Privacy Policy

Voidly is a nonprofit censorship research network. We provide free privacy tools and publish open censorship intelligence. Privacy is not a feature—it's our entire purpose.

We collect the minimum data necessary to train our AI, and nothing more.

What we do collect:

• Account data (optional): Email or wallet address, account creation date
• Connection metadata: Country code (not city/IP), timestamp, session duration
• Node performance: Latency, throughput, packet loss, connection success/failure
• Censorship events: Blocked connection attempts, DPI detection patterns
• Routing decisions: Which node was selected by AI and why
• Anonymous aggregates: Total users, bandwidth usage (system-wide, not per-user)

What we never collect:

• Browsing history: We don't know what sites you visit
• DNS queries: No logs of domain lookups
• Real IP addresses: Stripped after initial routing decision
• Payment details: Stripe handles payments, we never see card numbers
• Content: No traffic inspection, no payload logging

Technical implementation: Exit nodes run in RAM-only mode with no persistent storage. Even if a government seized our servers, there would be no user data to find.

All collected data serves one purpose: training our AI to document and measure censorship.

Specifically, we use it to:

• Predict which VPN nodes will work best from your location
• Detect censorship patterns and adapt routing in real-time
• Improve connection success rates for future users
• Identify and respond to new blocking techniques
• Generate public censorship intelligence (country scores, risk tiers, incident reports)
• Monitor system health and performance

We do not sell data, share with advertisers, or use for any purpose beyond AI training, research publishing, and system operations.

Voidly publishes aggregated censorship intelligence as open data (CC BY 4.0). This includes:

• Country-level scores: Censorship severity, risk tiers, blocking rates
• Incident reports: Verified censorship events with evidence chains
• Platform/ISP metrics: Aggregated blocking data by provider
• ML predictions: Shutdown forecasts, risk assessments

None of this data is personally identifiable. All published data is derived from aggregated, anonymized network measurements. Individual user sessions cannot be reconstructed from our published datasets.

• Active sessions: Metadata kept for session duration only (typically 24 hours)
• Training data: Aggregated, anonymized samples retained indefinitely for model improvement
• Node logs: Ephemeral (RAM-only), wiped on reboot
• User identification: None. We can't link sessions to individuals.

We share ZERO data with third parties for advertising, analytics, or any commercial purpose.

Limited technical sharing:

• Resend: Sends transactional emails (verification, password resets). No marketing emails, ever.
• Cloudflare: Hosts our API (session creation only, no traffic routing)
• VPS providers: Host exit nodes (no logs, RAM-only)

None of these parties have access to your browsing activity or real IP address after connection.

Since we don't collect identifiable data, there's nothing to access, correct, or delete.

However, you have the right to:

• Stop using Voidly: Disconnect at any time, no account to delete
• Request information: Ask what data we theoretically could have (answer: only anonymous aggregates)
• Verify our claims: Audit our open-source code on GitHub
• Object to processing: Don't connect—simple as that

For GDPR/CCPA requests, email: [email protected]

We implement:

• WireGuard encryption: Industry-standard VPN protocol
• Zero-knowledge architecture: We can't see what you do online
• RAM-only nodes: No persistent logs, ever
• Encrypted telemetry: Performance data transmitted securely
• Open-source code: Public audit trail on GitHub

We offer two browser extensions with different privacy models:

Censorship Monitor Extension:

• Tests 100 pre-defined domains hourly (Twitter, Facebook, VPN sites, etc.)
• Reports results anonymously to our intelligence API
• Collects: Domain test results, country code, timestamps
• Never collects: Browsing history, personal data, DNS queries

Secure Inbox Extension (Beta):

• Stores JWT token locally in browser storage (not on our servers)
• Syncs with voidly.ai to read authentication token
• Fetches encrypted messages from mail.voidly.ai
• Never collects: Browsing history, message content, personal data

We use no cookies. No Google Analytics. No tracking pixels.

The only browser storage:

• localStorage: Remembers if you've seen the AI explainer (UX only, no tracking)
• sessionStorage: Temporary session state (cleared on browser close)

Voidly does not knowingly collect data from anyone under 13. Since we don't collect personal information, we have no way to verify age. Parents: review this policy and supervise internet use.

We may update this policy as we add features or improve privacy protections. Updates will be posted here with a new "last updated" date.

We will never weaken privacy protections. Only strengthen them.

Questions about privacy?

• Email: [email protected]
• Security issues: [email protected]
• GitHub: github.com/voidly-ai