Privacy Policy

Lanway is a free, open-source, anti-censorship VPN. It is designed so that we do not run your servers and we do not collect your data. This policy explains, plainly, what that means for the Lanway website (lanway.org), the Lanway client apps, and the Lanway Manager desktop app.

The short version: Lanway has no backend that receives your personal data. Your VPN servers run on your own machines or your own cloud account, and your settings stay on your own device. We have nothing to sell, share, or hand over, because we never receive it.

1. What we do not collect

• We do not log your browsing, traffic, DNS queries, or IP address.
• We do not run analytics, advertising, or tracking SDKs in the apps.
• We do not operate accounts, and there is nothing to sign up for to use Lanway.
• We have no central server that your VPN traffic or app data passes through.

2. Data that stays on your device

The apps store what they need to function locally on your device, and nowhere else:

• Client app: the server address and access key you add, and your connection preferences.
• Manager app: the list of servers you manage (address, access key, optional name) and any cloud sign-in tokens (see below).

This data never leaves your device except to talk directly to your own server or to the cloud provider you chose. You can remove it at any time by forgetting a server or signing out.

3. Cloud provider sign-in (Google Cloud & DigitalOcean)

The Manager app can create a VPN server for you on a cloud provider you already use. To do this, you sign in to that provider through its official OAuth screen. This is strictly between you and your provider:

• Authorization tokens are stored only on your device and are sent only to the provider's official API endpoints (googleapis.com, api.digitalocean.com). They are never transmitted to Lanway, because Lanway has no server to transmit them to.
• We request the access needed to create and manage a single virtual machine on your behalf (for Google Cloud, the Cloud Platform scope used to create a dedicated LanwayServer project and one e2-micro VM). We use this access solely to provision and manage that server at your request.
• We do not read, store, or share any other data in your cloud account, and we never access accounts or projects you did not direct us to.
• You can revoke this access at any time in your Google or DigitalOcean account settings.

Limited Use disclosure (Google API Services)

Lanway's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only on your device to provision and manage the VPN server you ask us to create; it is not transferred to Lanway, not used for advertising, and not sold.

4. The website

The website is a static page. It sets no tracking cookies and runs no analytics. It loads a small number of third-party assets to render the page — Google Fonts and the Tailwind CSS CDN — which, like any web request, expose your IP address to those providers under their own privacy policies. We receive no information from these requests.

5. Donations

Donations are optional and made directly on public cryptocurrency networks (e.g. Bitcoin). We do not collect your name, email, or payment details; we only ever see a public on-chain transaction.

6. Children

Lanway is not directed at children under 13 and does not knowingly collect data from anyone.

7. Open source

Lanway is released under the MIT license. The complete source code is public, so anyone can verify exactly how the apps handle data: github.com/lanway-org/lanway.

8. Changes

If this policy changes, we will update this page and the date above. Material changes will be noted in the project's release notes.

9. Contact

Questions about this policy: contact@lanway.org.