×
Home Services Pricing Tutorial About Us Privacy Policy Login

TGV Privacy Policy (EU GDPR Compliant)

Effective Date: January 25, 2023

Scope of Application: This Privacy Policy applies to all MTProto proxy services, websites and clients under TGV (tgvpn.io). For EU residents and users accessing our services within the European Union, we fully comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) to protect user privacy and legitimate data rights.

1. Data Controller Information (GDPR Mandatory Disclosure)

As the data controller, TGV discloses the following information to help users exercise their GDPR rights:

  • Data Controller: TGV VPN Services
  • Registered Address: Dublin, Ireland (EU). Detailed address available upon request via privacy email.
  • Data Protection Officer (DPO): Contact via dedicated privacy email: privacy@tgvpn.io
  • EU Supervisory Authority: Data Protection Commission (DPC), Ireland. Official complaint channel: https://www.dataprotection.ie
  • Contact: For privacy inquiries, data rights requests and complaints, please email privacy@tgvpn.io. We will respond free of charge within the 30-day period required by GDPR.

2. Core GDPR Compliance Principles (Article 5)

TGV adheres strictly to the seven core principles under GDPR Article 5. All data processing activities fully comply with the following standards:

  • Lawfulness, Fairness & Transparency: All data processing has clear legal basis. We fully disclose processing purposes, scope and methods without concealment or misleading statements.
  • Purpose Limitation: Data is only processed for explicit purposes including service delivery, account management, security protection and troubleshooting. No unrelated usage is permitted.
  • Data Minimization: We collect only the minimum data necessary to deliver services. No unnecessary personal or sensitive data is collected.
  • Accuracy: User data is kept up-to-date with accessible correction channels to ensure completeness and accuracy.
  • Storage Limitation: Data is retained only for the shortest necessary duration and permanently deleted once no longer required.
  • Integrity & Confidentiality: Encryption and access control measures are implemented to prevent data leakage, tampering and abuse.
  • Accountability: We maintain complete processing records to prove GDPR compliance and accept regulatory audits.

3. Collected Personal Data (Field-Specific Details)

3.1 Essential Service Data (Minimized Collection)

To provide MTProto proxy services, we only collect the following essential data with no redundant collection:

  • Connection Metadata: Temporary records of server IP, connection timestamp, disconnection time and traffic usage for stability monitoring and troubleshooting. Real user IP, browsing content and Telegram chat data are never logged.
  • Device Information: Device model, system version and client version for service adaptation and connection optimization.
  • Account Data (Paid Users Only): Registered email, order ID and payment status. Full payment credentials are processed solely by third-party payment providers and never stored by TGV.

3.2 Data We Never Collect (GDPR Red Line)

To maximize user privacy protection, TGV strictly prohibits collection of the following data to eliminate leakage risks:

  • Real user IP address and geographic location data;
  • Telegram account details, chat history, contacts and call logs;
  • Third-party app data, browsing records and government-issued identification information;
  • No third-party analytics or advertising SDKs. User behavior tracking is fully disabled.

4. Legal Basis for Data Processing (GDPR Article 6)

  • Performance of Contract (Article 6(1)(b)): Data processing is necessary to deliver MTProto proxy services, process orders and manage user accounts for contract performance.
  • Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, cyber attack mitigation and service stability. A Legitimate Interest Assessment (LIA) has been completed to ensure no conflict with user fundamental rights.
  • Legal Obligation (Article 6(1)(c)): Data disclosure may be required to comply with legal obligations and valid official law enforcement requests.
  • Explicit Consent (Article 6(1)(a)): Non-essential data processing will only occur with voluntary, specific and revocable user consent. Marketing communications are disabled by default.

5. Data Storage & Cross-Border Transmission (GDPR Compliance)

5.1 Retention Period

  • Connection Metadata: Retained temporarily for 72 hours for troubleshooting, then permanently deleted with no backups.
  • Account Data (Paid Users): Retained for 30 days after account cancellation for financial reconciliation and after-sales support, then fully erased.
  • Legally Required Data: Retained for the minimum duration required by EU and local laws.

5.2 Storage Location & Cross-Border Transfer

  • Data Storage: All user data is hosted on servers located within the European Union (e.g. AWS Frankfurt). No data is stored outside EU jurisdictions.
  • Cross-Border Transfer: Transfers to non-EU regions are strictly prohibited unless mandatory for service operation. Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIA) will be implemented for any necessary cross-border data flow.

6. User Data Rights (GDPR Articles 12-23)

  • Right of Access: Request a copy of your personal data and full details of processing activities.
  • Right of Rectification: Request correction or completion of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Request permanent deletion of your data when data is no longer necessary, consent is withdrawn or processing is unlawful.
  • Right to Restriction of Processing: Suspend data processing during dispute resolution regarding data accuracy or lawful processing.
  • Right to Data Portability: Export your personal data in CSV/JSON format for transfer to another data controller.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing activities.
  • Right to Withdraw Consent: Revoke previously granted consent at any time without affecting lawfulness of prior processing.
  • Right to Lodge a Complaint: Submit complaints to EU data protection authorities (e.g. Irish DPC) regarding GDPR violations.

7. Data Security Measures (GDPR Article 32)

  • Transmission Encryption: TLS 1.3 end-to-end encryption for all service communications to prevent interception and tampering.
  • Storage Encryption: AES-256 encryption for all stored user data to protect against unauthorized access.
  • Access Control: Role-based permission management with full audit logs for all data access operations.
  • Security Audits: Regular vulnerability scanning, penetration testing and security reviews to mitigate risks.
  • Data Breach Notification: Affected users and EU regulators will be notified within 72 hours in the event of a confirmed data breach.
  • Staff Training: Regular GDPR and data security training for all personnel to enforce confidentiality obligations.

8. Third-Party Data Sharing (Strictly Restricted)

  • Payment Providers: Only order ID, transaction amount and payment status are shared to complete payment processing. Sensitive payment details are fully managed by third-party vendors.
  • Cloud Infrastructure Providers: Only non-user operational data is shared for server maintenance. EU-based providers are prioritized.
  • Law Enforcement: Minimal data disclosure only in response to valid legal warrants. All requests are legally reviewed before disclosure.

We never sell, trade or disclose user personal data to unauthorized third parties for commercial purposes.

9. Minor Protection (GDPR Article 8)

  • We do not knowingly collect personal data from minors. Minor-related data will be deleted immediately upon discovery of unauthorized usage.
  • Legal guardians may contact our privacy team to request deletion of minor user data with valid verification.

10. Policy Updates & Notifications

  • This Privacy Policy may be revised to reflect regulatory updates or service adjustments. Material changes will be announced via website notice and user email at least 30 days in advance.
  • Continued use of TGV MTProto proxy services constitutes acceptance of the updated policy terms.
  • Historical policy versions are retained and available upon email request.

11. Contact Information

  • Privacy Inquiries & Data Rights Requests: privacy@tgvpn.io
  • Customer Support: support@tgvpn.io
  • Registered Address: Dublin, Ireland (EU)
  • Regulatory Complaints: Data Protection Commission (DPC) - Ireland: https://www.dataprotection.ie
Privacy Policy User Tutorial Service Plans About Us