Our Mission Launch App
Home / Legal / Privacy Policy

Privacy Policy

GDPR-compliant privacy policy. We collect minimal data by design. Privacy is a fundamental right, and our entire architecture is designed to protect your anonymity.

Last Updated: February 20, 2026

Introduction

Akca Network OU ("we", "us", "our") operates akca.network and provides blockchain-based VPN services. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Estonian law.

Our core principle: We collect as little personal data as possible to provide our service. Privacy is a fundamental right, and our entire architecture is designed to protect your anonymity.

1. Data Controller

Akca Network OU is the data controller responsible for your personal data.

Contact details:
Email: contact@akca.network
Address: Harju maakond, Tallinn, Pohja-Tallinna linnaosa, Telliskivi tn 57, 10412

Supervisory Authority:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: https://www.aki.ee/en
Email: info@aki.ee

2. What Personal Data We Collect

2.1 Data We DO NOT Collect

  • Browsing activity - We never see what websites you visit
  • Connection logs - No timestamps, duration, or IP addresses
  • DNS queries - Your DNS requests are not recorded
  • Traffic data - We don't log your internet usage
  • User identifiers - No usernames, passwords, or email addresses (unless you contact support)

2.2 Data We DO Collect

A. Blockchain Data (Public & Decentralized)

  • NFT mint address - Public on Solana blockchain
  • Wallet address - Only visible during connection (not stored)
  • Transaction history - Public blockchain records
  • NFT metadata - Subscription expiry, access tier
Important

Legal basis: Legitimate interest (providing the service)
Retention: Permanent (blockchain is immutable)
Note: This data is public and not under our control

B. Payment Data

NFT Access (SOL payments):

  • Transaction signature (public on blockchain)
  • Amount and wallet address (public on blockchain)
  • NFT mint address (public on blockchain)
NFT Payments

All NFT payment data is stored on the Solana blockchain (public, immutable, decentralized). We do not store any blockchain payment information on our servers.

Serial Number Plans (Stripe):

  • Stripe processes card payments on our behalf
  • We store only: account identifier, plan type, and expiry date
  • We do not store credit card numbers, CVVs, or full billing details
  • Stripe handles PCI-DSS compliance as our payment processor
  • Your IP address may be collected by Stripe during the payment transaction for fraud prevention and legal compliance
IP Address Disclosure

When you purchase a serial number plan via Stripe, your IP address at the time of purchase may be recorded by Stripe as part of their fraud prevention and regulatory obligations. This is standard practice for all online payment processors.

However, this only applies to the payment transaction itself. Your VPN connection IP addresses and browsing activity are never logged. Once you connect to AkcaVPN, our strict no-logs policy applies -- we do not record your connection IP, traffic, DNS queries, or any activity whatsoever.

See Stripe's Privacy Policy for details on their data handling.

C. Website Analytics (Minimal)

  • Nginx logs: Request URL, status code, timestamp (no IP addresses)
  • Retention: 5 minutes, then permanently deleted
  • Aggregate stats: Total requests, response codes (no personal data)

D. Support Communications (Only If You Contact Us)

  • Email address - If you email contact@akca.network
  • Email content - Your message and our responses
  • Attachments - Logs, screenshots you provide

Legal basis: Consent (you chose to contact us)
Retention: 70 days, then permanently deleted
Note: Plain-text email is insecure. Use PGP if privacy is critical.

E. App Telemetry (Minimal & Anonymous)

  • App version - For update notifications
  • Operating system - macOS/Windows/Linux version
  • Connection errors - Generic error codes (no user IDs)

3. How We Use Your Personal Data

We use your personal data only for:

  1. Providing the VPN service - Verifying NFT ownership, connecting you to servers
  2. Payment processing - Handling NFT mints and subscription payments
  3. Customer support - Responding to your emails (if you contact us)
  4. Service improvement - Aggregate analytics to improve performance
  5. Legal compliance - Accounting requirements, responding to valid court orders
  6. Security - Preventing abuse, DDoS attacks, and system exploitation
We never
  • Sell your data to third parties
  • Use your data for advertising
  • Share your data with partners (except payment processors)
  • Profile or track you across the internet

5. Data Sharing & Third Parties

We share your personal data only with:

5.1 Blockchain (Solana)

  • Solana blockchain - Public, decentralized (not a traditional "processor")
  • All payment transactions are public on-chain
  • We don't control blockchain data

5.2 Email Service Provider

We use Spacemail by Spaceship Inc. for support emails. They process emails on our behalf (GDPR Data Processing Agreement in place).

