Trust Centre

Security, privacy and transparency

This page is maintained by Clicked IN FZE LLC to answer common security and privacy questions about Sitrava Secure. It is not a certification and does not constitute independent verification.

Overview

Security overview

Layered controls across application, transport and account security.

Privacy practices

Data categories and retention explained in plain language.

Infrastructure

Regionally-deployed VPN servers with published availability states.

Service status

Component-level status across website, account and VPN regions.

Encryption and supported protocols

  • WireGuard — modern encrypted tunnel between supported apps and Sitrava servers.
  • OpenVPN — widely compatible encrypted tunnel available for standard access.
  • TLS 1.2+ — used to protect website, account portal and API endpoints.
  • At-rest encryption — sensitive stored fields (e.g. authentication material) are encrypted at rest.

Data handling

CategoryExamplesPurposeType
Account informationName, email, contact number, subscriptionOperating the accountRequired
Billing informationBilling address, payment status, transaction reference, last four card digits (where returned by the payment provider)Processing paymentsRequired
Device informationDevice type, OS version, application version, device identifierManaging registered devicesRequired
Diagnostic informationApplication errors, connection failures, performance diagnosticsImproving reliabilityOptional
Security informationLogin attempts, password resets, MFA events, suspected abuseProtecting accounts and infrastructureSecurity-event
VPN connection metadataAggregated technical data required to operate the serviceOperating the VPN serviceOperational
Browsing activityContents of the traffic passing through the VPNNot required to operate the accountNot stated as excluded until technically validated

Optional diagnostics can be opted out of from Account > Privacy, where technically supported. Sitrava does not claim that browsing activity is not collected until this has been technically validated and documented; final wording will be updated in the Privacy Policy once verified.

Subprocessors

Sitrava works with a small number of trusted service providers to operate the service. A current list will be published here once contracts and DPAs are finalised.

  • Payment processing

    Authorised payment provider

    Processes subscription payments and renewals.

  • Hosting infrastructure

    Regional cloud providers

    Hosts application backends and VPN servers.

  • Email delivery

    Transactional email provider

    Sends receipts, security notices and account emails.

Legal requests, incidents and transparency

Law-enforcement request policy

Sitrava reviews requests for compliance with applicable law. Where required by law we may preserve or disclose limited information. Requests submitted by unauthorised parties are declined.

Incident communication

Confirmed material incidents affecting customer accounts or the availability of the service will be communicated on the service-status page and, where appropriate, by email.

Transparency reporting

Once we have received and processed meaningful volumes of requests, aggregated transparency reports will be published here.

Application-security practices

Application code changes are reviewed, dependencies are monitored, and production access follows role-based controls.

Sitrava does not currently claim: independently audited, no-logs, zero-knowledge, RAM-only servers, open source, warrant canary or audited infrastructure. These claims will only be added when supported by documentary evidence.