Introduction

BBQ VPN ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our BBQ VPN + AdBlock browser extension (the "Extension").

Please read this Privacy Policy carefully. By using the Extension, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Information You Provide

Authentication Data (one of the following methods):

Telegram Authentication:

• Telegram User ID (required for authentication)
• Telegram Username (if available)
• First and Last Name from Telegram account

Email/Password Authentication:

• Email address
• Password (stored as a secure hash on our servers; we never store plain-text passwords)

Google OAuth Authentication:

• Google account email address
• Display name from Google profile
• Google account identifier

Subscription Information:

• Subscription plan type
• Subscription start and end dates
• Payment status (processed through third-party payment processors)
• Auto-renewal preferences

2. Automatically Collected Information

Technical Information:

• Extension version
• Browser type and version
• Operating system
• Connection timestamps
• Selected VPN server location
• Connection duration
• Device identifier (randomly generated, stored locally)

Ad Blocker Data (stored locally on your device only):

• Ad blocker enabled/disabled state
• Whitelist of sites where ads are allowed
• Ad blocking statistics (number of blocked elements per page)
• EasyList filter cache (updated every 24 hours)

Anonymous Usage Statistics:

• Server connection attempts (success/failure)
• Feature usage patterns (anonymous)
• Error logs (for debugging purposes)

3. Information We Do NOT Collect

How We Use Your Information

We use the collected information for the following purposes:

1. Service Provision

• Authenticate users via Telegram, Email/Password, or Google OAuth
• Establish and maintain VPN connections
• Manage subscriptions and access rights
• Provide ad blocking functionality
• Provide customer support

2. Service Improvement

• Analyze anonymous usage patterns
• Identify and fix technical issues
• Improve Extension performance
• Develop new features

3. Communication

• Send service notifications (connection status, subscription expiry)
• Provide customer support responses
• Send important updates about the service

4. Legal Compliance

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse

Data Storage and Security

Local Storage (on your device)

The following data is stored locally in your browser using Chrome's isolated extension storage:

• Authentication token (JWT)
• User profile information
• Subscription status
• VPN connection state and selected server
• Ad blocker settings, whitelist, and filter cache
• Language preference and currency exchange rate
• Device identifier

This data is accessible only to this Extension and is not shared with other extensions or websites.

Server Storage

• User authentication data is stored on our secure servers
• Connection logs are stored temporarily (30 days maximum)
• Subscription data is retained for accounting purposes

Security Measures

We implement industry-standard security measures:

• Encryption: All data transmission is encrypted using HTTPS (TLS/SSL)
• Secure Storage: Passwords are stored as secure hashes; data at rest is encrypted
• Access Control: Limited access to personal data by authorized personnel only
• Token Expiry: Authentication tokens expire after 30 days
• Regular Audits: Periodic security assessments

Data Retention

• Active Users: Data retained while subscription is active
• Inactive Users: Data deleted 90 days after subscription termination
• Connection Logs: Automatically deleted after 30 days
• Local Data: Removed when the Extension is uninstalled

VPN Connection and No-Logs Policy

What We Log

We maintain minimal connection logs for service operation:

• Connection start/end times
• Selected server location
• Total bandwidth used (for billing purposes)

What We Don't Log

Ad Blocker

The built-in ad blocker operates entirely within your browser:

• Ad blocking rules are based on publicly available EasyList filter lists
• Filter lists are downloaded and cached locally (updated every 24 hours)
• All ad blocking decisions are made locally on your device
• No information about blocked content is sent to our servers
• You can manage a whitelist of sites where ads are allowed

Data Sharing and Disclosure

We may share your data only in the following limited circumstances:

1. Third-Party Service Providers

We share only the minimum data necessary for these services to function:

2. We Do NOT Sell or Share Data for Advertising

3. Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order or government agency).

Third-Party Services

Payment Processing

We use third-party payment processors to handle subscription payments:

• YooMoney — for card payments
• Telegram Stars — for in-app payments via Telegram

These processors have their own privacy policies. We do not store or have access to your payment card information.

Telegram Integration

Authentication and payments may be performed through Telegram. Telegram's privacy policy applies to data shared through their platform:

Telegram Privacy Policy: https://telegram.org/privacy

Google OAuth

If you choose to sign in with Google, we receive your email address and display name from Google. We do not access any other Google account data. Google's privacy policy applies:

Google Privacy Policy: https://policies.google.com/privacy

EasyList

The ad blocker downloads filter lists from EasyList (easylist.to). These are public filter lists; no personal data is sent during download.

Analytics

We may use anonymous analytics to improve our service. No personally identifiable information is shared with analytics providers.

Extension Permissions

The Extension requests the following browser permissions:

Your Rights

You have the following rights regarding your personal data:

1. Access

You can request a copy of your personal data by contacting us.

2. Correction

You can update your information through the Extension or by contacting support.

3. Deletion

You can request deletion of your account and associated data at any time.

4. Data Portability

You can request an export of your data in a machine-readable format.

5. Withdrawal of Consent

You can withdraw consent for data processing by uninstalling the Extension and deleting your account.

Children's Privacy

Our Extension is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. We ensure appropriate safeguards are in place for such transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending a notification through the Extension (for significant changes)

Your continued use of the Extension after changes constitutes acceptance of the updated Privacy Policy.

Compliance

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Chrome Web Store Developer Program Policies

Your Consent

By using our Extension, you consent to this Privacy Policy and agree to its terms.