MindLockrX Privacy Policy

MindLockrX Privacy Policy

Last updated: March 16, 2026

This Privacy Policy explains how MindLockrX collects, uses, stores, and discloses personal data when you use the MindLockrX mobile application and related VPN access services.

The MindLockrX mobile application provides authenticated WireGuard-based VPN connectivity for iOS and Android devices, allowing authorized users to securely access corporate networks using full-tunnel or split-tunnel routing modes.

The mobile application does not perform SSL/TLS interception, traffic inspection, or man-in-the-middle (MITM) decryption of user traffic.

1. Company Information

MindLockrX is provided by BFS İÇ DENETİM EĞİTİM FİNANSAL VE KURUMSAL YÖNETİM DANIŞMANLIĞI A.Ş.

Address: Kocatepe, Bayındır-2 Sk. No:59 D:2, 06420 Çankaya/Ankara, Turkey

Contact: info@mindlckrx.com

2. Scope

This Privacy Policy applies to the MindLockrX mobile app for iOS and Android, including authentication, control-plane, and VPN connection services required to deliver the app. MindLockrX is an enterprise secure access client and is intended for use by authorized users connecting to their organization's infrastructure. It is not designed as a public or anonymous consumer VPN service. The service is intended for use by employees or authorized users of organizations that deploy MindLockrX gateway infrastructure.

3. Data We Collect

3.1 Account and Authentication Data

- Username entered at sign-in

- Password entered at sign-in

- Multi-factor authentication (MFA) code and related authentication state (if MFA is enabled)

- Authentication tokens generated after successful login

- User ID/account ID

- Email address associated with the account

- Name data (only if provided in the account profile by your organization)

3.2 VPN Provisioning and Session Data

- WireGuard public key generated for the session

- Session ID for active VPN connection management

- Assigned internal VPN IP address

- Selected VPN gateway identifier and endpoint

- Routing mode and routing parameters (full-tunnel/split-tunnel)

- DNS settings required for the VPN session

- Connection start/disconnect time and disconnect reason

- Basic VPN status and tunnel health information

3.3 Device and Application Data

- Device model

- Mobile OS and OS version

- Platform type (iOS/Android)

- App version

- Device identity string derived from model/platform/OS version (used as a device identifier)

3.4 Data Stored Locally on Your Device

- Access token

- Basic user profile data returned after login

- Configured controller/authentication server addresses

- Saved VPN session state used to restore in-app connection status

Local data is stored using secure local storage mechanisms provided by the mobile operating system where supported.

4. Data We Do Not Collect Through the Mobile App

The current mobile app does not collect or transmit, as part of its app flow:

- Precise or coarse location data

- Contacts, SMS, call logs, camera, microphone, or photo library data

- Advertising ID

- Health & fitness data

- User content such as photos, videos, emails/messages, or audio recordings

- Browsing history or search history for tracking, profiling, or advertising purposes.

- SSL/TLS MITM interception data or user-installed inspection certificates

The application does not use third-party advertising SDKs or behavioral tracking technologies.

5. How We Use Data

We process data to:

- Authenticate users and protect account security

- Provide WireGuard VPN connectivity

- Provision sessions, addresses, DNS, and gateway configuration

- Route traffic according to selected VPN mode

- Detect abuse, misuse, failures, and security incidents

- Troubleshoot reliability and operational issues

- Comply with legal obligations and lawful requests

6. Tracking, Advertising, and Analytics

- We do not use collected personal data for cross-app or third-party tracking.

- We do not sell personal data.

- We do not use mobile app data for third-party advertising profiling.

- We do not use collected name/email/user ID/device ID for advertising purposes.

7. How We Share Data

We may share relevant data only as necessary with:

- Authentication infrastructure

- Control-plane services managing VPN sessions

- VPN gateway systems required to establish the WireGuard tunnel

- Hosting, networking, security, and infrastructure providers acting on our behalf

- Professional advisers, auditors, or authorities where legally required

- A successor entity in case of merger/acquisition/transfer

8. Legal Bases

Where required by law (including GDPR and Turkish KVKK No. 6698), we process data based on one or more of:

- Performance of a contract (providing requested VPN service)

- Compliance with legal obligations

- Legitimate interests (service security, fraud prevention, operational reliability)

- Consent, where legally required

9. Data Retention

We retain personal data only as long as reasonably necessary for service delivery, account security, troubleshooting, auditing, and legal compliance.

- Local app data typically remains until logout, reset, or app removal

- Authentication and VPN session records may be retained for security/support needs

- Operational/security logs are retained for limited periods consistent with business/legal requirements

- Backup copies may persist temporarily before routine deletion

We retain only the minimum data necessary to operate the service and maintain security and reliability.

10. Security

We use technical and organizational measures designed to protect personal data, including encrypted transport, authenticated access controls, and secure local storage where supported. While we implement industry-standard safeguards, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

11. International Transfers

Data may be processed in countries other than your country of residence depending on infrastructure, gateways, and service providers. Where required, appropriate legal safeguards are applied.

12. Your Rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, and (where applicable) portability of your personal data, and may withdraw consent where processing relies on consent.

To exercise rights: info@mindlckrx.com

13. Children’s Privacy

The service is not intended for children under the legal age of consent under applicable law. We do not knowingly collect personal data from children in violation of applicable law.

14. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will update the “Last updated” date and provide additional notice where required.

15. Contact

BFS İÇ DENETİM EĞİTİM FİNANSAL VE KURUMSAL YÖNETİM DANIŞMANLIĞI A.Ş.

Kocatepe, Bayındır-2 Sk. No:59 D:2, 06420 Çankaya/Ankara, Turkey

info@mindlckrx.com