Privacy Policy

CANTHO SONG NUOC LIMITED COMPANY, operating as Zic VPN ("Zic VPN," "we," "us," or "our"), provides the Zic VPN application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information in connection with the Service.

By accessing or using the Service, you acknowledge the practices described in this Privacy Policy.

Information We Collect

We collect information that is reasonably necessary to provide, secure, maintain, support, and improve the Service.

Account and identity information

When you register for or sign in to the Service, we may collect:

your email address;

account identifiers associated with your login and service account;

limited profile information made available through a supported sign-in provider, such as a display name or profile image;

account status and entitlement information.

Authentication and session information

We may process information used to authenticate you and maintain secure access to the Service, including:

login and session identifiers;

authentication tokens or equivalent access credentials;

device-login or QR-login session data where such features are available;

related timestamps, status information, and limited device/session metadata associated with those flows.

Subscription and purchase information

If you use paid features, we may process:

subscription status and entitlement data;

package or product identifiers;

renewal and expiry information;

transaction identifiers, purchase tokens, or similar purchase references;

server-to-server notification data received from Apple or Google for subscription management.

We do not store your full payment card information on our own systems. Billing and payment processing are handled by the applicable platform or payment provider.

VPN service and technical information

To operate the Service, we may process limited technical information, including:

the IP address used to establish or maintain a VPN connection, which we use for service operation, security, and abuse prevention rather than to build browsing activity profiles;

connection-related timestamps, including handshake-related information;

transfer, bandwidth, or usage counters;

device names, device identifiers, or similar client identifiers used to provision and manage VPN access;

VPN server and endpoint information;

configuration and provisioning data required to generate and deliver VPN access.

Operational logs and diagnostics

To secure and maintain the Service, we may process:

request method, request path, and related request metadata;

user agent or limited device/session metadata associated with service requests;

error logs, webhook logs, cleanup logs, and similar operational records;

infrastructure and service monitoring data.

Support communications

If you contact us, we may process the information you provide in support requests, emails, and related communications.

Information We Do Not Use To Monitor VPN Traffic Content

Although internet traffic necessarily passes through the VPN service in order to provide connectivity, Zic VPN does not log, store, inspect, or analyze the content of that traffic.

We do not collect or store:

browsing history;

DNS query content;

website content;

the content of communications transmitted through the VPN tunnel;

the payload of internet traffic sent through the VPN connection.

We do not use the Service to profile you based on the content of your VPN traffic.

How We Use Information

We use information to:

create and manage accounts;

authenticate users and maintain secure access;

provide, configure, and operate VPN access;

support subscriptions, renewals, entitlement checks, and service limits;

detect, prevent, and investigate fraud, abuse, and security incidents;

monitor, troubleshoot, maintain, and improve the performance and stability of the Service;

respond to support requests;

comply with legal obligations and enforce our contractual rights;

understand, on an aggregated or limited basis, how features of the Service are used in order to improve functionality and user experience, without using such data for advertising or cross-service tracking.

We do not sell your personal information.

We do not use your information for advertising targeting based on the content of your VPN traffic.

We do not use your data to build behavioral profiles or track your activity across other companies' apps, websites, or services.

We do not use persistent device identifiers for cross-service tracking or advertising purposes.

We do not use collected identifiers for advertising, profiling, or targeted marketing purposes.

How We Share Information

We do not sell, rent, or trade personal information.

We may disclose limited information as necessary to operate the Service, comply with law, protect rights and safety, or support our legitimate business operations.

Service and platform providers

We may share information with providers that support the Service, including:

Apple, including Sign in with Apple, the App Store, and TestFlight where applicable;

Google services, including Google Sign-In and Firebase-related services;

backend, hosting, infrastructure, security, and support providers used to operate the Service;

operational logging and monitoring systems used in production.

These providers may process information under their own terms and privacy policies where they act independently, or on our behalf where they act as service providers. Where service providers process information on our behalf, we require them to do so for limited business purposes and under appropriate confidentiality, security, and data protection obligations. They are engaged to support account, subscription, infrastructure, security, and operational functions, not to receive VPN traffic content for advertising or profiling purposes.

Legal and safety disclosures

We may disclose information when reasonably necessary to:

comply with applicable law, regulation, legal process, or lawful requests;

protect the rights, safety, or security of Zic VPN, our users, or third parties;

detect, investigate, or address fraud, abuse, or security incidents.

Data Retention

We retain information only for as long as reasonably necessary to provide the Service, secure and maintain the Service, prevent abuse, resolve disputes, and comply with legal obligations.

Some temporary, diagnostic, or operational records may be deleted automatically after internal retention periods. Other account, subscription, provisioning, and operational records may be retained longer where reasonably necessary for service delivery, security, compliance, fraud prevention, troubleshooting, or recordkeeping.

Data Security

We implement reasonable technical and organizational safeguards designed to protect information processed by the Service.

However, no method of transmission or storage is completely secure. You are responsible for maintaining the security of your device, account credentials, and any VPN configuration materials made available to you.

International Data Processing

Your information may be processed in countries other than the country where you reside, including countries where our service providers or infrastructure operate.

By using the Service, you understand that information may be transferred to and processed in these jurisdictions, subject to applicable law.

Your Rights

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, restriction of, or a copy of certain personal information.

Some requests may be handled manually where automation is not available. We may retain certain information where necessary for legal, security, fraud-prevention, billing, audit, or operational reasons.

To submit a request, contact us at support@zic.network.

Pre-release And TestFlight Versions

If you use a beta, test, or pre-release version of the Service, including a build distributed through TestFlight, Apple may independently collect diagnostic, usage, and related information under Apple's own privacy terms.

Any Apple-controlled collection is governed by Apple's privacy practices, not by this Privacy Policy.

Children's Privacy

The Service is not directed to children under 13, or under the minimum legal age required in the relevant jurisdiction.

We do not knowingly collect personal information from children without an appropriate legal basis where required by law.

Changes To This Privacy Policy

We may update this Privacy Policy from time to time.

Where required by law, we will provide notice of material changes. Your continued use of the Service after an updated Privacy Policy becomes effective constitutes acceptance of the updated Privacy Policy.

Contact

For privacy questions or requests:

Email: support@zic.network

Website: https://zic.network