1. General provisions
This Privacy Policy applies to twohop.cloud, the mirror ru.twohop.cloud, the account area, registration, payment and contact forms, and related TwoHop services.
By using the website, the account area, the TwoHop apps for Windows or Android, or by receiving an access key, the user agrees to this Policy.
2. What data we may process
Depending on the selected registration method and service use, we may process:
- email, if the user registers by email, receives a confirmation code, an access key, or notifications;
- Google sign-in data needed to verify sign-in: account identifier, email, and email verification status;
- Telegram sign-in data: Telegram ID, name, username, and authorization data needed to verify the Telegram Login Widget signature;
- Telegram chat ID, if the user selected delivery of keys and notifications in Telegram;
- order information: selected plan, Windows or Android platform, order status, order date, and key expiration date;
- payment information: amount, currency, payment status, payment identifier at the payment provider, confirmation or refund date;
- issued access keys, validity period, platform, status, revocation or reissue information;
- technical anti-abuse data: IP address hash, device identifier, user-agent, traffic source, UTM tags, referral code;
- promo code and partner program data: code, code owner, fact of use, rewards, payout requests;
- messages sent through the contact form, including name, contact details, and request text;
- technical diagnostic data and app error reports needed to find and fix failures;
- technical website and service events needed for diagnostics, security, and user support.
3. Why this data is needed
Data is used for the following purposes:
- user registration and account sign-in;
- email confirmation and protection of trial keys from repeated mass issuance;
- order creation, access key issuance, and key display on the website;
- delivery of keys and notifications by email or Telegram;
- checking key validity period, payment status, refund status, or key revocation;
- maintaining order, payment, key, and reward history in the account area;
- operation of referral and partner programs;
- prevention of abuse, self-referrals, code guessing, and repeated trial key requests;
- responding to requests, technical support, and improving the service;
- compliance with legal requirements where applicable.
4. Technical data, cookies, and localStorage
The website may use cookies, localStorage, and similar technologies to save the sign-in session, selected plan, referral code, email verification status, pending order information, and interface settings.
The user may clear cookies and localStorage in browser settings. After clearing them, the user may need to sign in again or repeat confirmation of some actions.
4.1. Mobile app, VPN permission, and QR codes
The TwoHop Android app uses the system VPN/VpnService permission only to create a VPN tunnel using the user’s access key. The app is not intended to collect browsing history, transmitted content, contacts, SMS, photos, microphone data, geolocation, or the list of installed apps.
The app may use: the twohop://... access key, selected profile information, connection status, server addresses, key validity period, technical error messages, and data the user sends to support. If the user contacts support from the app, the email may include device model, Android version, profile status, and problem description.
The QR code on the website is a visual representation of the same twohop://... access key. It is generated on the website page and is intended only for convenient transfer of the key into the mobile app. The QR code and the key itself should be kept confidential.
4.2. Diagnostic data and error reports
To maintain TwoHop stability, the Android app and Windows app may automatically send short technical diagnostic data when an error, warning about incorrect behavior, or connection failure occurs.
This data is used only to find and fix technical problems, improve app stability, and provide user support.
A diagnostic report may include:
- app or program version;
- platform type, for example Android or Windows;
- operating system version;
- random app installation identifier;
- error or warning type;
- short technical error message;
- technical profile or key identifiers if needed for diagnostics;
- event date and time.
Diagnostic reports are not intended to collect the contents of visited websites, messages, files, contacts, banking data, passwords, the full VPN key, or QR code contents.
Diagnostic data is transmitted to the TwoHop server over a secure HTTPS connection. We do not sell this data or share it with advertising networks. Access to it is used only for technical support, stability analysis, and bug fixing.
Diagnostic data is stored short-term, usually up to 3 days, and then deleted automatically or manually after the issue has been reviewed. The user may request deletion of related diagnostic data by writing to info@twohop.cloud.
5. Disclosure to third parties
We do not sell users’ personal data. Data may be shared only to the extent necessary for service operation:
- to payment providers for payment acceptance and confirmation;
- to email services for sending confirmation codes, keys, and notifications;
- to Telegram for Telegram Login Widget sign-in and message delivery to the user;
- to Google for Google sign-in verification;
- to server infrastructure providers hosting the website, control plane, and relay servers;
- to government authorities if disclosure is required by law.
6. Data storage and protection
We use technical and organizational protection measures: restricted admin panel access, hashing of certain technical identifiers, payment webhook signature verification, Telegram authorization verification, email confirmation attempt controls, and other security measures.
The retention period depends on the data type. Account, order, payment, issued key, promo code, and reward data may be stored while the account is active and afterwards as long as needed for accounting, support, security, dispute resolution, and mandatory requirements.
Diagnostic data and error reports are stored short-term, usually up to 3 days, and are deleted after analysis or automatically after the retention period.
7. User rights
The user may contact us to ask what data relates to their account, correct contact data, request account deletion, or ask a question about data processing.
Some data cannot be deleted immediately if storage is necessary for payment accounting, abuse prevention, fulfilling obligations to the user, or compliance with law.
A request to delete an account and related data can be sent through the Account deletion page or to info@twohop.cloud. The request should include the email or Telegram account used for sign-in. We delete account data except for information that must be temporarily kept for security, payment accounting, refunds, abuse prevention, prevention of repeated free trial key issuance, fraud prevention, or compliance with legal requirements.
8. Notifications
TwoHop may send service messages: confirmation codes, issued keys, payment notifications, key expiration notifications, order changes, support replies, and important changes to service documents.
If the user signed in through Telegram or provided a Telegram chat ID, some messages may be sent to Telegram. If the user uses email or Google sign-in, messages may be sent by email.
9. Changes to this Policy
We may update this Policy. A new version is published on this page and takes effect from publication unless otherwise stated in the text.
10. Contacts
For questions about privacy, personal data, and service operation, write to info@twohop.cloud.