5.3 Law Enforcement (Only When Legally Required)

  • We respond to valid court orders from Estonian courts
  • We notify users when legally permitted
  • We provide only data we actually possess (which is minimal)

5.4 Payment Processor (Stripe)

For serial number plan purchases, Stripe processes payments on our behalf (GDPR Data Processing Agreement in place). Stripe receives only the data necessary to process your payment.

We do NOT share data with
  • Advertisers or data brokers
  • Social media platforms
  • Analytics companies (we self-host analytics)
  • Other VPN providers

6. International Data Transfers

Akca Network is based in Estonia (EU). Your data stays within the EU/EEA unless:

Solana blockchain (Global):

  • Decentralized, no single jurisdiction
  • Public data, not subject to GDPR protections
  • Transactions are globally distributed

Your NFT verification and VPN usage data never leave our EU servers.

We don't use any non-EU third-party services for payments or user data processing.

7. Data Retention Periods

Data Type Retention Period Reason
Browsing activity Never collected No-logs policy
Connection logs Never collected No-logs policy
NFT verification RAM only (seconds) Technical requirement
Payment records On blockchain (permanent) Public blockchain data
Support emails 70 days User assistance
Website logs 5 minutes Service reliability
App telemetry Aggregate only Anonymous statistics

Note: After retention periods end, data is permanently deleted and cannot be recovered. Blockchain data is immutable and public -- we don't control its retention.

8. Your Rights Under GDPR

You have the following rights:

8.1 Right of Access (Art. 15)

Request a copy of your personal data we hold.

8.2 Right to Rectification (Art. 16)

Correct inaccurate personal data.

8.3 Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Limitations
  • Blockchain data cannot be deleted (immutable by design)
  • Support emails older than 70 days are automatically deleted anyway

8.4 Right to Restriction (Art. 18)

Request we stop processing your data (but not delete it).

8.5 Right to Data Portability (Art. 20)

Receive your personal data in a machine-readable format.

8.6 Right to Object (Art. 21)

Object to processing based on legitimate interest.

8.7 Right to Withdraw Consent (Art. 7(3))

If you contacted support, you can withdraw consent for us to process your emails.

8.8 Right to Lodge a Complaint (Art. 77)

Complain to the Estonian Data Protection Inspectorate.

To exercise your rights:
Email contact@akca.network with:

  • Your request (access, deletion, etc.)
  • Proof of identity, crypto wallet (to prevent fraud)
  • Your NFT mint address or wallet (if applicable)

Response time: 30 days (GDPR requirement)

9. Security Measures

We protect your personal data using:

  • End-to-end encryption - WireGuard protocol, AES-256
  • TLS/SSL - All website communications encrypted
  • Secure servers - EU-based, physically secured datacenters
  • Access controls - Minimal staff access, multi-factor authentication
  • Regular audits - Security assessments and penetration testing
  • Data minimization - Collect only essential data
Data Breach Procedures

No security is perfect. If we experience a data breach:

  1. We notify the Estonian Data Protection Inspectorate (within 72 hours)
  2. We notify affected users (if high risk)
  3. We take immediate action to contain the breach

10. Cookies

We use minimal cookies:

Cookie Purpose Duration Type
session_id Keep you logged into dashboard Session Strictly necessary
wallet_connected Remember wallet connection 24 hours Functional

We do NOT use:

  • Advertising cookies
  • Tracking cookies
  • Third-party analytics cookies

11. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our service
  • Changes in GDPR or Estonian law
  • Feedback from users or regulators

When we make significant changes:

  • We update the "Last updated" date above
  • We notify users via email (if we have your email)
  • We post an announcement on our website

Continued use of our service after changes constitutes acceptance.

12. Contact & Complaints

Privacy questions

Email: contact@akca.network

Supervisory authority

Estonian Data Protection Inspectorate
Website: https://www.aki.ee/en
Email: info@aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia

Related Policies

For complete information: