This Privacy Policy explains how Rayn Labs L.L.C. ("Rayn Labs," "we," "us," or "our") collects, uses, and shares information in connection with the Rayn VPN service and our websites at raynlabs.io (the "Service").
We have designed the Service to collect the minimum personal information necessary to operate it. This policy describes what we do and do not collect, your rights over that information, and how to contact us with questions.
1. Information we collect
1.1 Account information
When you create an account we collect:
- Your email address
- A password (stored only as a salted hash)
- A display name of your choice
- The date and time your account was created
- Your selected billing period
1.2 Payment information
Payment transactions are processed by our third-party Payment Processor (currently NowPayments for cryptocurrency). We do not see, receive, or store your wallet credentials, card number, CVV, or bank details. The Payment Processor handles payment information under its own privacy policy. From the Payment Processor we receive only a transaction identifier, the amount, the cryptocurrency used (where applicable), and the billing period purchased.
1.3 Connection and service data
No-logs policy. We do not log, retain, or analyze:
- The websites, services, or IP addresses you connect to through the Service
- DNS queries made through the Service
- Your browsing or traffic history
- The content of data transiting the Service
- The originating IP address you used to connect to a Rayn node
We retain aggregate, non-identifying operational metrics (total bandwidth, connection counts per node) strictly for capacity planning and fraud prevention. These metrics cannot be tied to an individual user.
1.4 Website data
The raynlabs.io website uses:
- A strictly-necessary session cookie to keep you signed in
- A locale preference stored in your browser's local storage
- Cloudflare Turnstile (bot protection) on account creation and sensitive actions. See Cloudflare's privacy policy at cloudflare.com/privacypolicy
We do not use advertising cookies, cross-site tracking, or third-party analytics on the marketing site or user dashboard. See our Cookie Policy for details.
1.5 Support communications
When you email our support address we receive your email address, the content of your message, and any information you choose to include. We use this only to respond to your inquiry.
2. How we use information
We use the information described above to:
- Provide, operate, and maintain the Service
- Authenticate your account
- Enforce our Terms of Service and Acceptable Use Policy
- Detect and prevent fraud, abuse, and security incidents
- Respond to your support requests
- Send transactional emails (account events, security alerts, service updates)
- Comply with legal obligations
3. Legal basis for processing (GDPR / UK GDPR)
Where the EU General Data Protection Regulation or the UK GDPR applies, we rely on the following legal bases:
- Contract. To provide the Service you have purchased.
- Legitimate interests. For fraud prevention, security, and service improvement.
- Legal obligation. To comply with law, court orders, or government requests.
- Consent. For any optional processing we tell you about at the time of collection.
4. Sharing and disclosure
We share information only as follows:
- Payment Processor. To process payment transactions. We share only the minimum information needed to identify and validate your transaction.
- Infrastructure providers. Our hosting, email, and DDoS-protection providers (including Cloudflare). These providers act as data processors under written agreements and do not use your data for any other purpose.
- Legal compliance. If required by a valid legal process (subpoena, court order, etc.). We publish a transparency report upon request.
- Business transfer. If Rayn Labs is acquired or merged, your information may be transferred, subject to this Privacy Policy.
We do not sell personal information. We have not sold personal information in the preceding 12 months.
5. Data retention
- Account information: retained while your account is active. Deleted within 30 days of account closure, except as required to comply with tax or legal obligations.
- Payment transaction records held by the Payment Processor: retained per the Payment Processor's own policy.
- Support emails: retained for 24 months, then deleted.
- No connection logs are retained, so there is nothing to delete.
6. Security
We use industry-standard measures to protect your information, including TLS for all transmissions, salted-and-hashed password storage, encryption at rest for account data, access controls with audit logging, and regular security reviews. No system is perfectly secure; we cannot guarantee absolute security.
7. International transfers
Rayn Labs is based in the United States. Our infrastructure spans multiple regions worldwide. When you use the Service your information may be transferred to and processed in countries outside your country of residence. Where required, we use Standard Contractual Clauses approved by the European Commission or other lawful mechanisms for such transfers.
8. Your rights
8.1 Rights under GDPR / UK GDPR
If you are in the EEA, UK, or Switzerland, you have the right to:
- Access the personal information we hold about you
- Have inaccurate information corrected
- Have your information deleted (subject to legal retention requirements)
- Restrict or object to processing in certain circumstances
- Receive your information in a portable format
- Withdraw consent where processing is based on consent
- Lodge a complaint with your data-protection authority
8.2 Rights under California law (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request access to or deletion of your personal information
- Correct inaccurate personal information
- Opt out of any "sale" or "sharing" of personal information (we do not sell or share)
- Not be discriminated against for exercising your rights
8.3 How to exercise your rights
Email privacy@raynlabs.io from the address associated with your account. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA).
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to your account address and posted on this page with an updated "Last updated" date.
11. Contact
Privacy questions or rights requests:
privacy@raynlabs.io
Legal matters: legal@raynlabs.io
Rayn Labs L.L.C., State of Wyoming, United States.