PRIVACY / TRANSPARENCY

Privacy & Transparency

How HideGuard minimizes data, processes technical information and keeps the service transparent.

Status Public policy
Last updated 27 May 2026
Service HideGuard
Contact Canary & PGP

About the service

HideGuard provides access to protected network configurations through a personal dashboard and subscription system.

This policy describes what data may be processed when creating an account, making payments, issuing configurations, using the service and contacting support.

Data minimization

We follow a minimal data retention principle.

Only information required for the following purposes is stored:

  • providing the service;
  • issuing configurations;
  • tracking traffic, limits and service status;
  • processing payments;
  • protecting the infrastructure from abuse.

We do not keep:

  • visited website history;
  • behavioral activity analysis;
  • traffic contents;
  • DNS history;
  • persistent connection logging;
  • targeted monitoring of users.

Telegram bot

If a user interacts with the service through a Telegram bot, the following data may be stored:

  • Telegram ID;
  • Telegram username;
  • service information;
  • issued configurations;
  • traffic usage;
  • plan and payment history.

This data is used only for service automation and user support.

Website and accounts

When an account is created, a unique identifier is generated. Modern hashing algorithms are used to protect account access data.

Only identifier hashes and technical data required for service operation are stored in the database.

The following may be stored:

  • account ID;
  • authorization key hash;
  • account creation date;
  • last login time;
  • account status;
  • plan history;
  • payment history;
  • technical service parameters.

Sensitive data is not stored in plain text. The raw access key is shown only once when the account is created.

Subscription data

To issue, activate and manage access, technical subscription data may be processed:

  • selected plan code and name;
  • subscription status;
  • access start, expiration or disable dates;
  • device limit and plan parameters;
  • technical identifier of the remote access profile;
  • technical name of the access profile;
  • subscription link or its issuing status.

This data is used to provide the service, show status in the dashboard and manage access.

Payment data

When an invoice is created or paid, the following data may be stored:

  • invoice/order ID;
  • account ID associated with the invoice;
  • selected plan and a snapshot of plan terms at the time of payment;
  • amount, currency and payment method;
  • payment provider and payment status;
  • payment provider transaction identifier, transaction hash or tx hash when applicable;
  • confirmations and required confirmations for crypto payments;
  • payment address and amount in crypto units when a crypto invoice is used;
  • invoice creation, expiration, payment, processing or cancellation dates.

Technical responses from a payment provider may be stored to verify payment status and handle disputes. HideGuard does not request or store bank card details. Payment provider secrets and internal technical responses are not shown to users.

Support data

When contacting support, the following may be stored:

  • ticket ID;
  • ticket category;
  • subject and message text;
  • ticket status and priority;
  • related invoice/order when the request concerns a payment;
  • user, administrator and system replies;
  • ticket creation, update and close dates.

Support messages are used only to process requests, diagnose issues and protect the account.

Technical data

The infrastructure may technically process:

  • connection IP;
  • connection time;
  • amount of transferred data;
  • technical device identifier or HWID when using an Xray VLESS subscription to count connected devices.

This data is not used to analyze user activity, is not transferred to third parties and is not retained longer than required for service stability and protection.

Logging

System logs may temporarily contain technical events:

  • connection errors;
  • service failures;
  • diagnostic data;
  • information about infrastructure stability.

Logs are not used to track user actions, contain only the minimum necessary technical information and are removed after a limited retention period.

Data retention

Different types of data are retained for limited periods:

  • technical logs - temporarily, only for diagnostics;
  • account data - while the service is used;
  • payment data - for transaction processing and payment records.

When data is no longer needed, it may be deleted or anonymized.

Data deletion

A user may request deletion of account data.

After deletion:

  • the account is deactivated;
  • access keys become invalid;
  • related data is deleted or anonymized where possible without breaking payment records and security requirements.

Data access

Access to data is limited to technical service personnel.

The following principles are applied:

  • minimum necessary access;
  • separation of roles;
  • limited access area to infrastructure.

Infrastructure protection

To keep the service stable, the following may be used:

  • automatic connection limits;
  • anti-abuse mechanisms;
  • filtering of anomalous activity;
  • temporary technical restrictions.

These measures are used to protect the infrastructure and users.

No profiling

The service does not create behavioral profiles of users and does not use data for marketing, analytics or targeting.

Third-party data transfers

User data is not sold or transferred to third parties.

Exceptions are possible only as part of third-party payment systems or technical infrastructure required for service operation.

Transparency and protected access

The website is designed with minimal client-side technology. Core functionality is available without JavaScript, which reduces attack surface, excludes third-party trackers, lowers fingerprinting and improves compatibility with privacy-focused browsers.

If an onion address is published, the service may be available through Tor for additional access privacy. Monero may be used as a private payment method when enabled among available payment methods.

The public PGP key may be used for protected communication, encrypted requests and verification of service messages. The website may also publish a Warrant Canary - a regular public statement confirming the absence of hidden data requests, monitoring requirements or known infrastructure compromises that can be publicly disclosed.

Open Canary & PGP

Transparency

HideGuard is designed to minimize trust in the infrastructure operator.

We try to limit data collection and retention as much as possible without harming service operation and infrastructure security.

We avoid broad marketing claims such as absolute anonymity. Instead, we describe specific data categories, why they are processed and how retention is limited to technical necessity.

Limits of guarantees

Despite modern privacy and security technologies, no network service can guarantee absolute anonymity or complete unlinkability of actions on the internet.

The service should be treated as a tool for improving privacy and connection resilience. Third-party tools, including Tor, may be used for additional anonymity.

This document is published for transparency and does not replace independent legal advice.