Privacy Policy
Effective date: May 24, 2026 · Applies to: openlawsvpn client (iOS & Android), openlawsvpn relay (Android), and all other openlawsvpn apps and clients
Short version: The openlawsvpn apps do not collect, store, or transmit any personal data to openlawsvpn servers. In direct mode, your VPN traffic goes directly to your own AWS endpoint. Relay mode requires minimal data to transit the relay service by its nature — see section 3 for details.
1. What we collect
Nothing. The app does not collect any personal information, usage analytics, crash reports, or telemetry. There are no SDKs in the app that phone home.
2. Data stored on your device
The following data is stored locally on your device only:
- VPN profiles (.ovpn files) — stored in app-private storage with restricted permissions (mode 600 on Linux; excluded from Android Auto Backup on Android).
- Connection logs — held in memory while the app is open; cleared when the process ends. Never written to disk.
No data from any client is accessible to other apps or synchronized to any cloud service.
3. Data transmitted
The only network traffic initiated by the apps is:
- VPN tunnel traffic — encrypted and routed directly to your organization's AWS Client VPN endpoint. openlawsvpn servers are never in the data path.
- SAML authentication — your identity provider's login page opens in a system browser (a separate process). The app receives only the resulting SAML token; it never sees your credentials or the login page content.
- Demo endpoint (openlawsvpn client) — a publicly accessible demo VPN endpoint is available at
52.50.164.151for app review and testing purposes. It accepts certificate-auth connections using the profile at demo/demo-client.ovpn. No user data is stored on this endpoint. - Relay mode (optional) — if you use the relay feature, only the data required by its nature to deliver VPN auth to the remote agent transits the openlawsvpn relay service. This data is not stored beyond the duration of the session (60-second TTL). Direct connections never touch openlawsvpn servers.
4. Logging
Direct connections — the app connects directly to your AWS endpoint. No openlawsvpn infrastructure is involved and no connection data is logged by us.
Relay mode (optional) — relay traffic passes through the openlawsvpn relay service (AWS API Gateway). Standard access logs are retained for 30 days in AWS CloudWatch for security and abuse-prevention purposes. These logs may include your IP address, timestamp, and request metadata. They are not sold or shared with third parties and are deleted automatically after 30 days.
5. Third-party services
The app does not integrate any third-party analytics, advertising, crash-reporting, or data-processing services.
6. Permissions
Each client requests only the permissions required to operate as a VPN client.
On iOS:
- VPN configuration (Network Extension) — required to create and manage the VPN tunnel. iOS prompts the user to allow VPN configuration on first connection.
- App Group (local IPC) — used only for inter-process communication between the main app and the VPN tunnel extension running on the same device. No data leaves the device through this mechanism.
On Android:
- INTERNET — required to establish the VPN tunnel.
- BIND_VPN_SERVICE / VpnService — required by Android to create a VPN tunnel interface.
- FOREGROUND_SERVICE / FOREGROUND_SERVICE_SPECIAL_USE — keeps the VPN running while the app is in the background.
- POST_NOTIFICATIONS — displays the persistent "Connected" notification and Disconnect action (Android 13+).
- ACCESS_NETWORK_STATE — detects network loss so the app can update its status when the tunnel drops.
On Linux the CLI and GUI require no special permissions beyond the network capabilities needed to create a tunnel interface (CAP_NET_ADMIN+CAP_NET_RAW or run as root).
No location, contacts, camera, microphone, or unnecessary storage permissions are requested on any platform.
7. In-App Purchases (iOS)
The iOS app offers a monthly subscription processed entirely by Apple through the App Store. openlawsvpn does not receive or store your payment information. We receive only a signal from Apple's StoreKit framework indicating whether a valid subscription entitlement is active on your device. No financial data is transmitted to openlawsvpn servers as part of the purchase process.
For questions about billing, cancellation, or refunds, visit Apple's billing support.
8. Children's privacy
The app is not directed at children under 13 and does not knowingly collect information from children.
9. Changes to this policy
If this policy changes materially, the updated version will be posted at this URL with a revised effective date. The app is open source — all changes are visible in the public repository.
10. Contact
Questions about this policy: contact@openlawsvpn.com