Privacy Policy for "strongSwan VPN Client for Android"

Information we collect

The app strongSwan VPN Client for Android does not collect any user data or transmit any data to us.

Log files

The app provides a feature to send the latest log file via email. The default email address configured for this is our contact address (the user is, of course, free to change it). Any log file sent to us by this means will be handled with care (log files do not contain any highly sensitive information in the first place).

Information shared with VPN server providers

Important: We don't provide any VPN servers ourselves.

The app does not share any information with VPN servers other than what users configure in the VPN profiles themselves (username, password, client certificate, user/server identities). All this data is sent encrypted, however, identities are sent before authenticating the server. Hashes of passwords (or the plaintext password if EAP-GTC is used) are only sent after successfully verifying the server's certificate and identity.

Users using a third-party VPN provider are advised to consult the provider's privacy policy for details on what connection information is logged or what the log retention time is.

CA certificate hashes

If the VPN profile is configured for automatic CA certificate selection, hashes of the public keys of all CA certificates installed on the device are sent to the server (encrypted). If a specific CA certificate is selected, only its hash is sent. If a server certificate is selected, no certificate hashes are sent. Since 1.9.0, sending certificate requests may be disabled completely in the profile settings.

Traffic sent via VPN

When connected to a VPN server, a user's traffic may be analyzed and collected by the VPN server provider. Users using a third-party VPN provider are advised to consult the provider's privacy policy for details, and to only use encrypted connections (e.g. HTTPS) even when connected to the VPN.

VPN connections using EAP-TNC

If users connect to a VPN server that requires EAP-TNC authentication (and only then), information about the user's device may be shared with the server. These are (depending on what the server requests) the Android version, a unique device ID, the installed apps (name and version), open network ports, and whether non-market apps may be installed on the device.