Local on your device.
No Protectstar-operated remote VPN server.

Introduction

This disclosure describes how Protectstar Inc. ("Protectstar", "we", "us") uses the Android VPNService in Firewall AI and DNSChanger. It explains which network data may be processed locally on your device, which technical data may be transmitted to Protectstar or service providers for specific app features, and what control you have over the VPNService feature.

This disclosure does not replace our general Privacy Policy for Android Apps or our Disclosure for Android Apps. Those documents describe other data processing outside the local VPNService context, such as MY.PROTECTSTAR, license management, in-app purchases, support, app security features, or product-related notifications.

This page focuses on the clear separation between local VPNService processing on your device and feature-specific technical data transfers that occur only for specifically described app features.

What is the Android VPNService?

The Android VPNService is a system component that allows Android apps to create a virtual network interface. Through this interface, an app can read and process IP packets at the device level and — depending on the app feature — block them, forward them, or write them back to the network. No root access is required.

Traditional VPN apps often use this interface to send traffic through an encrypted tunnel to a remote VPN server. Firewall AI and DNSChanger do not use the VPNService as a remote VPN service operated by Protectstar. Here, the VPNService is used for local firewall, DNS, filtering, and diagnostic functionality on your device.

Android requires a user action through the Android system dialog when a VPN connection is established for the first time. In addition, we display an in-app Protectstar disclosure before activation so you understand in advance why the VPNService is needed and which data may be processed locally.

How do Firewall AI and DNSChanger use the VPNService?

Our apps use the VPNService to manage and secure network traffic directly on the device, without requiring a Protectstar remote VPN server. This disclosure applies in particular to Firewall AI and DNSChanger.

In Firewall AI, the primary purpose is local firewall and filtering functionality. In DNSChanger, the primary purpose is controlling DNS requests through the DNS resolver you choose. Depending on the app, your settings, and the enabled feature, the operating mode may result in two scenarios for your internet traffic:

In both scenarios, your full network traffic is not sent to a Protectstar remote VPN server. Processing is used to manage traffic locally without root access and to enable transparent network filtering on your device.

Why do we use the VPNService?

We use the Android VPNService because Android does not provide an equivalent system-wide firewall and DNS control mechanism without root access. The VPNService is therefore technically required to provide the core features of Firewall AI and DNSChanger.

• Device protection and firewall features — Detect, block, or allow network connections per app and connection.
• DNS control — Forward DNS requests to the DNS resolver you select.
• Local traffic management — Process traffic on your device without a Protectstar remote VPN server.
• Transparency and diagnostics — Display local connection information, filter decisions, and optional local logs.

We do not use the VPNService to redirect or manipulate your traffic for advertising, tracking, profiling, or monetization purposes.

Detailed Use Cases

The VPNService is used only for features that would not be possible, or not possible in an equivalent way, without this Android system component:

• Firewall AI — local app firewall, blocking or allowing connections, applying filter rules, and displaying connection information.
• DNSChanger — selecting and using a DNS resolver, device-level DNS control, and optional DNS-related filtering.
• Security filters and blocklists — applying up-to-date filter information to block known unwanted or harmful connections.
• Local connection overviews — displaying technical information such as app, host/domain, IP address, port, protocol, timestamp, data volume, and filter decision, where the relevant feature is enabled.
• Diagnostics and stability — identifying connection issues, error states, or configuration problems without transmitting the contents of your network traffic to Protectstar.

Our apps do not redirect user traffic from other apps for monetization purposes and do not manipulate it for advertising, tracking, or profiling purposes.

Data processed locally

Depending on the app and the enabled feature, the VPNService may analyze, filter, block, forward, or prepare network packets locally on your device for display in the app. This may include technical information such as:

• App name or package name of the app initiating the connection
• Host / domain of the connection destination
• IP address and port
• Protocol (e.g., TCP, UDP)
• Connection time and data volume
• DNS request and filter decision

This information is needed to provide firewall rules, DNS selection, security filters, connection overviews, diagnostic features, and optional local logs. It is not used for advertising, tracking, or profiling purposes.

