Privacy Policy

Last updated: March 1, 2026

1. Introduction

MeltByteVPN ("we", "our", "the Service") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

2. Data We Collect

We collect the minimum amount of data necessary to operate the Service:

• Telegram ID — Your unique numeric Telegram identifier, used to link your VPN subscription to your account
• Telegram username — Your public Telegram username (if set), for identification in admin and support
• First name / Last name — As provided by Telegram, for display purposes
• Language code — Your Telegram language preference
• Payment records — Transaction details for Telegram Stars payments (amount, plan, Telegram payment charge ID)
• Support messages — Messages you send through the support feature
• Usage events — Bot interactions (e.g., subscription purchased, server switched) for analytics

3. Data We Do NOT Collect

We operate a strict no-log VPN service. We do not collect, store, or monitor:

• Your browsing history or VPN traffic content
• DNS queries made through the VPN
• Your real IP address during VPN sessions
• Connection timestamps or session durations
• Bandwidth usage per session
• Any information about the websites or services you visit

4. How We Use Your Data

The data we collect is used solely for:

• Providing and maintaining the VPN service
• Processing your subscription and payments
• Sending subscription reminders and expiry notifications
• Responding to support requests
• Aggregated analytics to improve the Service (no individual tracking)

5. Data Storage and Encryption

Your data is stored in a PostgreSQL database. Sensitive data is protected using AES-256-GCM encryption. Specifically:

• VPN server credentials (API passwords) are encrypted at rest
• Encryption keys are stored as environment variables, never in the database
• Admin panel passwords are hashed using bcrypt
• All connections to the admin panel are encrypted with TLS (HTTPS)

6. Third-Party Services

The Service integrates with the following third-party services:

• Telegram — Bot platform and payment processing (Telegram Stars). Telegram's own privacy policy applies to data they collect. See Telegram Privacy Policy.
• 3x-ui VPN panels — Used to manage VPN connections on our servers. No user browsing data is logged on these panels.

We do not sell, share, or transfer your personal data to any other third parties.

7. Data Retention

We retain your data for the following periods:

• Account data — Retained as long as your account is active
• Payment records — Retained for 2 years for accounting and dispute resolution
• Support tickets — Retained for 1 year after resolution
• Usage events — Retained for 1 year, then deleted

You may request earlier deletion of your data (see Section 8).

8. Your Rights

You have the right to:

• Access — Request a copy of the data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your account and associated data
• Portability — Receive your data in a structured, machine-readable format

To exercise these rights, contact us through the Support feature in the Telegram bot or email support@meltbyte.com.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Telegram bot or on this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or your data, please contact us through the Support feature in the Telegram bot or email us at support@meltbyte.com.