No-Logging of User Activity Policy

Policy Overview

The underlying policy of Akca Network is that we never store any activity logs of any kind. We strongly believe in having a minimal data retention policy because we want you to remain anonymous.

However, in some situations we might process your personal data if you, for example, are making payments through our NFT marketplace, or are sending an e-mail for support. In those cases, we might process your personal data and the General Data Protection Regulation ("GDPR") and other data protection laws may apply. For more information please read our Privacy Policy.

Our Anonymous, NFT-Gated Accounts

We want you to remain truly anonymous. When you use Akca Network, we do not ask for any personal information -- no username, no password, no email address, no phone number. Instead, you mint an NFT (Genesis Pass or AkcaPass) on the Solana blockchain. This NFT is your access key and the only identifier needed to use Akca Network.

This is a fundamental difference that sets us apart from traditional VPN services.

How it works:

Connect your Solana wallet (Phantom, Solflare, etc.)
Mint your Access NFT - This NFT is stored in your wallet, not on our servers
Verify ownership - Our app cryptographically verifies your NFT ownership
Connect anonymously - No account creation, no personal data shared

Key properties:

Your NFT is your identity - We never see who you are, only that you own a valid NFT
Transferable access - You can sell, trade, or transfer your NFT at any time
No correlation - There is no way to link your NFT purchase to your VPN usage
Multiple users - An NFT can be used by multiple people or transferred to anyone

Question: How many NFT holders does Akca Network have?

Answer: We cannot know this information. The Solana blockchain is public and anyone can verify NFT ownership, but we have no way to know how many unique individuals own our NFTs or who they are. One person could own 100 NFTs, or 100 people could own one NFT each - this information is unknowable to us by design.

Data That We Store for NFT Verification

When you connect to Akca Network, our servers only verify your NFT ownership on the Solana blockchain. Here's what we process:

Real-time verification (RAM only, never stored to disk):

nft_mint_address  | verification_timestamp | connection_status
BvGH...3KmN       | 2024-12-16 15:23:41   | verified

This data exists only in temporary memory (RAM) and is never written to disk. When your session ends, this information is immediately erased.

NFT subscription data (on-chain, public):

The following information exists on the Solana blockchain (publicly visible to anyone):

NFT mint address
Current owner wallet address
Subscription expiry date (stored in NFT metadata)
Transfer history (blockchain records)

Important

This data is not stored on our servers. It exists on the public Solana blockchain. We only read it to verify access.

How We Handle Payment Information

Akca Network offers two access methods, each with different payment handling:

1. NFT Mint (Primary Sale)

When you mint a Genesis Pass or AkcaVPN Standard NFT directly from us:

Payment method:

Solana blockchain only (SOL payments - fully decentralized)
Pure crypto = Maximum privacy

What we store:

For SOL payments (on-chain, public data):

transaction_signature | nft_mint_address | amount_sol | timestamp
5KmN...7xBC          | BvGH...3KmN      | 0.5        | 2024-12-16 10:00:00

Important

This data is not stored on our servers. It exists on the public Solana blockchain. Anyone can verify these transactions, but they cannot link them to your real identity.

Legal basis: Legitimate interest (providing the service)
Retention: Permanent (blockchain is immutable)
GDPR status: Blockchain transactions are public and not under our control

2. Serial Number Plans (Stripe)

For users who prefer traditional payment methods, we offer serial number-based access via Stripe:

Stripe processes card payments as our GDPR-compliant payment processor
We store only: account identifier (16-digit serial number), plan type, and expiry date
We do not store credit card numbers, CVVs, or full billing details
Your IP address may be collected by Stripe during the payment transaction for fraud prevention

Payment IP vs. Connection IP

When purchasing a serial number plan, your IP address at the time of payment may be recorded by Stripe for fraud prevention and regulatory compliance. This is standard for all online payment processors.

This has no relation to your VPN usage. Once you connect to AkcaVPN, our strict no-logs policy applies in full -- we do not log your connection IP address, browsing activity, DNS queries, timestamps, bandwidth, or any traffic whatsoever. Your payment IP and your VPN connection activity are completely separate and never linked.

3. Secondary Market Purchases

If you buy an NFT from another user on Magic Eden, Tensor, or any marketplace:

We have zero visibility into this transaction
The blockchain records the transfer, but we don't know who bought it
Your VPN access remains completely anonymous

This is a key advantage: Once an NFT is minted, it can change hands unlimited times without us ever knowing. The original buyer could sell to 50 different people, and we would have no way to track this.

Information That We Do NOT Log

We log nothing whatsoever that can be connected to an NFT holder's activity:

No logging of traffic - We never see what websites you visit
No logging of DNS requests - Your DNS queries are encrypted and not recorded
No logging of connections - We don't log when you connect, disconnect, or for how long
No logging of timestamps - Connection times are not stored
No logging of IP addresses - Your real IP is never recorded
No logging of bandwidth - We don't track your data usage
No logging of account activity - Except real-time simultaneous connections (see below)

Our WireGuard server configuration:

[Interface]
PostUp = echo "No logs, by design" > /dev/null
PostDown = echo "Still no logs" > /dev/null

[Logging]
Level = NONE
Storage = /dev/null

Question: How can you limit simultaneous connections if you're not logging?

