Privacy Policy

Information we collect

To provide account, subscription, order, support, and safety features, we may collect your email address, account identifiers, order records, plan status, subscription data required by your devices, and necessary log information.

We do not actively request sensitive personal information unrelated to the service. We do not sell personal information or use it for third-party advertising.

VPN/VpnService use

The CG Light / CGLight Accelerator app uses Android VpnService to create a system VPN tunnel. The tunnel runs only after the user actively enables it and grants permission, and it forwards device network traffic according to the selected node, subscription configuration, and routing rules.

The VPN feature is used to provide the network connection service requested by the user. We do not use VpnService for ad injection, traffic monetization, undisclosed data collection, user-behavior monitoring, or bypassing user choice. The app presents a prominent in-app disclosure and asks for user consent before enabling the VPN connection.

We do not log full website URLs, page content, DNS query details, or communication content. To maintain connection quality, security, abuse prevention, and troubleshooting, our servers may process necessary connection time, server node, source IP or exit IP, traffic usage, error status, account identifier, and device session information. These records are used only to provide and maintain the service and are not sold or used for advertising.

Installed app list and per-app proxy

To support the per-app proxy feature, the app may use Android app visibility capabilities, including the QUERY_ALL_PACKAGES permission or equivalent query methods, to read the installed app list locally, including package names, app names, and app icons, so users can choose which apps use the VPN/proxy and which apps connect directly.

Installed app inventory is sensitive personal information. We use this information only on the device to show the selection list and save local proxy rules. We do not upload the full installed app list, sell it, or use it for advertising, profiling, or analytics. If a configuration must be synchronized with the server, we only synchronize information necessary for the user-selected rule and avoid uploading unrelated app information.

Google Play payments and order data

If you purchase a subscription or plan through Google Play Billing, the app or server may process the purchase token, productId, order status, purchase time, renewal status, refund status, and account identifier returned by Google Play.

This data is sent to our server to verify purchases, activate or update plans, synchronize renewal status, process refunds, prevent fraud, and provide customer support. We do not sell Google Play payment data or use it for advertising.

How we use information

We use related information to handle account access, authentication, subscription delivery, order processing, service notices, support, risk control, and service quality improvements.

When needed, we may use aggregated or de-identified data to evaluate route quality, system stability, and product experience.

Storage and protection

We take reasonable technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or loss.

Please also keep your account password and subscription link safe, and do not share account information with others.

Third-party services

Payment, support, email, verification, Google Play Billing, or infrastructure services may be provided by third parties. Those parties only process information to the extent necessary to perform their service.

The privacy practices of third-party websites, app stores, payment services, or clients are outside our control, so please review their own privacy notices when you use them.

Account deletion path

You can request or manage account deletion through the customer center profile page: https://cglight.net/manager/profile/. If you cannot sign in, you can also visit the account deletion page: http://cglight.host/account-deletion/, or contact support@cglight.net.

After you submit a deletion request, we verify account ownership and process the account and related data. Once deletion is completed, the account may not be recoverable, and subscription configuration, plan status, and service access will stop.

Data retention periods

After account deletion, account profile data, subscription configuration, device sessions, and support records directly associated with the account are deleted or anonymized. Residual data in system backups is removed through backup rotation, usually within 30 days.

Order, payment, invoice, refund, dispute, risk-control, and security audit records may be retained for financial, legal compliance, and anti-abuse needs for up to 180 days, or longer where required by applicable law. Connection-quality and troubleshooting logs are usually retained for no more than 180 days.

Your rights

You may view or update some account information in your account area. To delete an account, export information, or raise a privacy request, contact us through the account deletion page or support channel.

We may retain certain records for the period required by law, security audits, dispute handling, or contract performance.