Introduction
Akca Network OÜ ("we", "us", "our") operates akca.network and provides blockchain-based VPN services. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Estonian law.
Our core principle: We collect as little personal data as possible to provide our service. Privacy is a fundamental right, and our entire architecture is designed to protect your anonymity.
1. Data Controller
Akca Network OÜ is the data controller responsible for your personal data.
2. What Personal Data We Collect
2.1 Data We DO NOT Collect
- ❌ Browsing activity - We never see what websites you visit
- ❌ Connection logs - No timestamps, duration, or IP addresses
- ❌ DNS queries - Your DNS requests are not recorded
- ❌ Traffic data - We don't log your internet usage
- ❌ User identifiers - No usernames, passwords, or email addresses (unless you contact support)
2.2 Data We DO Collect
A. Blockchain Data (Public & Decentralized)
- NFT mint address - Public on Solana blockchain
- Wallet address - Only visible during connection (not stored)
- Transaction history - Public blockchain records
- NFT metadata - Subscription expiry, access tier
Important
Legal basis: Legitimate interest (providing the service)
Retention: Permanent (blockchain is immutable)
Note: This data is public and not under our control
B. Payment Data (For Original NFT Mint Only)
If you pay with SOL (only payment method):
- Transaction signature (public on blockchain)
- Amount and wallet address (public on blockchain)
- NFT mint address (public on blockchain)
Important
All payment data is stored on the Solana blockchain (public, immutable, decentralized). We do not store any payment information on our servers.
No fiat processors = No payment data that can be subpoenaed from us
C. Website Analytics (Minimal)
- Nginx logs: Request URL, status code, timestamp (no IP addresses)
- Retention: 5 minutes, then permanently deleted
- Aggregate stats: Total requests, response codes (no personal data)
D. Support Communications (Only If You Contact Us)
- Email address - If you email contact@akca.network
- Email content - Your message and our responses
- Attachments - Logs, screenshots you provide
Legal basis: Consent (you chose to contact us)
Retention: 70 days, then permanently deleted
Note: Plain-text email is insecure. Use PGP if privacy is critical.
E. App Telemetry (Minimal & Anonymous)
- App version - For update notifications
- Operating system - macOS/Windows/Linux version
- Connection errors - Generic error codes (no user IDs)
3. How We Use Your Personal Data
We use your personal data only for:
- Providing the VPN service - Verifying NFT ownership, connecting you to servers
- Payment processing - Handling NFT mints and subscription payments
- Customer support - Responding to your emails (if you contact us)
- Service improvement - Aggregate analytics to improve performance
- Legal compliance - Accounting requirements, responding to valid court orders
- Security - Preventing abuse, DDoS attacks, and system exploitation
We never
- Sell your data to third parties
- Use your data for advertising
- Share your data with partners (except payment processors)
- Profile or track you across the internet
4. Legal Basis for Processing
Under GDPR Article 6, we process your personal data based on:
- Contract (Art. 6(1)(b)) - To provide you with VPN service
- Legal obligation (Art. 6(1)(c)) - Accounting records, anti-money laundering
- Legitimate interest (Art. 6(1)(f)) - Service reliability, security, abuse prevention
- Consent (Art. 6(1)(a)) - When you email us for support
5. Data Sharing & Third Parties
We share your personal data only with:
5.1 Blockchain (Solana)
- Solana blockchain - Public, decentralized (not a traditional "processor")
- All payment transactions are public on-chain
- We don't control blockchain data
5.2 Email Service Provider
We use [Provider Name] for support emails. They process emails on our behalf (GDPR Data Processing Agreement in place)
5.3 Law Enforcement (Only When Legally Required)
- We respond to valid court orders from Estonian courts
- We notify users when legally permitted
- We provide only data we actually possess (which is minimal)
We do NOT share data with
- Payment processors (we don't use any)
- Advertisers or data brokers
- Social media platforms
- Analytics companies (we self-host analytics)
- Other VPN providers
6. International Data Transfers
Akca Network is based in Estonia (EU). Your data stays within the EU/EEA unless:
Solana blockchain (Global):
- Decentralized, no single jurisdiction
- Public data, not subject to GDPR protections
- Transactions are globally distributed
Your NFT verification and VPN usage data never leave our EU servers.
We don't use any non-EU third-party services for payments or user data processing.
7. Data Retention Periods
| Data Type |
Retention Period |
Reason |
| Browsing activity |
Never collected |
No-logs policy |
| Connection logs |
Never collected |
No-logs policy |
| NFT verification |
RAM only (seconds) |
Technical requirement |
| Payment records |
On blockchain (permanent) |
Public blockchain data |
| Support emails |
70 days |
User assistance |
| Website logs |
5 minutes |
Service reliability |
| App telemetry |
Aggregate only |
Anonymous statistics |
Note: After retention periods end, data is permanently deleted and cannot be recovered. Blockchain data is immutable and public - we don't control its retention.
8. Your Rights Under GDPR
You have the following rights:
8.1 Right of Access (Art. 15)
Request a copy of your personal data we hold.
8.2 Right to Rectification (Art. 16)
Correct inaccurate personal data.
8.3 Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten").
Limitations
- Blockchain data cannot be deleted (immutable by design)
- Support emails older than 70 days are automatically deleted anyway
8.4 Right to Restriction (Art. 18)
Request we stop processing your data (but not delete it).
8.5 Right to Data Portability (Art. 20)
Receive your personal data in a machine-readable format.
8.6 Right to Object (Art. 21)
Object to processing based on legitimate interest.
8.7 Right to Withdraw Consent (Art. 7(3))
If you contacted support, you can withdraw consent for us to process your emails.
8.8 Right to Lodge a Complaint (Art. 77)
Complain to the Estonian Data Protection Inspectorate.
9. Security Measures
We protect your personal data using:
- 🔒 End-to-end encryption - WireGuard protocol, AES-256
- 🔒 TLS/SSL - All website communications encrypted
- 🔒 Secure servers - EU-based, physically secured datacenters
- 🔒 Access controls - Minimal staff access, multi-factor authentication
- 🔒 Regular audits - Security assessments and penetration testing
- 🔒 Data minimization - Collect only essential data
Data Breach Procedures
No security is perfect. If we experience a data breach:
- We notify the Estonian Data Protection Inspectorate (within 72 hours)
- We notify affected users (if high risk)
- We take immediate action to contain the breach
10. Cookies
We use minimal cookies:
| Cookie |
Purpose |
Duration |
Type |
| session_id |
Keep you logged into dashboard |
Session |
Strictly necessary |
| wallet_connected |
Remember wallet connection |
24 hours |
Functional |
We do NOT use:
- Advertising cookies
- Tracking cookies
- Third-party analytics cookies
11. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our service
- Changes in GDPR or Estonian law
- Feedback from users or regulators
When we make significant changes:
- We update the "Last updated" date above
- We notify users via email (if we have your email)
- We post an announcement on our website
Continued use of our service after changes constitutes acceptance.