Effective Date: 5 April 2026 | Last Updated: 5 April 2026
🔒 Introduction
MMG Infotech Pvt Ltd ("we", "us", "our") operates the MMG VPN application (com.mmginfotech.vpn). This Privacy Policy explains how we collect, use, and protect your information when you use our VPN service. We are committed to safeguarding your privacy and operating with full transparency.
📊 Data We Collect
We collect only the minimum data necessary to provide our VPN service:
-
Account Information: Email address, username, and hashed password for authentication
-
Device Information: Device ID and platform type for license management and connection routing
-
Connection Metadata: Timestamps of connection/disconnection, bandwidth usage, and assigned VPN IP (for session management only)
-
License Data: Activation codes and subscription status
🚫 Data We Do NOT Collect
Strict No-Log Policy:
We do not monitor, log, or store your online activity.
- Browsing history or DNS queries
- Content of your internet traffic
- Destination IP addresses you connect to
- Original source IP address
- Contacts, photos, files, or any on-device data
- Location or GPS data
🛡 Data Storage & Security
-
All data is stored on encrypted servers located in India
-
VPN tunnels use WireGuard protocol with state-of-the-art encryption (ChaCha20, Curve25519, BLAKE2s)
-
Passwords are hashed using bcrypt with salting and are never stored in plain text
-
All API communications use TLS 1.2+ encryption
-
Regular security audits and penetration testing are conducted
🔒 No Third-Party Sharing
We do NOT sell, rent, trade, or share your personal data with any third party — including advertisers, analytics providers, or data brokers. Your data stays with us, period.
The only exception: we may disclose data if required by a valid court order under Indian law, and we will notify affected users to the extent legally permitted.
⚖ IT Act 2000 Compliance
MMG VPN fully complies with the Information Technology Act, 2000 and its amendments:
-
Section 43A: Reasonable security practices for handling sensitive personal data
-
Section 72A: Strict prohibition on unauthorized disclosure of personal information
-
Rule 4 (SPDI Rules 2011): Published privacy policy, data collection disclosure, and purpose limitation
🇮🇳 DPDPA 2023 Compliance
We comply with the Digital Personal Data Protection Act, 2023 (DPDPA):
-
Lawful Purpose: Data is processed only for providing VPN services you requested
-
Data Minimization: We collect only what is strictly necessary
-
Storage Limitation: Data is retained only as long as your account is active, plus 30 days after deletion request
-
Data Localization: All servers and data remain within the territory of India
-
Consent: Clear, informed consent obtained before any data processing
👤 Your Rights
As a user of MMG VPN, you have the following rights:
-
Right to Access: Request a copy of all personal data we hold about you
-
Right to Correction: Request correction of inaccurate data
-
Right to Erasure: Request deletion of your account and all associated data
-
Right to Withdraw Consent: Withdraw consent at any time by discontinuing use
-
Right to Grievance Redressal: File a complaint with our Grievance Officer
To exercise any of these rights, email us at gaurav@mmginfotech.com. We will respond within 72 hours.
👶 Children's Privacy
MMG VPN is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.
📝 Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of MMG VPN after changes constitutes acceptance of the revised policy.
📧 Contact Us
If you have questions or concerns about this Privacy Policy, contact us: