Privacy Policy

PeerGate is a network management platform, not a surveillance tool. We do not:

• Log, inspect, or store your network traffic content
• Record your browsing history or DNS queries
• Perform deep packet inspection (DPI)
• Track websites you visit through our network
• Sell or share any data with advertisers

• Account management and authentication (including two-factor authentication)
• Billing, invoicing, and payment verification
• VPN connection provisioning, monitoring, and maintenance
• Security monitoring: audit logs, session tracking, and login anomaly detection (new IP alerts)
• Customer support ticket handling
• Service-related email notifications (subscription expiry, connection status alerts, billing reminders)

We take data security seriously. Your data is protected by:

• Encryption at rest: sensitive fields (TOTP secrets, VPN keys, backup codes) are encrypted using AES/Fernet encryption
• Authentication tokens: refresh tokens stored in httpOnly, Secure cookies; access tokens held in memory only — never in localStorage
• Transport security: all data transmitted over TLS (HTTPS)
• Password hashing: passwords are hashed using industry-standard algorithms and are never stored in plaintext
• Rate limiting: login attempts, OTP verification, and API endpoints are rate-limited to prevent brute-force attacks

• Account data is retained as long as your account is active
• Audit logs (login events, password changes) are retained for 90 days
• Billing records (invoices, payment proofs) are retained as required by applicable law
• Upon account deletion request, all personal data is removed within 30 days, except where retention is required by law

We use a limited number of third-party services to operate the platform:

• Infrastructure providers: server hosting for VPN nodes (data processed in-region)
• Email delivery: transactional emails only (verification codes, notifications) — we do not send marketing emails
• Payment processing: bank transfer — no third-party payment processor handles your financial data

We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes.

You have the following rights regarding your personal data:

• Access: view all your data through the dashboard (profile, connections, billing, audit log)
• Correction: update your personal information at any time from your profile settings
• Deletion: request complete deletion of your account and associated data
• Export: request a copy of your data in a standard format
• Withdraw consent: disable optional features like email notifications at any time

To exercise these rights, contact us at [email protected].

We use minimal cookies and browser storage, strictly for functionality:

• Refresh token: httpOnly, Secure cookie — essential for maintaining your session. Cannot be accessed by JavaScript.
• Language preference: stored in localStorage — remembers your chosen language (English or Arabic).
• Session ID: stored in localStorage — used to identify your current session in the active sessions list.

We do not use tracking cookies, analytics cookies, or any third-party cookies.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or an in-app announcement. Continued use of the platform after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

Email: [email protected]