Trust Centre
Security, privacy and transparency
This page is maintained by Clicked IN FZE LLC to answer common security and privacy questions about Sitrava Secure. It is not a certification and does not constitute independent verification.
Overview
Security overview
Layered controls across application, transport and account security.
Privacy practices
Data categories and retention explained in plain language.
Infrastructure
Regionally-deployed VPN servers with published availability states.
Service status
Component-level status across website, account and VPN regions.
Encryption and supported protocols
- WireGuard — modern encrypted tunnel between supported apps and Sitrava servers.
- OpenVPN — widely compatible encrypted tunnel available for standard access.
- TLS 1.2+ — used to protect website, account portal and API endpoints.
- At-rest encryption — sensitive stored fields (e.g. authentication material) are encrypted at rest.
Data handling
| Category | Examples | Purpose | Type |
|---|---|---|---|
| Account information | Name, email, contact number, subscription | Operating the account | Required |
| Billing information | Billing address, payment status, transaction reference, last four card digits (where returned by the payment provider) | Processing payments | Required |
| Device information | Device type, OS version, application version, device identifier | Managing registered devices | Required |
| Diagnostic information | Application errors, connection failures, performance diagnostics | Improving reliability | Optional |
| Security information | Login attempts, password resets, MFA events, suspected abuse | Protecting accounts and infrastructure | Security-event |
| VPN connection metadata | Aggregated technical data required to operate the service | Operating the VPN service | Operational |
| Browsing activity | Contents of the traffic passing through the VPN | Not required to operate the account | Not stated as excluded until technically validated |
Optional diagnostics can be opted out of from Account > Privacy, where technically supported. Sitrava does not claim that browsing activity is not collected until this has been technically validated and documented; final wording will be updated in the Privacy Policy once verified.
Subprocessors
Sitrava works with a small number of trusted service providers to operate the service. A current list will be published here once contracts and DPAs are finalised.
Payment processing
Authorised payment provider
Processes subscription payments and renewals.
Hosting infrastructure
Regional cloud providers
Hosts application backends and VPN servers.
Email delivery
Transactional email provider
Sends receipts, security notices and account emails.
Legal requests, incidents and transparency
Law-enforcement request policy
Sitrava reviews requests for compliance with applicable law. Where required by law we may preserve or disclose limited information. Requests submitted by unauthorised parties are declined.
Incident communication
Confirmed material incidents affecting customer accounts or the availability of the service will be communicated on the service-status page and, where appropriate, by email.
Transparency reporting
Once we have received and processed meaningful volumes of requests, aggregated transparency reports will be published here.
Application-security practices
Application code changes are reviewed, dependencies are monitored, and production access follows role-based controls.
Sitrava does not currently claim: independently audited, no-logs, zero-knowledge, RAM-only servers, open source, warrant canary or audited infrastructure. These claims will only be added when supported by documentary evidence.