This Privacy Policy explains how Rayn Labs L.L.C. ("Rayn Labs," "we," "us," or "our") collects, uses, and shares information in connection with the Rayn VPN service and our websites at raynlabs.io (the "Service").
We have designed the Service to collect the minimum personal information necessary to operate it. This policy describes what we do and do not collect, your rights over that information, and how to contact us with questions.
1. Information we collect
1.0 What we do not collect
Rayn Labs does not collect analytics, telemetry, advertising identifiers, device identifiers, crash or diagnostic data, or usage data from any Rayn client or from the website. We use no third-party analytics or crash-reporting SDKs (no Google Analytics, Firebase Analytics, Sentry, or similar). Rayn clients use the operating system's VPN integration (such as Android's VpnService API or the iOS and macOS NetworkExtension framework) solely to create the encrypted tunnel; they do not inspect, log, or transmit the contents of your traffic. Specifically, we do not log the websites, IP addresses, or DNS queries sent through the VPN. See Section 1.3 for the complete no-logs disclosure.
1.1 Account information
When you create or sign in to a Rayn account, whether from the website or from the Rayn Android client, we collect:
- Your email address (used to authenticate the request and to communicate transactional account events)
- A password (stored only as a salted hash; never written to disk on your device)
- A display name of your choice
- The date and time your account was created
- Your selected billing period
In-app authentication. All Rayn clients (Windows, macOS, iOS, and Android) share the same authentication standards. Each client offers two ways to access your subscription:
- Sign in with email and password. Your email address and an internal account identifier are transmitted to our authentication backend, which is the same backend used by the website. Under the definition of “collect” used by Google Play and other app marketplaces (transmitting data off the device), this counts as collection of your email address and a user identifier by the app.
- Import your subscription URL or QR code. The client authenticates using a unique subscription token contained in the URL or QR code. No email address is required or transmitted along this path.
Whichever method you choose, we do not share your email address or account identifier with any third party. The information is used only to authenticate your client and to operate your subscription. You can request permanent deletion at any time at raynlabs.io/legal/delete-account.
1.2 Payment information
Payment transactions are processed by our third-party Payment Processor(s) (currently Guardarian for card payments and NowPayments for cryptocurrency). We do not see, receive, or store your card number, CVV, bank details, or wallet credentials. Each Payment Processor handles payment information under its own privacy policy. From the Payment Processor we receive only a transaction identifier, the amount, the payment method type, and the billing period purchased.
1.3 Connection and service data
No-logs policy. We do not log, retain, or analyze:
- The websites, services, or IP addresses you connect to through the Service
- DNS queries made through the Service
- Your browsing or traffic history
- The content of data transiting the Service
- The originating IP address you used to connect to a Rayn node
We retain aggregate, non-identifying operational metrics (total bandwidth, connection counts per node) strictly for capacity planning and fraud prevention. These metrics cannot be tied to an individual user.
1.4 Website data
The raynlabs.io website uses:
- A strictly-necessary session cookie to keep you signed in
- A locale preference stored in your browser's local storage
- Cloudflare Turnstile (bot protection) on account creation and sensitive actions. See Cloudflare's privacy policy at cloudflare.com/privacypolicy
We do not use advertising cookies, cross-site tracking, or third-party analytics on the marketing site or user dashboard. We use no third-party analytics or crash-reporting SDKs on the website. See our Cookie Policy for details.
1.5 Support communications
When you email our support address we receive your email address, the content of your message, and any information you choose to include. We use this only to respond to your inquiry.
1.6 Service reachability
To keep the service reachable when an individual API endpoint becomes unavailable, our servers may provide your client with a replacement address for fetching your subscription profile. This only changes the URL the client uses to retrieve your profile. It does not change your VPN provider, the client's behavior, or what the client can access. As stated in Section 1.3, we do not log the websites, IP addresses, or DNS queries you send through the VPN tunnel.
2. How we use information
We use the information described above to:
- Provide, operate, and maintain the Service
- Authenticate your account
- Enforce our Terms of Service and Acceptable Use Policy
- Detect and prevent fraud, abuse, and security incidents
- Respond to your support requests
- Send transactional emails (account events, security alerts, service updates)
- Comply with legal obligations
3. Legal basis for processing (GDPR / UK GDPR)
Where the EU General Data Protection Regulation or the UK GDPR applies, we rely on the following legal bases:
- Contract. To provide the Service you have purchased.
- Legitimate interests. For fraud prevention, security, and service improvement.
- Legal obligation. To comply with law, court orders, or government requests.
- Consent. For any optional processing we tell you about at the time of collection.
4. Sharing and disclosure
We share information only as follows:
- Payment Processor. To process payment transactions. We share only the minimum information needed to identify and validate your transaction.
- Infrastructure providers. Our hosting, email, and DDoS-protection providers (including Cloudflare). These providers act as data processors under written agreements and do not use your data for any other purpose.
- Legal compliance. If required by a valid legal process (subpoena, court order, etc.). We publish a transparency report upon request.
- Business transfer. If Rayn Labs is acquired or merged, your information may be transferred, subject to this Privacy Policy.
We do not sell personal information. We have not sold personal information in the preceding 12 months.
5. Data retention
- Account information: retained while your account is active. Deleted within 30 days of account closure, except as required to comply with tax or legal obligations.
- Payment transaction records held by the Payment Processor: retained per the Payment Processor's own policy.
- Support emails: retained for 24 months, then deleted.
- No connection logs are retained, so there is nothing to delete.
6. Security
We use industry-standard measures to protect your information, including TLS for all transmissions, salted-and-hashed password storage, encryption at rest for account data, access controls with audit logging, and regular security reviews. No system is perfectly secure; we cannot guarantee absolute security.
7. International transfers
Rayn Labs is based in the United States. Our infrastructure spans multiple regions worldwide. When you use the Service your information may be transferred to and processed in countries outside your country of residence. Where required, we use Standard Contractual Clauses approved by the European Commission or other lawful mechanisms for such transfers.
8. Your rights
8.1 Rights under GDPR / UK GDPR
If you are in the EEA, UK, or Switzerland, you have the right to:
- Access the personal information we hold about you
- Have inaccurate information corrected
- Have your information deleted (subject to legal retention requirements)
- Restrict or object to processing in certain circumstances
- Receive your information in a portable format
- Withdraw consent where processing is based on consent
- Lodge a complaint with your data-protection authority
8.2 Rights under California law (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request access to or deletion of your personal information
- Correct inaccurate personal information
- Opt out of any "sale" or "sharing" of personal information (we do not sell or share)
- Not be discriminated against for exercising your rights
8.3 How to exercise your rights
Email privacy@raynlabs.io from the address associated with your account. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA).
9. Children
The Service is intended only for adults and is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it promptly.
10. Scope of this Policy
This Privacy Policy governs both the Rayn website and the Rayn mobile applications distributed via Google Play and (where available) the Apple App Store. In-app first-run disclosures may summarize the policy, but this document is authoritative.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to your account address and posted on this page with an updated "Last updated" date.
12. Contact
Privacy questions or rights requests:
privacy@raynlabs.io
Legal matters: legal@raynlabs.io
Rayn Labs L.L.C., State of Wyoming, United States.