Privacy Policy

green bubbles is a small VPN. We do not log your traffic. We keep the minimum data needed to run your account: an email, payment metadata from Stripe, a per-device identifier so we can enforce device limits, and the IP each device used most recently. That's it.

• Account email. Used to deliver your subscription URL, send invoices, and let you log in.
• Payment information via Stripe. Stripe is our payment processor and stores your card info on their servers. We only see Stripe's customer ID, subscription ID, and payment status, never your card number. stripe.com/privacy.
• Device fingerprint and last-seen IP. When your client (Hiddify, Shadowrocket, etc.) fetches your subscription URL, we hash its User-Agent + your token to a short fingerprint and record the IP the request came from. Used only to enforce your device limit and to let you see which devices are on your account.
• Approximate per-device traffic counters. Aggregated bytes uploaded/downloaded per device, sampled periodically from the proxy server. We do not log destinations, hostnames, or content.
• Operational logs. The proxy server keeps short-lived logs of error messages (auth failures, malformed requests) to keep the service running. These are not associated with your browsing.

• No traffic logs. We do not record the websites you visit, the IP addresses you connect to through the VPN, the contents of your traffic, or DNS queries.
• No third-party analytics on the proxy. The customer-facing pages use Vercel Analytics for aggregate page-view counts. The proxy itself runs no analytics and reports no telemetry to third parties.
• No advertising data.We don't sell, rent, or share your data with advertisers.

• Account email + Stripe IDs: kept while your subscription is active and for up to 12 months after cancellation for tax and refund records, then deleted.
• Device fingerprints + last-seen IPs: kept while your subscription is active. Deleted within 30 days of cancellation or whenever you delete the device from your account.
• Traffic counters: rolling per-period totals, reset each billing period. Old period data is overwritten.
• Audit logs of admin actions on your account: kept for 12 months for security review.

Account data lives in Supabase (Postgres) hosted on AWS US-East. Payments go through Stripe. The proxy nodes themselves are hosted on Vultr in the regions you connect to (Chicago, Tokyo, Singapore at time of writing).

We do not share your data with anyone other than the service providers required to run the service: Stripe (payments), Supabase (database), Vercel (hosting this website), and the VPS providers that host the proxy nodes. Each is bound by their own privacy commitments. We do not respond to bulk data requests; if a valid legal request targets a specific account, we cooperate only to the extent legally required.

• You can request a copy of all data tied to your email.
• You can request deletion at any time. Active subscriptions are cancelled and data is removed within 30 days, except where retention is required by law (tax records, primarily).
• You can revoke specific devices yourself from your account.

Email support@greenbubbles.app for any privacy question, data request, or deletion request. I run this myself and reply personally, typically within a day during US daytime.

If this policy changes, the "Last updated" date at the top of the page changes. Material changes will be emailed to active subscribers.