PuriFi - Dome Of Protection

1. Information We Collect

PuriFi LLC (“PuriFi,” “we,” “us,” or “our”) collects the following categories of information when you use our products and services.

1a. Account Information

When you create a PuriFi account, we collect your email address, name, phone number, and profile photo (if you choose to upload one).

1b. Authentication and Session Data

We collect OAuth tokens used for Google and Apple Sign-In authentication, session information (including refresh tokens and session identifiers), and security audit logs recording authentication events and account actions.

1c. Device Information

For each PuriFi device registered to your account, we collect device identifiers (serial number, MAC address, VPN IP address), firmware version, device health metrics (CPU usage, memory, temperature, disk usage), and current service status for the PuriFi system components running on the device.

1d. Network and DNS Information

We collect aggregate DNS statistics reported by your device as integer counts only (for example: total queries processed, queries blocked, queries forwarded). We do not log individual DNS queries or the hostnames you look up. We also collect network topology information necessary to maintain your VPN connection and any DNS policy configuration you set within the PuriFi app.

1e. Location Information

We derive an approximate geographic location (city and country level) from your IP address using an offline MaxMind database. We do not collect precise GPS location. Your IP address is not shared with MaxMind or any external service for geolocation purposes.

1f. Order, Shipping, and Payment

When you purchase a PuriFi device, we collect your order details, shipping address, and order tracking information. Payment processing is handled by Stripe (or a similar provider). PuriFi never stores your card number, CVV, or full payment credentials. We retain only the payment token, billing name, and billing address provided by our payment processor.

1g. VPN Remote Access

To enable secure remote management of your device, we store WireGuard public keys associated with your account and maintain relay session mapping records that allow your client application to reach your device over the VPN mesh. We do not inspect or log the content of VPN traffic.

1h. Automatically Collected Information

Our servers automatically receive your IP address and user agent string when you use the PuriFi app or visit our website. We maintain standard server-side access and error logs. In future releases, we may also collect push notification tokens (to send device alerts), functional cookies (to maintain your login session), and crash reports from the mobile application.

2. Information We Do NOT Collect

PuriFi is built with privacy as a core design principle. We explicitly do not collect:

DNS query logs or your browsing history — your individual DNS lookups are never recorded or transmitted to our servers
VPN traffic content — we do not inspect, log, or retain the content of any traffic passing through your PuriFi device's VPN connection
WiFi passwords — your WiFi credentials are provisioned directly to the device during setup and are never stored on PuriFi servers
Router credentials — PuriFi does not require or store access credentials to your router or home network equipment
Precise location — we do not access GPS coordinates or any precise location signal from your device or phone
Behavioral profiles or ad-targeting data — we do not build advertising profiles, sell data to advertisers, or engage in any form of behavioral targeting

3. How We Use Your Information

Purpose	Data Used
Provide and maintain the Services	Account info, device identifiers, network config, DNS stats, health metrics
Authenticate your identity	Email, password hash, OAuth credentials, phone number (SMS verification)
Fulfill orders and provide support	Shipping address, order details, tracking information, email
Enable remote device access	VPN client records, relay session mapping
Monitor device health	Health metrics, service status, firmware version
Detect and prevent fraud	Audit logs, IP addresses, session data
Improve our Services	Aggregated health metrics, DNS statistics (integers only), crash reports (when available)
Communicate with you	Email address (service updates, security alerts, support responses)
Comply with legal obligations	As required by applicable law

4. How We Share Your Information

We do not sell your personal information. We share information only with the service providers listed below and only to the extent necessary to operate the Services.

Current Service Providers

Service Provider	Information Shared	Purpose
Resend	Email address, first name	Transactional emails
Twilio	Phone number	SMS verification
Google	OAuth token verification	Google Sign-In authentication
Apple	OAuth token verification	Apple Sign-In authentication
Amazon Web Services (S3)	Profile photos, firmware binaries	Cloud file storage
USPS	Recipient name, shipping address	Shipping label generation

Geolocation is performed locally on our servers using an offline MaxMind database. Your IP address is not transmitted to MaxMind or any external party for this purpose.

Future Service Providers

As we add functionality to the Services, we anticipate engaging the following additional providers. We will update this policy before activating any of them.

