LineVPN Privacy Policy

Effective from May 11, 2026. Forms an integral part of the Terms of Use.

1. Principles

LineVPN is built on the principle of data minimization. The Operator collects only the information necessary for the Service to function and does not collect data identifying the user beyond their Telegram account.

The Service does not log the content of VPN traffic: visited sites, DNS queries, source or destination IP addresses of connections, the duration of individual sessions, or any other information about the user's actions on the internet.

2. What data is collected

The Service uses the following categories of data:

Telegram metadata: the numeric chat identifier (chat_id), username, display name, interface language, time of first interaction with the bot. This data is provided by Telegram via the bot API each time the user contacts the bot.
VPN access identifier: a unique UUID generated by the server, used in the connection link (subscription URL). The UUID is not linked to the user's identity.
Total transferred traffic volume (in gigabytes) — to enforce device limits. Not broken down by session, source, or destination.
Time of last connection activity (last_online) — used for diagnostics only.
Active flag (enable) — indicates whether access is currently allowed for a given UUID.
Service mailing history: the fact that an Operator message was sent to a specific chat_id (without the message content).
Application logs of the bot: events and errors. chat_id in logs is hashed. Logs are automatically deleted after 14 days.

3. What data is NOT collected

visited websites and URLs;
user DNS queries;
traffic content (TLS, peer-to-peer connections, and so on);
user IP address on the VPN server side in connection logs (the standard Hiddify configuration does not keep an access log);
phone number, passport data, e-mail, payment card details — the Service does not request and does not accept this information.

4. Where data is stored

Data is stored across two infrastructure components:

The Telegram bot database — on a server physically located within the European Union;
The VPN server (Hiddify) database — on a third-party VPS physically located within the European Union.

The specific hosting provider is not disclosed in order to protect the Service from attacks and blocking.

Data transmission between the servers and the user is protected by TLS.

5. Retention periods

Bot application logs — 14 days from the time of recording;
User account — for as long as the user has active VPN access, plus a 24-hour grace period after unsubscribing from a required channel;
Deletion of an account upon user request — within 7 days of receiving the request.

6. Disclosure to third parties

The Operator does not transfer collected data to third parties for commercial purposes, does not sell it, and does not use it for advertising targeting.

The following technically necessary transfers take place:

interaction between the bot and Telegram via the bot API (Telegram processes user metadata independently under its own policy);
interaction with the hosting provider as part of normal operations.

Data is not transferred upon requests from state authorities unless such transfer is mandatory under the law of the country where the relevant server is located and the Operator has no ability to contest the request. In each such case, the Operator will notify the community to the extent permitted by applicable law.

7. Cookies and tracking

The Service's informational pages (the "Terms of Use" page, the "Privacy Policy" page, and the like) do not use cookies, do not load third-party analytics scripts, and do not transmit visit data to third parties.

The Telegram bot operates within the Telegram platform and has no means of tracking the user beyond it.

8. User rights

The user has the right to:

request from the Operator a copy of the data associated with their chat_id — via the bot;
request deletion of their account and associated data — via the bot;
withdraw consent to data processing by discontinuing use of the Service.

9. Investigation of abuse

In exceptional cases, upon reasonable suspicion that the Service is being used to perform actions listed in Terms, §4, the Operator reserves the right to temporarily (for a period of no more than one hour) enable extended logging on the VPN server in order to identify the source of the abuse.

The decision to enable extended logging is made by the Operator unilaterally. The results are used solely to stop the abuse (deactivation of the offender's UUID) and are not transferred to third parties, except in cases described in §6.

The fact of activation and the reason (category of abuse, without personal details) are recorded by the Operator.

10. Contact with the Operator regarding data

All requests — including requests for a copy of data, account deletion, or withdrawal of consent — are submitted through the Telegram bot: the "✍️ Message admin" button in the main menu.

No other channels of communication are provided — this is part of the data-minimization architecture.