Local VPNService logs and local connection overviews are not transmitted to Protectstar as a continuous history. Individual feature-specific technical data transfers are described in Section 07.

Data that may be transmitted to Protectstar or service providers

Separate from local VPNService processing, individual app features may transmit technical data to Protectstar or service providers when this is required for operation, security, error analysis, license management, push notifications, support, abuse prevention, or a feature you actively use.

• Filter lists and blocklists — Firewall AI may transmit technical request information, such as the app or package name, to retrieve current filter lists and blocklists.
• WHOIS and IP information — When you request connection details, WHOIS, IP, or location information, the relevant IP address may be processed together with technical request information such as language or region to provide the information you requested.
• MY.PROTECTSTAR, license, and support — If you use a MY.PROTECTSTAR account, check a license, contact support, or use a purchase or subscription feature, the account, license, device, app, and support data required for that purpose may be processed.
• Push notifications — For Firebase Cloud Messaging, technically necessary identifiers such as a Firebase Installation ID, FCM registration token, app version, and Firebase User Agent may be processed. See Section 09 for details.
• Map display for IP/WHOIS features — When a map view is loaded, technical request data such as IP address and user agent may be transmitted to the relevant map service. This processing is governed by the terms and privacy information of the respective provider.
• Diagnostics and abuse prevention — Depending on your use, app version, operating system version, device model, manufacturer, language/region, and error or diagnostic information may be processed. The contents of your network traffic are not required for this.

This technical data is not used to create or analyze your browser history, the contents of your network traffic, or full URLs.

DNS Providers and Resolvers

If you use DNSChanger or DNS features in Firewall AI, DNS requests are technically sent to the DNS resolver you select. This may be a preconfigured public DNS provider (e.g., Cloudflare, Google Public DNS, AdGuard, Quad9, CleanBrowsing) or a DNS server you enter yourself.

Protectstar does not operate a remote VPN server for Firewall AI or DNSChanger through which your full internet traffic is centrally processed. At the time of this disclosure, Protectstar also does not operate a public DNS resolver for these apps.

The relevant DNS provider may process DNS requests and technical metadata under its own privacy terms. Choose a DNS provider you trust — and review its privacy policy before activating it.

Push Notifications via Firebase

We use Firebase Cloud Messaging (FCM) for push notifications. Technically necessary identifiers, such as a Firebase Installation ID and/or an FCM registration token, may be processed so messages can be delivered to the correct app installation.

In addition, technical data such as app version and Firebase User Agent may be processed to deliver and manage push messages. We do not use Firebase Cloud Messaging for advertising, analytics, activity tracking, or profiling, and we do not transmit the contents of your network traffic, browser history, DNS history, or connection history through it.

We do not use any other Firebase services, such as Firebase Crashlytics or Firebase Analytics, unless they are expressly described in an updated disclosure.

Clarification on Data Collection

We do not transmit full VPNService logs, browser history, full URLs you visit, contents of your traffic, or continuous DNS or connection history to Protectstar servers.

Depending on the enabled feature, the app may process and display network data locally on your device (see Section 06). This local information is used solely for firewall, DNS, security, transparency, and diagnostic functionality.

Feature-specific technical data transfers are described in Section 07. Additional data processing outside the VPNService context is described in our Privacy Policy for Android Apps and our Disclosure for Android Apps.

With whom do we share data?

We do not sell personal data and do not disclose VPNService data for advertising, tracking, profiling, or monetization purposes.

Processors and technical service providers may process technical data only for clearly described purposes — for example hosting, license verification, support, security, push notifications, or operation of our servers. To the extent these providers act as processors, they process data on our behalf and according to our instructions.

Third parties selected by you or integrated because of a feature may have their own privacy terms. These include, in particular, the DNS resolver you select, as well as map services or other providers you access by using a specific feature.

We use no SDKs for advertising, tracking, profiling, or monetization purposes. Firebase Cloud Messaging is used exclusively for technical push notifications and product-related notices. If we integrate additional SDKs in the future that are relevant to this disclosure, we will update this disclosure accordingly and — where required — obtain your explicit consent.

