Privacy Policy for Eisbach VPN
Effective date: July 6, 2026
App: EisbachVPN (tvOS)
Publisher: Lab48 Software
Policy URL: https://lab48.de/eisbachvpn/privacy
Contact: info@lab48.de
Summary: Eisbach VPN does not collect, transmit, or sell any personal data to us or to any third party. The App is a WireGuard® client. All VPN configuration, logs, and diagnostic data stay on your device (and, if you use the local export feature, on a second device you personally choose on your own local network). We do not operate any backend server that receives data from the App, and we do not use analytics, advertising, or tracking SDKs of any kind.
1. Data We Do NOT Collect
We do not collect, and Eisbach VPN does not transmit to us or any third party:
- Your name, email address, phone number, or any account/profile information (the App has no user accounts or sign-in of any kind)
- Your browsing history, DNS queries, or the contents of your network traffic
- Advertising identifiers (IDFA), device identifiers, or any identifier used for cross-app or cross-site tracking
- Location data
- Analytics, crash reports, or usage/behavioral data of any kind
- Contacts, photos, or any other personal data stored on your device
The App does not include any third-party analytics, advertising, or tracking SDK. Its only external software dependency is the open-source WireGuard network engine (wg-go), which is compiled into the App and does not communicate with us.
2. Data Processed and Stored Locally On Your Device
To function as a VPN client, the App necessarily processes the following data — entirely on your device, in Apple’s secure local storage (Keychain and an app-group sandboxed container shared only between the App and its Network Extension). None of the following is sent to us:
| Data | Purpose | Where it’s stored |
|---|---|---|
| WireGuard tunnel configuration (private key, peer public key, endpoint address, allowed IPs, DNS servers) | Required to establish your VPN connection to the server you configure | Local app-group storage on your device only |
| Connection diagnostics (handshake timing, bytes transferred, connection status) | Shown in the App’s UI so you can see your connection’s health, and used to automatically detect and recover from an unreachable VPN endpoint | Local, in-memory; recent history briefly written to a local log file on your device |
| App diagnostic log („tunnel.log“) | Helps you troubleshoot a connection problem | Local app-group container on your device only, until you delete the App |
| In-App Purchase entitlement status (purchased/not purchased, verification timestamp) | Lets the App remember that you’ve unlocked full functionality, without contacting a server | Apple’s on-device Keychain, verified using Apple’s StoreKit — never transmitted to us |
Your VPN traffic itself is routed only to the WireGuard server address you configure. We do not operate, and have no visibility into, that server. The
App connects you directly to the destination you specify — we are not a VPN
service provider and do not sit in the middle of your connection.
3. Optional, User-Initiated Local Sharing
The App includes two features that only operate on your local Wi-Fi network, only when you explicitly start them, and only to a device you choose:
- Config import: transfers a WireGuard configuration file between another device and your Apple TV on the same local network, via a short-lived local web server the App starts on your TV. This never leaves your local network and is never sent to us.
- Log export: lets you copy the local diagnostic log to another device on your local network for troubleshooting, using the same mechanism. Because this log can contain your configured server’s hostname/IP address and connection timestamps, only export it to a device you trust, and only when you need it for troubleshooting.
Both features require you to actively start them from within the App; the App never initiates either automatically or sends this data over the internet.
4. In-App Purchases
Eisbach VPN offers in-app purchases processed entirely by Apple through StoreKit. We do not receive your payment information, billing address, or Apple ID. We only learn — via Apple’s on-device APIs — whether an entitlement you purchased is currently active, so the App can unlock the corresponding feature. See Apple’s own privacy practices for how Apple itself handles App Store transactions.
5. Third Parties
We do not share, sell, rent, or disclose any data to third parties, because we do not collect any data from you in the first place. The App contains no third-party SDKs that collect data (no analytics, no advertising networks, no crash-reporting services).
6. Data Retention and Your Choices
Because all data described above is stored locally on your device:
- You can delete a stored VPN configuration at any time from within the App.
- Deleting the App from your Apple TV removes all locally stored configurations, logs, entitlement cache, and trial state.
- There is no server-side account or data for us to retain, because none is ever created.
7. Children’s Privacy
Eisbach VPN is not directed at children under 13 (or the equivalent minimum age in your region), and we do not knowingly collect personal data from anyone, including children, because the App does not collect personal data from any user.
8. International Data Transfers
Because the App does not transmit data to us, there are no international data transfers to disclose on our part. Your VPN traffic is transmitted only to the destination server you personally configure, wherever it is located.
9. Changes to This Policy
If we make material changes to this policy, we will update the effective date above and, where required, notify users through the App or the AppStore product page before the change takes effect.
10. Contact Us
Questions about this policy or your privacy can be sent to:
Info@lab48.de
WireGuard is a registered trademark of Jason A. Donenfeld. Eisbach VPN is an independent WireGuard® client and is not affiliated with or endorsed by the WireGuard project.