Privacy Policy

Voidly is a network intelligence platform. We provide privacy tools, encrypted relay infrastructure, and publish open censorship intelligence. Privacy is not a feature—it's our entire purpose. Voidly is operated by Ai Analytics LLC, a Texas limited liability company.

We collect the minimum data necessary to improve censorship measurement, and nothing more.

What we do collect:

• Account data (optional): Email or wallet address, account creation date
• Connection metadata: Country code (not city/IP), timestamp, session duration
• Node performance: Latency, throughput, packet loss, connection success/failure
• Censorship events: Blocked connection attempts, DPI detection patterns
• Routing decisions: Which node was selected by AI and why
• Anonymous aggregates: Total users, bandwidth usage (system-wide, not per-user)

What we never collect:

• Browsing history: We don't know what sites you visit
• DNS queries: No logs of domain lookups
• Real IP addresses: Hashed for anonymous rate-limiting, never stored in plain text
• Payment details: We don't collect any payment information — all services are free
• Content: No traffic inspection, no payload logging

Technical implementation: Nodes store no user data. VPN peer configurations are ephemeral — they auto-expire and are cleaned from memory. No browsing logs, no traffic inspection, no persistent user data on any server.

All collected data serves one purpose: improving our models for censorship measurement.

Specifically, we use it to:

• Predict which VPN nodes will work best from your location
• Detect censorship patterns and adapt routing in real-time
• Improve connection success rates for future users
• Identify and respond to new blocking techniques
• Generate public censorship intelligence (country scores, risk tiers, incident reports)
• Monitor system health and performance

We do not sell data, share with advertisers, or use for any purpose beyond model improvement, research publishing, and system operations.

Voidly publishes aggregated censorship intelligence as open data (CC BY 4.0). This includes:

• Country-level scores: Censorship severity, risk tiers, blocking rates
• Incident reports: Verified censorship events with evidence chains
• Platform/ISP metrics: Aggregated blocking data by provider
• ML predictions: Shutdown forecasts, risk assessments

None of this data is personally identifiable. All published data is derived from aggregated, anonymized network measurements. Individual user sessions cannot be reconstructed from our published datasets.

• Active sessions: Metadata kept for session duration only (typically 24 hours)
• Training data: Aggregated, anonymized samples retained indefinitely for model improvement
• Node logs: Ephemeral — peer configs auto-expire, no persistent user data
• User identification: None. We can't link sessions to individuals.

We share ZERO data with third parties for advertising, analytics, or any commercial purpose.

Limited technical sharing:

• Resend: Sends transactional emails (verification, password resets). No marketing emails, ever.
• Cloudflare: Hosts our API (session creation only, no traffic routing)
• VPS providers: Host exit nodes (no user logs, ephemeral peer configs)

None of these parties have access to your browsing activity or real IP address after connection.

If you created an account, we store your email or wallet address and you may request access, correction, or deletion of that data (email privacy@voidly.ai). Deletion requests are processed within 7 days.

However, you have the right to:

• Stop using Voidly: Disconnect at any time
• Request information: Ask what data we hold (account email/wallet if registered, otherwise only anonymous aggregates)
• Verify our claims: Review our published tools and specifications on GitHub
• Object to processing: Don't connect—simple as that

For GDPR/CCPA requests, email: privacy@voidly.ai

We implement:

• Post-quantum WireGuard: ChaCha20-Poly1305 + ML-KEM-768 PresharedKey
• Client-side key generation: Your private key never leaves your device
• End-to-end encryption: Your traffic is encrypted before it leaves your device
• Full IPv6 leak protection: All traffic (IPv4 + IPv6) routed through tunnel
• No persistent user data: Peer configs auto-expire, no browsing logs on any server
• Encrypted telemetry: Performance data transmitted securely
• Published tools: Public code on GitHub

What each product collects:

• VPN: Connection success/failure, latency, server region. NOT destinations, DNS queries, or content.
• Probe contributors: Test results (domain, country, block/no-block). Published by design as open data.
• Email (VoidMail): Encrypted at rest. We cannot read message content. Delivery metadata only.
• Website: Page views, country code. No fingerprinting, no cookies.

Opt-in vs mandatory:

• VPN telemetry: Mandatory while connected (required for routing optimization). Disconnect to stop.
• Probe contributions: Fully voluntary. Uninstall the extension to stop contributing.
• Email: No telemetry beyond delivery metadata.

Third parties in the data flow:

• Cloudflare: DNS, CDN, Worker hosting. Sees IP addresses in transit.
• Railway / Vultr: Backend hosting. Encrypted at rest.
• Resend: Transactional email delivery. Sees recipient addresses.

No data is sold or shared with advertisers, governments, or law enforcement (absent valid legal process).

We offer two browser extensions with different privacy models:

Censorship Monitor Extension:

• Tests 100 pre-defined domains hourly (Twitter, Facebook, VPN sites, etc.)
• Reports results anonymously to our intelligence API
• Collects: Domain test results, country code, timestamps
• Never collects: Browsing history, personal data, DNS queries

Secure Inbox Extension (Beta):

• Stores JWT token locally in browser storage (not on our servers)
• Syncs with voidly.ai to read authentication token
• Fetches encrypted messages from voidmail.ai
• Never collects: Browsing history, message content, personal data

Veil Messenger (iOS & Web PWA):

• Generates a cryptographic identity (DID) locally on device — no phone number or email required
• All messages encrypted end-to-end with Double Ratchet + X25519 (XSalsa20-Poly1305)
• Message content is never readable by Voidly — we store only encrypted ciphertext
• Relay server stores: encrypted message blobs, delivery timestamps, sender/recipient DIDs
• Messages are deleted from relay after delivery (store-and-forward model)
• Voice/video calls use WebRTC peer-to-peer — call content never passes through our servers
• Push notifications (iOS): We receive a device push token from Apple; notification payloads contain no message content
• We do not collect IDFA, IDFV, or any Apple advertising identifiers
• Encryption keys are generated and stored on-device only; we cannot recover them if lost
• Never collects: Message plaintext, call audio/video, contact lists from device, location data

We use no cookies. No Google Analytics. No tracking pixels.

The only browser storage:

• localStorage: Remembers if you've seen the AI explainer (UX only, no tracking)
• sessionStorage: Temporary session state (cleared on browser close)

Voidly does not knowingly collect data from anyone under 13. Since we don't collect personal information, we have no way to verify age. Parents: review this policy and supervise internet use.

We may update this policy as we add features or improve privacy protections. Updates will be posted here with a new "last updated" date.

We will never weaken privacy protections. Only strengthen them.

Questions about privacy?

• Email: privacy@voidly.ai
• Security issues: security@voidly.ai
• GitHub: github.com/voidly-ai