Effective date: June 19, 2026
Privacy Policy
SailCat provides invite-only VPN access through account-based web and native clients. This Privacy Policy explains the data used to create accounts, manage subscriptions, provision VPN tunnel profiles, operate exit nodes, respond to support requests, and review abuse or security issues.
VPN Data Use Declaration
Before you use or subscribe to SailCat, you should know that SailCat collects account, subscription, device, node, usage, support, audit, abuse, and bounded metadata-only destination summary records. SailCat uses this data only to operate the VPN service, provision tunnel profiles, synchronize Apple subscriptions, enforce quotas and acceptable use rules, provide support, investigate abuse or security issues, and maintain compliance records.
SailCat does not inspect payloads, private messages, URLs, domains, TLS contents, or application content. SailCat does not sell personal information, does not use advertising SDKs, does not use cross-app tracking, and does not sell, use, or disclose VPN service data to third parties for advertising, profiling, resale, or unrelated purposes.
Account and invite data
When you create or use a SailCat account, SailCat processes your email address, password credentials handled by Django authentication, invite code status, account role, account status, accepted-policy timestamp, plan size, quota, subscription status, billing provider, billing account token, and subscription period dates. Operators may also keep account notes needed for administration or support.
Apple subscriptions
SailCat offers Apple-managed monthly and yearly subscriptions. Apple handles payment confirmation and payment details. SailCat receives subscription status, product identifiers, signed transaction data, original and latest transaction identifiers, subscription environment, billing account token, and current period dates so account access, quotas, and renewal state can be synchronized.
Client sessions and devices
SailCat native clients sign in with your email and password and receive bearer tokens. The server stores hashed API tokens with the client name, platform, user agent, IP address, created time, last-used time, and revocation time. SailCat stores device names, platforms, public keys, selected nodes, generated tunnel profiles, assigned VPN IP addresses, profile status, last handshake time, and received/transmitted byte counters.
Local storage
Apple clients store the SailCat authentication token and device private keys in Keychain. Linux clients store their API token, private key, and generated tunnel configuration as local files with restricted permissions. Your device or operating system may also keep local VPN profiles, app settings, downloaded configuration files, or logs under your control.
VPN metadata
SailCat exit nodes report node health, peer byte counters, last handshake times, and bounded daily usage rollups. Operators may use account, device, node, timestamp, byte-count, blocked-policy, and bounded daily destination IP-prefix/port/protocol metadata for subscriptions, quota enforcement, support, abuse review, audits, security, and legal-defense review.
Content handling
SailCat does not inspect payloads, private messages, URLs, domains, TLS contents, or application content. Destination summaries are metadata-only records, not logs of visited URLs.
Traffic flags and abuse reports
SailCat may create traffic flags for blocked peer-to-peer activity, suspicious traffic, or policy errors. These records may include the related node, device, account, assigned peer, first and last observed times, observed counts, packet and byte totals, metadata-only evidence, resolution notes, and abuse-case links. Abuse reports may include reporter contact information, descriptions, categories, severity, status, and outcome notes.
Support and communications
If you email support, SailCat receives your email address and any information you choose to include. Support records may be used to respond to you, troubleshoot account or connection issues, investigate billing or subscription state, and maintain a history of the request.
What SailCat does not do
SailCat does not sell personal information, does not use advertising SDKs, does not use cross-app tracking, and does not disclose VPN service data to third parties for advertising, profiling, resale, or unrelated purposes. SailCat does not claim to make activity anonymous, and the service may retain metadata needed to operate and protect the network.
Sharing
SailCat may share limited non-traffic account, support, billing, security, or compliance information with platform providers such as Apple for App Store subscriptions, infrastructure providers needed to run the service, professional advisors, law enforcement or regulators when required by law, or parties involved in security, abuse, or legal-defense reviews. SailCat does not sell, use, or disclose VPN service data to third parties for advertising, profiling, resale, or unrelated purposes.
Retention
Account, billing, audit, abuse, and traffic-watchdog metadata may be retained as needed for service operation, subscriptions, security, abuse handling, audits, legal-defense review, and compliance. Destination summaries remain bounded metadata-only records. Some local data remains on your device until you remove it or uninstall the app.
Your choices
You can revoke client sessions, remove devices or profiles, uninstall local apps, remove local VPN profiles, manage Apple subscriptions through Apple, and request account deletion or privacy help by contacting support. See Privacy Choices for details.
Children
SailCat is not directed to children under 13, and SailCat does not knowingly collect personal information from children under 13.
Changes
SailCat may update this Privacy Policy from time to time. If it changes, the effective date above will be updated.
Contact
For privacy, account deletion, support, or subscription questions, contact support@sailcat.space.