Introduction
Welcome to Neon Tunnel VPN (vpn.mitkar.com). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our source code, access our admin panel, or use any of our services.
This policy applies to all data collected through our website vpn.mitkar.com, including all public pages, the admin panel, the guest chat system, and payment processing flows.
Please read this policy carefully. By using our platform, you agree to the practices described in this Privacy Policy. If you disagree with any part of this policy, please discontinue use of our services.
Information We Collect
1. Admin Account Data
When an admin account is created on our platform (by the Main Admin), the following information is stored:
- Username Display name used to identify the account
- Hashed Password Stored using PHP's
password_hash() with bcrypt; we never store plain-text passwords
- Email Address Used for account identification and communication
- Phone Number For WhatsApp-based support and payment notifications
- Role admin, subadmin, or reseller (access level)
- Avatar Image Optional profile photo uploaded to
admin/uploads/avatars/
- Balance Wallet balance in the system's financial ledger
- Last Seen Timestamp For online status in the chat system
2. Payment & Transaction Data
When payments are processed through our platform, the following data is stored:
- Order ID Razorpay/Stripe/PayPal generated order reference
- Payment ID Gateway-generated payment confirmation ID
- Amount Transaction value in INR
- Status pending / success / failed / cancelled
- Payment Type wallet_topup / source_code_purchase / hiring_service
- Guest Email & Phone For public payments (source code purchase, hiring service)
We never store card numbers, CVV, or banking credentials. All payment processing is handled by our payment gateway partners (primarily Razorpay) who are PCI-DSS Level 1 compliant. We only receive confirmation data after payment completion.
3. Guest Chat Data
Our public pages include a guest chat widget that allows visitors to contact us. When you use the guest chat:
- Email & Phone Optionally provided by you for identity; stored in browser
localStorage as _gchat_email and _gchat_phone
- Chat Messages Stored in our MySQL database as
chat_messages
- IP Address Server-side request logging for abuse prevention
- Page Visit Events Payment milestones logged to guest chat (payment started, success, failed, cancelled)
4. Login Activity Data
When admin users log in, we record:
- IP Address Geo-located using public IP API for security monitoring
- Device & Browser Info User-agent string for session identification
- Country & City Geo-IP resolution for activity logs
- Login Timestamp For audit trail in activity logs
5. VPN User Data
VPN end-user credentials managed through the admin panel include:
- VPN username, hashed password, email, expiry date, plan assignment
- This data is managed entirely by the respective admin or reseller account; we do not independently use this data for marketing or analytics
6. Server-Side Logs
Our hosting provider (Hostinger) automatically logs server access requests including IP addresses, request paths, timestamps, and response codes. These logs are retained per Hostinger's data retention policy and are used for security and performance monitoring.
How We Use Your Information
We use the collected information for the following purposes:
- Platform Operation Providing admin panel functionality, managing accounts, processing transactions.
- Payment Processing Creating payment orders, verifying payments, crediting wallets, and maintaining audit trails.
- Customer Support Responding to inquiries via email, WhatsApp, Telegram, and the guest chat system.
- Security Monitoring Detecting unauthorized access, suspicious login patterns, and abuse prevention through activity logs.
- Platform Improvement Understanding how users interact with the platform to improve features and fix issues.
- Communication Sending payment confirmations, order updates, and support responses.
- WhatsApp Automation After payment, order details are pre-filled in a WhatsApp message directed to our support team for order fulfillment.
We do NOT use your information for third-party advertising, sell your data to external parties, or use it for profiling purposes.
Data Sharing & Third Parties
We share your information only in the following limited circumstances:
- Razorpay (Primary Payment Gateway) Transaction data is processed by Razorpay India Pvt. Ltd. Razorpay's Privacy Policy governs their data practices. We receive only order confirmation data.
- Other Payment Gateways Stripe, PayPal, PhonePe, bKash, Cashfree, SSLCommerz each processes payments under their respective privacy policies when selected by the user.
- Hostinger (Hosting Provider) Our database and server are hosted on Hostinger. Server access logs are processed per Hostinger's data policy.
- CDN Providers Font Awesome icons are loaded from Cloudflare CDN; they may log access requests. We do not use Google Fonts or tracking CDNs.
- IP Geolocation API Login events use a public IP geolocation API (
ipapi.co) to resolve country and city. No personal data is sent to this service beyond the raw IP address.
- Exchange Rate API Currency conversion uses
open.er-api.com for display-only purposes. No personal data is sent.
We do not sell, trade, or rent your personal information to third parties for marketing purposes.
Cookies & Local Storage
We use the following session and storage mechanisms:
- PHP Session Cookie (
PHPSESSID) A server-side session cookie that stores your admin login state. Expires when you close the browser or after the session timeout.
- localStorage Keys
_gchat_email, _gchat_phone (guest chat identity), _chatUnread (unread message badge state). These persist in your browser until manually cleared.
- sessionStorage Keys Currency conversion rates and geo-location data are cached in sessionStorage to minimize external API calls during a single visit. Cleared when the browser tab is closed.
We do not use advertising cookies, tracking pixels, or analytics cookies. For more details, see our Cookie Policy.
Data Security
- HTTPS/SSL All traffic is encrypted via SSL/TLS provided by Hostinger.
- Password Hashing All passwords are hashed using PHP's
password_hash() with bcrypt (cost factor 10+). Plain-text passwords are never stored.
- PDO Prepared Statements All database queries use PDO with parameterized statements, preventing SQL injection.
- Role-Based Access Control (RBAC) Every admin panel page verifies the user's role and hierarchy before displaying or allowing any action.
- Payment Security Razorpay handles all card data under PCI-DSS Level 1 compliance. We never handle raw card information.
- Session Security PHP sessions are managed server-side. Login session is destroyed immediately on logout.
For more details, see our Security Policy.
Your Data Rights
Depending on your location and applicable laws, you may have the following rights regarding your personal data:
- Right to Access Request a copy of the personal data we hold about you.
- Right to Correction Request correction of inaccurate data.
- Right to Deletion Request deletion of your account and associated data (subject to legal retention requirements for financial records).
- Right to Portability Request your data in a portable format.
- Right to Object Object to processing of your data in certain circumstances.
To exercise any of these rights, contact us at vpn@mitkar.com with the subject line "Data Rights Request". We will respond within 30 days.
Children's Privacy
Our platform is intended for business users and developers aged 18 and above. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us personal information, we will delete it immediately. If you believe your child has provided us information, contact us at vpn@mitkar.com.
International Data Transfers
Our servers are hosted on Hostinger (Lithuania/EU infrastructure) with databases on Hostinger's global network. If you are accessing our platform from outside India, be aware that your data may be transferred to and processed in countries with different data protection standards. By using our platform, you consent to such transfers.
Payment data is processed by Razorpay (India), Stripe (USA), PayPal (USA), and other gateways each subject to their respective privacy policies and jurisdictions.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
