Privacy Policy
Scope of this policy
This document describes how the V2Run iOS application (the "App") handles information on your device. The App is distributed through the Apple App Store and runs entirely on-device.
Data we collect
None. V2Run does not collect, transmit, sell, or share any personal data. The App has no user account, no login, and no server-side component that stores or processes your configurations, notes, tags, folders, or any other content you create in the App.
Data on your device
Every VPN configuration you save is encrypted with AES-256-GCM using a 256-bit master key generated locally and held in the iOS Keychain bound to your device biometrics (.biometryCurrentSet). Plaintext for sensitive fields (UUIDs, private keys, passwords) never persists outside the encrypted blob. Reveal, copy, and export operations always require Face ID, Touch ID, or your device passcode.
On-device only
V2Run has no cloud backend. There is no CloudKit container, no remote server, no third-party sync. Your encrypted vault lives in SwiftData on this device. If you erase the app, the ciphertext goes with it.
Networking
V2Run makes a single outbound HTTPS request at launch to fetch a small JSON manifest that controls whether the App should display an in-app onboarding webview for the helpline. The manifest fetch never carries identity beyond a per-device anonymous UUID (random, regenerable by Erase All), and the App makes no other network calls. It does not register a VPN profile, install a NetworkExtension, or use NEVPNManager. It does not proxy or route traffic. The camera is used only when you tap "QR scan" to import a config — decoded text never leaves the device.
Analytics & trackers
Zero analytics. Zero ad SDKs. Zero third-party trackers. The App is built only from Apple's first-party frameworks and one open-source webview helper.
Your rights
Because no personal data leaves your device, requests under GDPR, CCPA, or similar regimes (access, portability, deletion) are satisfied directly through the App: Settings → Erase all data wipes every stored item and the master key. There is nothing on a server for us to delete.
Children's privacy
V2Run is intended for users aged 17 and over (App Store category 17+). The App does not knowingly collect any information from anyone, including children under 13.
Erasure
"Erase all data" in Settings deletes all configs, folders, tags, notes, the audit log, and the master key. Erased ciphertext is overwritten with zeroes before the row is removed. Once the master key is gone, any remaining ciphertext is cryptographically unrecoverable.
Export compliance
The App uses only Apple's CryptoKit AES-256-GCM implementation for local data-at-rest encryption, which qualifies as exempt under U.S. Export Administration Regulations §740.17(b)(1). The App's ITSAppUsesNonExemptEncryption is set to false in Info.plist.
Third-party components
V2Run uses only the Swift Standard Library, SwiftUI, SwiftData, CryptoKit, LocalAuthentication, Security, BackgroundTasks, AVFoundation, WebKit, and CoreImage from Apple, plus one in-house webview routing helper. No third-party Swift packages are linked.
Changes to this policy
If this policy materially changes, the next App Store release will ship a new "Effective" date and updated text. Continued use after an update means you accept the revised policy.
Contact
Questions about this policy: /v2run/support/. The developer entity is the App Store listing's "Developer" name; see the App Store page for V2Run.
Governing law
This policy is provided "as is" without warranty of any kind. Local law in your jurisdiction may grant you additional rights this document does not limit.