Service Provider	Information That Will Be Shared	Purpose
Stripe (or similar)	Billing name, billing address, payment method token	Payment processing
Firebase Cloud Messaging	Device token, notification content	Push notifications (Android)
Apple Push Notification Service	Device token, notification content	Push notifications (iOS)
Sentry (or similar)	Crash traces, device model, OS version	Error tracking

We may also disclose your information if required to do so by law, court order, or valid governmental request; to protect the rights, property, or safety of PuriFi, our users, or the public; or in connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case we will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement the following security measures to protect your information:

Encryption at Rest

Passwords are hashed using bcrypt with a cost factor of 12 rounds and are never stored in plaintext
Sensitive fields are encrypted using AES-256-GCM before storage
Claim tokens and verification codes are stored as SHA-256 hashes

Encryption in Transit

All API communication between the PuriFi app and our servers uses TLS
Device-to-server communication is secured using WireGuard, a modern VPN protocol with strong cryptographic guarantees

Secure Mobile Storage

Authentication tokens on iOS are stored in the iOS Keychain
Authentication tokens on Android are stored in the Android Keystore

Additional Measures

Rate limiting is applied to authentication and sensitive API endpoints to protect against brute-force attacks
Session management enforces a 7-day refresh token expiry, after which re-authentication is required

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security.

6. Cookies and Similar Technologies

Current Usage

The PuriFi Services currently use minimal cookie and local storage technologies. We set a single HTTP-only authentication cookie to maintain your logged-in session in the web application. This cookie contains only a session identifier and does not contain your personal data.

When Implemented

As we expand the web interface, we may introduce additional cookies limited to essential functionality (keeping you logged in) and preference storage (your display settings). We will not use advertising cookies, cross-site tracking pixels, or third-party analytics cookies.

What We Will Not Do

We will not place third-party advertising or tracking cookies on our website or in our applications
We will not engage in cross-site tracking of your browsing behavior
We will not use fingerprinting or similar techniques to identify you across sessions

7. Data Retention and Deletion

Data	Retention Period
Active account data	Until you delete your account
Session / refresh tokens	7 days (automatically cleaned up)
Email verification tokens	24 hours
Password reset tokens	1 hour
Phone verification codes	10 minutes
Device health (current snapshot)	Overwritten approximately every 60 seconds
Device health (hourly history)	Retained for performance insights; you may request deletion
Security audit logs	Retained for legal obligations; some records retained even after deletion request
Profile photos (after account deletion)	Deleted within 30 days
Orders and shipping data	Retained for tax / legal obligations; you may request deletion of non-essential data

When you delete your account, we initiate deletion of your personal data within 30 days, subject to the exceptions noted above for legal obligations, security audit logs, and order records required for tax compliance.

8. Your Privacy Rights

All Users

Regardless of where you are located, you have the right to access the personal information we hold about you, correct inaccurate information, request deletion of your account and associated data, export a copy of your data in a machine-readable format, and opt out of non-essential communications. To exercise any of these rights, contact us at privacy@purifi.io.

California Residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used and disclosed, the right to delete personal information we hold about you, the right to opt out of the sale or sharing of your personal information (we do not sell or share your personal information as defined under the CCPA/CPRA), and the right not to be discriminated against for exercising any of these rights. We will respond to verifiable consumer requests within 45 days. To submit a request, contact us at privacy@purifi.io.

EEA, UK, and Switzerland Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases: performance of a contract with you (providing the Services you have requested), our legitimate interests (fraud prevention, security, improving the Services) where those interests are not overridden by your rights, your consent (where we explicitly request it), and compliance with legal obligations.

In addition to the rights listed above, you have the right to data portability, the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority.

Other Jurisdictions

Users in Brazil (LGPD), Canada (PIPEDA), and other jurisdictions with applicable privacy laws may have additional rights under those laws. We are committed to honoring privacy rights regardless of jurisdiction. Please contact us at privacy@purifi.io with any request, and we will respond in accordance with applicable law.

9. Children's Privacy

The PuriFi Services are not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@purifi.io and we will promptly delete it.

PuriFi devices include parental content filtering controls. These devices are purchased and operated by adults; any content filtering applied to children in the household is configured and controlled by the adult account holder.

10. International Data Transfers

PuriFi LLC is based in the United States. Our primary infrastructure runs on Amazon Web Services in the US-East-1 region (Virginia). If you access the Services from outside the United States, your information will be transferred to and processed in the United States.

For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on standard contractual clauses approved by the European Commission as the lawful mechanism for transferring personal data to the United States. A copy of the applicable clauses is available upon request by contacting privacy@purifi.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by sending an email to the address associated with your account before the changes take effect. The updated policy will also be posted on our website with a revised “Last Updated” date.

Your continued use of the PuriFi Services after a material change becomes effective constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised policy, please discontinue use of the Services and delete your account.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PuriFi LLC

Email: privacy@purifi.io
Mail: PuriFi LLC
1100 Biscayne Blvd, Unit 4201
Miami, FL 33132
United States

Privacy Policy

Table of Contents