Security of Data Transmission

The local VPNService processes network packets within the Android app environment on your device. No remote VPN tunnel to Protectstar is operated.

Data that the app transmits to Protectstar or service provider endpoints for legitimate app features — for example license verification, updates, push notifications, or diagnostics — is protected in transit using modern transport encryption such as HTTPS/TLS.

The encryption of your connection to websites or apps also depends on the respective destination service — for example, whether that service uses HTTPS.

Consent & Clear Disclosure

Before the VPNService feature is activated, we display a clear disclosure inside the app. This disclosure appears in the normal user flow, explains the use of the VPNService, describes the data that may become locally accessible or processed as a result, and explains how this data is used or — where applicable — shared.

The VPNService feature starts only after active consent, for example by tapping “Agree” or “Agree & Activate VPNService.” Closing the dialog, tapping outside the dialog, pressing the Back button, or pressing the Home button does not count as consent.

After the in-app Protectstar disclosure, Android also displays the Android system request for VPNService. The feature is activated only after you also confirm this system request.

Compliance with Google Play Policy

We use the VPNService for permitted core features such as device security, firewall functionality, and network/DNS tools. Use of the VPNService is documented in the Google Play Store listings and clearly disclosed in the app before activation.

Our apps do not redirect user traffic from other apps for monetization purposes and do not manipulate it for advertising, tracking, or profiling purposes. Data transmitted to Protectstar or service providers for legitimate app features is protected in transit using modern transport encryption such as HTTPS/TLS.

You can also find details about our use of the VPNService in our Google Play Store listings for Firewall AI and DNSChanger.

Retention and Deletion

Local firewall, DNS, and connection logs remain stored on your device until you delete them in the app, disable the relevant logging feature, clear app data, or uninstall the app.

Technical diagnostic, license, push, and support data transmitted to Protectstar or service providers is stored only for as long as required for operation, security, troubleshooting, abuse prevention, legal obligations, license management, or handling your request. After that, it is deleted or anonymized unless statutory retention obligations require otherwise.

For registered users, you can manage account data through MY.PROTECTSTAR or request deletion. For unregistered users, uninstalling the app ends local VPNService processing on the device; support, license, push, or diagnostic data already transmitted to Protectstar is deleted or anonymized according to the applicable retention and deletion rules.

International Data Transfers

Protectstar Inc. is based in the United States. Where technical data is transferred to Protectstar or commissioned service providers outside your country, we protect these transfers through appropriate legal, organizational, and technical measures.

Depending on the recipient, these may include: adequacy decisions, the EU-U.S. Data Privacy Framework (where the respective recipient is certified), Standard Contractual Clauses, or comparable safeguards.

For more details, please see our Privacy Policy for Android Apps and our Disclosure for Android Apps.

Opt-Out Options

You can manage VPN functionality directly in the app settings:

• Pause or disable the VPNService — If you do not want VPN functionality to be active, you can simply pause or disable it in the app settings.
• Uninstall the app — If you want to stop the VPN feature completely, uninstalling the app ensures that data is no longer processed locally and that VPN operation ends.

You can also withdraw your consent to use the VPNService at any time by disabling the feature within the app.

Your choices regarding your personal data

We respect your right to control your personal data. You can manage your information as follows:

1. Registered users of Protectstar apps

• Access and correction — If you have registered a Protectstar app through MY.PROTECTSTAR, you can view and correct your personal data in your profile at my.protectstar.com at any time.
• Privacy Policy — The specific privacy policy for your MY.PROTECTSTAR account is available at my.protectstar.com/app/privacy-policy.

2. Unregistered users with installed Protectstar products

• Stop local processing — If you have not registered a Protectstar app but have one installed on your device, you can end local processing by uninstalling the product.

Changes to this VPNService Disclosure

We may update this disclosure to reflect new features, legal requirements, or policy changes. All material updates will be published in the Protectstar VPNService Disclosure and highlighted in the app to inform you.

How to reach us

If you have questions or comments about this disclosure, or if you would like us to update or remove information or settings you have provided to us, you can reach us using the contact options below.