; deletion from backups completes through the controlled backup rotation.

  7. 7. International transfers

    Matora Inc. is in the United States, and providers or nodes may be in other countries. Cross-border processing uses applicable contractual safeguards, provider security commitments, and data minimization. Local laws may differ from those where you live.

  8. 8. Security

    Controls include encryption in transit, hashed tokens, least privilege, Cloudflare Access, restricted Stripe keys, signed configuration, audit events, and privacy-preserving rate limits. A support email is reversibly encrypted only with dedicated key material.

    No system can promise absolute security. We assess, contain, and notify about incidents as law requires. Never send a recovery key or password to support.

  9. 9. Your choices and rights

    Depending on your location, you may request access, correction, deletion, restriction, objection, or portability; withdraw consent; and complain to a regulator. We may need a support code, recovery proof, or other minimum information to verify a request, never browsing history.

    Send requests to support@matoratech.com. Canceling a subscription does not automatically delete billing records we must retain. You can revoke sessions and remove clients from your devices.

  10. 10. Children and teenagers

    The service is not directed to children below the final minimum age of 18. If you believe a child supplied data without authorization, contact us so we can verify and delete it.

  11. 11. Policy changes and contact

    Material changes are explained before taking effect through the site, client, or an available contact method, with a new effective date. Versions are tracked by policy version.

    Contact support@matoratech.com for privacy questions or rights requests.

Matora Inc.

8 The Green, Dover, DE 19901-3618, United States

support@matoratech.com
matoraVPN privacy - no browsing logs, less data