Legal
Privacy Policy
Effective date: May 8, 2025
NumbleNinja ("the App", "we", "us", or "our") is a network utility application for iOS. We are committed to protecting your privacy. This Privacy Policy describes the information we collect, how we use it, and the choices available to you.
By downloading, installing, or using NumbleNinja, you agree to the practices described in this policy.
1. Information We Collect
1.1 Account Information
When you register or sign in, we collect:
- Email address — used for account authentication and password recovery.
- Password — transmitted via end-to-end encrypted API calls (ECDH + AES-256-GCM). We do not store your password on the device in plaintext.
1.2 Device Information
- Device identifier — a stable, app-scoped identifier used for session management and enforcing per-account device limits. This identifier is not shared with any third party.
- App version and platform — used to check for required updates and ensure compatibility.
1.3 Service Usage Data
- Aggregate traffic statistics — total upload and download byte counts as reported by your service provider. Displayed in the App so you can monitor your usage.
- Subscription metadata — expiration date, refresh interval, and configuration file size. Used to manage your proxy service.
- Latency test results — stored locally on your device using SwiftData for your reference. Not transmitted to any server.
1.4 Information We Do NOT Collect
We do not collect, log, store, or transmit any of the following:
- Browsing history or URLs you visit
- DNS queries or DNS resolution logs
- Content of your network traffic or packet payloads
- IP addresses of websites you connect to
- Precise location or GPS data
- Contacts, photos, messages, or data from other apps
- Advertising identifiers (IDFA)
2. How We Use Your Information
| Data |
Purpose |
| Email address |
Account authentication and password recovery |
| Device identifier |
Session management and device limit enforcement |
| App version |
Update checks and compatibility verification |
| Traffic statistics |
Displaying your usage data within the App |
| Subscription metadata |
Managing your proxy configuration and service expiration |
We use your information exclusively to provide the App's core functionality. We do not sell, rent, or share your personal information with third parties for marketing, advertising, or any purpose unrelated to providing the service.
3. Data Security
We employ industry-leading cryptographic protections:
- ECDH Key Exchange (X25519) — every API request generates a fresh ephemeral key pair, providing Perfect Forward Secrecy.
- AES-256-GCM — all request and response payloads are encrypted with authenticated encryption.
- TLS/HTTPS — all network communication uses HTTPS as the transport layer.
Data stored on your device (authentication tokens, preferences, cached configurations) uses iOS sandboxing and App Group shared containers. The App does not use iCloud backup for sensitive data.
4. Third-Party Services
The App integrates one optional third-party service:
- Crisp — an optional in-app customer support chat widget. If you initiate a support conversation, Crisp may collect your user ID, email, and messages for support purposes only. Crisp's own privacy policy applies to data processed by their service.
The App does not integrate:
- Analytics or crash-reporting SDKs (no Firebase, no Google Analytics, no Crashlytics)
- Advertising networks or ad SDKs
- Social media SDKs
- Third-party data brokers or tracking services
5. Network Extension (VPN)
NumbleNinja uses Apple's NEPacketTunnelProvider framework to create a local VPN tunnel on your device. This is required to route network traffic according to your selected routing mode (Rule, Global, or Direct).
- The VPN configuration is managed through iOS Settings and requires your explicit permission to activate.
- All traffic routing happens on-device. We do not operate VPN servers; the App routes traffic to proxy nodes specified in your subscription configuration.
- No traffic content, DNS queries, or connection logs pass through or are stored by us.
6. App Permissions
| Capability |
Purpose |
| Network Extension |
Create and manage the on-device VPN tunnel for traffic routing. |
| App Groups |
Share configuration data between the main app and the Packet Tunnel extension. |
The App does not request access to your camera, microphone, location, contacts, photos, or any other sensitive device capabilities.
7. Data Retention
- Authentication tokens — stored on-device until expiration or sign-out. Expired tokens are automatically deleted.
- Cached configurations — stored locally for offline use. Cleared when you sign out or reset the App.
- Latency test results — stored locally in SwiftData. Deleted when you reset or uninstall the App.
- Server-side account data — retained by your service provider according to their data retention policies. Contact your service provider for details.
You can delete all locally stored data at any time by signing out within the App or by deleting the App from your device.
8. Children's Privacy
NumbleNinja is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
9. Your Rights
You have the right to:
- Access — view your profile and usage data within the App at any time.
- Delete — erase all local data by signing out or deleting the App. For server-side account deletion, contact your service provider.
- Withdraw consent — stop using the App and delete it from your device at any time.
- Data portability — your subscription configuration is in standard YAML format and can be exported.
10. International Data Transfers
The App may communicate with API servers located in different regions depending on your service provider. All data transmitted between your device and these servers is protected by end-to-end encryption as described in Section 3.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective date" at the top of this page. Material changes will be communicated through an in-app notice or App Store update notes. Your continued use of the App after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or the App's data practices, you may contact us through:
- The in-app customer support chat (powered by Crisp)
- Your service provider's support channels