Policies and terms
Terms of service
By using or paying for Gephyra OÜ's Geph service, you agree to these terms. Any material changes to these terms will be notified via a prominent notice on https://geph.io at least one month before the changes are applied. If you wish to exercise your right to reject such changes, you should stop using the service.
Geph uses a custom open-source architecture to tunnel traffic through a variety of recognition-resistant protocols in order to circumvent Internet censorship systems, such as China's "Great Firewall". It also protects personal information with the use of encryption and masks user metadata by hiding the user's IP address and replacing it with one of ours.
To protect ourselves, our customers, and the quality of our service, we block the following TCP ports:
- Port 25 to prevent email spam
We do not block or filter domains except when requested by the owner of an IP address or when known botnet addresses cause our servers to be null-routed by hosting providers.
We do not modify, redirect, or inject data into users' traffic.
- Unauthorized reselling of Geph services
- Email and other spam
- Any activities illegal in the jurisdiction of the selected exit server
- Automated registration of accounts
The terms shall be construed in accordance with and governed by the substantive laws of the Republic of Estonia.
We offer official customer support only via email to firstname.lastname@example.org
We will never disclose to any third party any non-public information on our users, unless legally compelled to under the laws of the Republic of Estonia. Any such legal requests will be documented in as much detail as legally possible.
As of February 20, 2020, no such requests have ever been received.
We will not in any circumstance allow third parties direct "backdoor" access to our servers. We commit to moving to a different jurisdiction if compulsory backdoor access ever becomes possible in the Republic of Estonia.
We do not keep user activity details of any kind, and maintain the minimum amount of data required to authenticate users and process payments
What do we store
The only two types of user data we store persistently are authentication credentials and payment processing data.
For every user, we store a username, a
Argon2 hardened password hash, and the time at which the user was created. For example:
id | username | pwdhash | createtime ----+----------+---------+--------------------------- 51 | pwtest | $arg... | 2018-06-29 12:34:28.72295
We use Paymentwall to process Alipay payments, and Stripe for all other payments. The following is what we store on our systems; please see the privacy policies of Stripe and Paymentwall for how they deal with your data.
For each active subscription, we associate a username with an opaque Stripe subscription ID:
username | subscription ----------+-------------- pwtest | .........
We store a list of all payment activity per user, which does not contain any information about the user's payment method:
invoiceid | createtime | paid | amount | currency | id | plan | planexpiry -----------+---------------------+------+--------+----------+------+------+--------------------- 74 | 2018-07-17 12:07:18 | t | 500 | EUR | 3 | plus | 2018-08-16 22:37:18
What we NEVER store
We never log any of the following information: