0trace0 logo0trace0
Home

Privacy Policy

Version dated May 1, 2026

1. Operator and Contacts

Personal data operator: Jourloy LLC. TIN: 2373027111. Address: 14 Lunnaya St., Yuzhny settlement, Dinskoy district, Krasnodar Krai, 353217, Russia. Email for personal data requests: hello@0trace0.me. OGRN: TODO_OPERATOR_OGRN.

Database localization: user databases must be located in the Russian Federation. Actual database location: TODO_DATABASE_LOCATION. RKN personal data processing notification status: TODO_RKN_NOTIFICATION_STATUS. Cross-border transfer notification status: TODO_CROSS_BORDER_NOTIFICATION_STATUS.

2. Data We Process

  • Account and authentication: username, password hash, JWT and refresh-token cookies, token version, device identifier, selected locale, registration and login dates.
  • Email and recovery: email, encrypted email value, email hash, verification code metadata, recovery links, delivery status, and Mailgun transfer for email delivery.
  • Payments and subscriptions: receipt email, order and payment IDs, CloudPayments order/transaction/subscription/token IDs, webhook payloads and headers, subscription status, Apple/Google purchase tokens, receipts, and verification responses.
  • Devices and VPN: device name, type and OS, current-device flag, VPN configuration, 3x-ui client IDs, traffic counters, connection status, child policies, and routing rules.
  • Support, family, and notifications: ticket subjects and messages, family member usernames and invitations, Telegram ID/username/avatar, notification settings, push tokens, and Firebase delivery data.
  • Cookies and storage: jwt, refresh_token, NEXT_LOCALE, zero_trace_zero_cookie_consent, legacy localStorage auth/translation keys.

3. Purposes and Legal Bases

  • Registration, login, account maintenance, secure session, and access recovery.
  • Provision of 0trace0: subscription access, VPN/device management, support, family access, notifications, and billing.
  • Payment processing, fiscal receipt delivery, subscription renewal, fraud prevention, accounting, and legal records.
  • Security, diagnostics, audit, incident investigation, abuse prevention, and user request handling.
  • Processing based on consent: personal data consent, optional marketing consent, and optional cookies when enabled by the user.

4. Processors and External Services

0trace0 uses external services for specific operational purposes. Current integrations that may receive data include CloudPayments, Mailgun, Firebase Cloud Messaging, Telegram, S3-compatible storage, Apple and Google purchase verification, 3x-ui infrastructure, and AI tools used by administrators on command.

Google runtime translation for screen text is disabled. The Service must not send user or visible screen text to translate.googleapis.com for automatic translation.

5. Retention

Data is stored while the account exists and while contractual, service, accounting, legal, or security purposes remain. Payment, accounting, consent evidence, and incident data may be stored longer if required by law. Exact retention periods: TODO_RETENTION_PERIODS.

6. User Rights

The User may request information about processing, correction, blocking, deletion, withdrawal of consent, and other actions available under applicable law. Requests are sent to hello@0trace0.me.

7. Safeguards

0trace0 applies access control, password hashing, transport encryption, operational logging, restricted access to production systems, and other organizational and technical measures. Incident response procedure status: TODO_INCIDENT_PROCEDURE_STATUS.