Skip to content

Policies and terms

Eric (Yuhao Dong) edited this page Feb 20, 2020 · 7 revisions

Terms of service

By using or paying for Gephyra OÜ's Geph service, you agree to these terms. Any material changes to these terms will be notified via a prominent notice on https://geph.io at least one month before the changes are applied. If you wish to exercise your right to reject such changes, you should stop using the service.

The service

Geph uses a custom open-source architecture to tunnel traffic through a variety of recognition-resistant protocols in order to circumvent Internet censorship systems, such as China's "Great Firewall". It also protects personal information with the use of encryption and masks user metadata by hiding the user's IP address and replacing it with one of ours.

To protect ourselves, our customers, and the quality of our service, we block the following TCP ports:

  • Port 25 to prevent email spam

We do not block or filter domains except when requested by the owner of an IP address or when known botnet addresses cause our servers to be null-routed by hosting providers.

We do not modify, redirect, or inject data into users' traffic.

Forbidden activities

  • Unauthorized reselling of Geph services
  • Email and other spam
  • Any activities illegal in the jurisdiction of the selected exit server
  • Automated registration of accounts

Applicable laws

The terms shall be construed in accordance with and governed by the substantive laws of the Republic of Estonia.

Customer support

We offer official customer support only via email to contact@geph.io


Non-cooperation policy

We will never disclose to any third party any non-public information on our users, unless legally compelled to under the laws of the Republic of Estonia. Any such legal requests will be documented in as much detail as legally possible.

As of February 20, 2020, no such requests have ever been received.

We will not in any circumstance allow third parties direct "backdoor" access to our servers. We commit to moving to a different jurisdiction if compulsory backdoor access ever becomes possible in the Republic of Estonia.


No-logging policy

We do not keep user activity details of any kind, and maintain the minimum amount of data required to authenticate users and process payments

What do we store

The only two types of user data we store persistently are authentication credentials and payment processing data.

Authentication credentials

For every user, we store a username, a Argon2 hardened password hash, and the time at which the user was created. For example:

 id | username | pwdhash |        createtime         
----+----------+---------+---------------------------
 51 | pwtest   | $arg... | 2018-06-29 12:34:28.72295

Payment processing

We use Paymentwall to process Alipay payments, and Stripe for all other payments. The following is what we store on our systems; please see the privacy policies of Stripe and Paymentwall for how they deal with your data.

Subscriptions

For each active subscription, we associate a username with an opaque Stripe subscription ID:

 username | subscription 
----------+--------------
 pwtest   | .........

Transaction history

We store a list of all payment activity per user, which does not contain any information about the user's payment method:

 invoiceid |     createtime      | paid | amount | currency |  id  | plan |     planexpiry      
-----------+---------------------+------+--------+----------+------+------+---------------------
        74 | 2018-07-17 12:07:18 | t    |    500 | EUR      |    3 | plus | 2018-08-16 22:37:18

What we NEVER store

We never log any of the following information:

  • User traffic

  • DNS requests

  • Connection statistics

  • IP addresses

You can’t perform that action at this time.