Answer: Each VPN server validates NFT ownership with our central API in real-time. When a user connects, the server checks:

Is this NFT valid? (on-chain verification)
Does this NFT have time remaining? (metadata check)
Has this NFT reached the connection limit? (RAM-only counter)

Everything is performed in temporary memory (RAM) only. None of this information is permanently stored to disk. We cannot tell you how many connections your NFT had 5 minutes ago because that data no longer exists.

Providing a Reliable Service

We want to ensure everyone using Akca Network experiences a reliable and stable service.

Rate limiting & abuse prevention:

We use Fail2ban on our WireGuard servers to prevent brute-force attacks and abuse. This works by maintaining a temporary RAM-only list (tmpfs) of malicious IP addresses that:

Attempt invalid NFT verification repeatedly
Try to exploit the system
Show patterns of DDoS attacks

Important

Valid NFT holders are never included in this list
Successful connections are not logged
The blocklist is wiped frequently (exists only in volatile memory)
Only malicious actors attempting system abuse are temporarily blocked

Question: Does that mean if I try to connect, my IP address will be logged?

Answer: No. We do not log customers with valid NFTs. This protection is limited to bad actors trying to exploit the system with invalid NFT addresses or attempting to overload our servers.

Other Data That We Do Handle

Our infrastructure collects aggregated, anonymized metrics for service reliability:

Server monitoring (no personal data):

- Total active VPN connections across all servers
- CPU load per server
- Total bandwidth per server
- Memory usage
- Server uptime

We log the sum total of these statistics to monitor the health of each VPN server. We ensure the system isn't overloaded and monitor for potential attacks, bugs, or network issues.

We also monitor the real-time state of total connections per NFT (maximum 5 simultaneous connections). As we do not save this information, we cannot tell you how many connections your NFT had in the past.

Website analytics:

We store Nginx logs for maximum 5 minutes in this format (no IP addresses):
```
$server_name [$time_local] $request $status
```
Information older than 5 minutes is automatically deleted
Only aggregated data (request counts, response codes) is retained
We do NOT use Google Analytics or any third-party tracking
Our website uses minimal cookies (see Cookie Policy)

How We Handle Emails and Problem Reports

Our support team answers questions and resolves issues for users who email contact@akca.network or submit problem reports through our app.

Please consider the following:

Email retention:

Plain-text email is not secure - If privacy is critical, use PGP encryption
After resolving a support case, emails are archived (removed from inbox)
After 70 days, all support emails are permanently deleted (from all folders)
No personal information will be shared with third parties (except our email service provider)

Problem reports via app:

When you submit a bug report through the Akca app, we collect:

App version
Operating system version
Error logs (sanitized - no personal data)
Connection debug info (no IP addresses or user identifiers)

Note: Email addresses are personal data under GDPR. If you email us, we process it according to our Privacy Policy.

Our recommendation:

If you need support but want to stay anonymous:

Create a throwaway email address (ProtonMail, Tutanota, etc.)
Don't include your wallet address in the email
Use generic descriptions ("my NFT isn't connecting" vs. "my NFT BvGH...3KmN isn't working")

App Telemetry & Updates

Version checks:

The Akca app automatically checks for updates to ensure security. This sends:

App version
Operating system version
No user identifiers, no wallet addresses, no connection data

We keep aggregate counters on:

Number of users per app version (total count, not individuals)
Operating system distribution (macOS 13, 14, etc.)

This data cannot identify individual users.

Split tunneling (future feature):

If we implement split tunneling on mobile apps, the app will query your device for installed applications to let you choose which apps bypass the VPN. This list never leaves your device.

Browser integration (future):

If we release browser extensions or integrated browsers:

Extension updates will be hosted on our servers
DNS over HTTPS (DoH) queries will route through Akca Network
No personal information collected for updates or DoH
Filter list updates (uBlock Origin style) will be from third parties
No telemetry, no tracking, no data collection

Jurisdiction & Legal Notes

Akca Network OU is incorporated in Estonia and operates under:

Estonian law (no mandatory data retention for VPNs)
EU GDPR (strict privacy protections)
Solana blockchain (decentralized, immutable records)

Estonian law does not require VPN providers to log user activity. Should any authority request user data, we will:

Verify the legal validity of the request
Notify affected users if legally permitted
Provide only data we actually possess (which is minimal by design)
Challenge overly broad or legally questionable requests

Important

Because of our no-logs policy and blockchain-based authentication, we cannot identify individual users even if legally compelled to do so. We cannot disclose data that we do not have.

All Policies:

For complete information about how we handle data:

Privacy Policy - GDPR compliance and data processing
Terms of Service - Usage rules and prohibited activities
Abuse & DMCA Policy - How we handle abuse reports and copyright claims

Contact

Akca Network OU
Registry Code: 17404115
Address: Harju maakond, Tallinn, Pohja-Tallinna linnaosa, Telliskivi tn 57, 10412

Email: contact@akca.network
Abuse: abuse@akca.network