Add new privacy policy

pages/help.en.md

@@ -13,5 +13,6 @@ Title: Guides
 ## Support
 
   - [**Frequently Asked Questions**](/page/faq)  
+  - [**Privacy**](/page/privacy)
   - **[Self-Diagnosis](/page/self-diagnosis)**: Before asking for help, check here if you find the solution to your problem.
 

pages/help.fr.md

@@ -12,5 +12,6 @@ Title: Guides
 ## Support
 
   - [**Questions fréquemment posées**](/page/faq)  
+  - [**Informations personnelles et vie privée**](/page/privacy)
   - [**Auto-Diagnostic**](/page/self-diagnosis) : Avant de demander de l'aide, vérifiez si vous trouvez la solution à votre problème ici.
 

pages/nop2p.en.md

@@ -0,0 +1,36 @@
+Title: NO-P2P Servers
+
+See also: our [Privacy Policy](/page/privacy).
+
+Because of its high number of simultaneous connections and high bandwidth usage,
+and the amount of legal issues sometimes linked,
+we have to restrict the use of the BitTorrent protocol on specific servers.  
+Our servers marked as **NO-P2P** are more expensive to maintain
+and and cost more in bandwidth than in other countries,
+so we ask our clients to not use the BitTorrent protocol
+on these servers.
+
+
+### Enforcement
+
+As monitoring all connections would be a big privacy violation towards our clients and cost much more,
+we chose to only intercept connection made to a specific set of known BitTorrent trackers
+as listed at the end of this page.  
+Rules are then applied to the intercepted content and if a match if found,
+the client is disconnected and banned from the server.  
+Intercepted data is never logged or stored, only the username and the date of detection are stored.
+
+If you think this has happened by mistake, please contact our support.
+
+Trackers targeted:
+
+    94.23.183.33
+    62.138.0.158
+    163.172.157.35
+    151.80.120.112/30
+    109.121.134.121
+    87.98.148.74
+    192.99.81.115
+
+The exact rules used are still under development and will be published once stable.
+

pages/privacy.en.md

@@ -0,0 +1,87 @@
+Title: Privacy Policy
+
+We believe transparency is one of the most important quality a VPN service can have.
+This page is meant to inform users about what informations CCrypto stores,
+in what conditions, and the exact limits under which it is kept and transfered.  
+If you have any question that is not answered by this page, please contact us.
+
+
+## 1. Informations stored
+
+To run our VPN service, we collect and store the following informations:
+
+  - Username
+  - Hashed password (see our published source code for details)
+  - E-mail address, if provided
+  - Support tickets
+  - IP address used when browsing the site
+
+For each payment or subscription, we store:
+
+  - PayPal: the PayPal transaction or subscription ID and paid amount
+  - Stripe: the Stripe charge or subscription ID and paid amount
+  - Bitcoin: the transaction id, receiving address and received amount at the time the payment was confirmed.
+
+We also use Piwik to monitor visitors on our website; it may record anonymized IP addresses,
+pages viewed, referrer, and some informations about your browser.
+
+All these informations are strictly kept by CCrypto and will not be shared to a third party,
+except as described in sections 2 and 4.
+
+We use no external analytics or advertisement network on our website.
+
+
+## 2. VPN Logging
+
+Each connection from a VPN client to our VPN server is logged for security and billing purposes.
+For each connection or authentication, we store for up to a year:
+  - Username
+  - Server used and shared server IP address
+  - Client IP address and port
+  - Amount of data transferred per hour (used exclusively for usage statistics and against extreme service abuses)
+
+As opposed to many VPN service providers, no data is stored or logged in the gateway servers.
+Those are too exposed and would be the easiest target to raid or steal, and depend on the
+law of many countries.
+
+Instead, logs are stored separately on a secure server operated by LambdaVPN in France,
+who is also managing the gateway servers.  
+LambdaVPN has no access to any other user information
+and has agreed not to share or use any information they store except on request by CCrypto.
+
+In case of abuse or data request from any authority, LambdaVPN does not
+have access to any payment information or email address directly and can
+only forward the request to CCrypto.
+
+These conditions are stated in the contract between CCrypto and LambdaVPN.
+
+**CCrypto or LambdaVPN will never, in any event, monitor, record, or use without your consent the traffic you send and receive through the VPN, including but not limited to DNS queries and browsing history.**
+
+One some servers, we will however watch for known dangerous patterns to limit abuse,
+as explicitly described by a dedicated page: [NO-P2P](/page/nop2p)
+
+
+## 3. DMCA handling
+
+DMCA cease & desists are *usually* ignored as we have very little control over it.
+If one user generates too many abuse, we may investigate and block their access
+to a server without notice as a warning.
+
+Since we cannot precisely identify users responsible from DMCA notices,
+we will ban from the server the user or users that match the most the report or reports received.
+If you think you have been banned unfairly,
+you can open a ticket and we will reinstate your access to the server as soon as possible.
+
+Servers designated as "NO P2P" servers have a lower tolerance and
+will result in a ban as fast as possible.  
+Please do not abuse the service, as it will only lower the quality for everyone.
+
+**We will never disclose user information as a result of a DMCA notice.**
+
+## 4. Data requests
+
+The French government may request informations about VPN connections and payments as required by the French law.
+We will only comply to this kind of request if they are following the right legal procedure.
+If we are allowed to do so, we will attempt to contact you before or after doing so.
+
+**No third party can request information without going through the proper legal channels.**