LastParadox is built on the principle of zero-knowledge privacy. We do not collect, store, or have access to your personal data, browsing activity, or connection information.
1. Data We DO NOT Collect
LastParadox does not collect or store:
Browsing History: We do not log, track, or monitor the websites you visit.
Connection Logs: We do not record connection timestamps, session duration, or bandwidth usage.
IP Addresses: We do not log your real IP address or the IP addresses you connect to.
DNS Queries: We do not monitor or log your DNS requests.
Traffic Data: We do not inspect, log, or store the content of your network traffic.
Personal Information: We do not collect names, email addresses, phone numbers, or payment information.
Device Information: We do not collect device identifiers, operating system details, or hardware specifications.
2. Data Stored Locally
The following data is stored only on your device and never transmitted to our servers:
User Credentials: Your username and password hash are stored locally using zero-knowledge proofs.
Wallet Keys: Solana and Ethereum wallet keys are generated and stored locally.
Public Key: Your public key for network authentication (does not reveal your identity).
Application Settings: Your preferences and configuration settings.
Claim History: Local cache of your daily reward claims (also stored in decentralized Hyperbee).
3. Decentralized Data Storage
LastParadox uses HyperBee, a decentralized P2P database, for network coordination:
Whitelist: Approved user public keys (pseudonymous, not linked to real identity).
Host List: Available VPN host nodes and their .onion addresses.
Reward Data: Daily claim records associated with public keys (not personal information).
This data is distributed across the P2P network and does not contain personally identifiable information.
4. Tor Network Integration
LastParadox routes all VPN traffic through the Tor network for additional anonymity:
All connections use SOCKS5 proxy through Tor.
Host nodes are accessible via .onion addresses.
Your real IP address is hidden from host nodes.
Traffic is encrypted end-to-end.
Tor provides strong anonymity, but users should follow best practices for operational security.
5. Overlay Network & No-Exit Policy
LastParadox operates as a private Overlay Network, not a generic public VPN:
No Exit Nodes: Your device NEVER acts as an exit node for other users' public internet traffic.
Encrypted Tunnel: All traffic routed through your node is strictly internal and encrypted.
No Liability: Since your IP does not exit to the public internet for others, you cannot be held liable for other users' activities.
Zero Sharing: You do not share your residential IP with the public internet.
6. No Third-Party Tracking
LastParadox does not use:
Analytics services (no Google Analytics, Mixpanel, etc.)
Advertising networks or trackers.
Social media pixels or tracking cookies.
Third-party authentication providers.
7. Website and Landing Page
Our website (lastparadox.xyz) is a static site that:
Does not use cookies.
Does not collect visitor analytics.
Does not track user behavior.
Loads network status from a static JSON file (no user data).
Vercel (our hosting provider) may collect basic server logs for infrastructure purposes, which we do not have access to.
8. Open Source Transparency
LastParadox is fully open source:
All source code is available on GitHub for public review.
You can verify our privacy claims by auditing the code.
Community contributions and security audits are welcome.
No hidden telemetry or backdoors.
9. Data Security
We protect your privacy through:
Local Encryption: Credentials are hashed and stored securely on your device.
Zero-Knowledge Architecture: We cannot access your data even if we wanted to.
Decentralization: No central servers to hack or compromise.
End-to-End Encryption: All network traffic is encrypted.
10. Legal Requests
Because we do not collect or store user data:
We cannot provide user data to law enforcement or government agencies.
We have no logs to hand over, even under legal compulsion.
We cannot identify users based on their network activity.
11. Children's Privacy
LastParadox does not knowingly collect data from anyone, including children under 13. Our zero-knowledge architecture ensures we have no way to determine the age of our users.
12. International Users
LastParadox is a decentralized network with no central servers or data storage location. The P2P network is distributed globally, and all data processing happens locally on your device.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or for legal reasons. Any changes will be posted on this page with an updated "Last Updated" date.
14. Vault Browser Extension
The LastParadox Vault browser extension is a companion tool for the desktop application:
Data Processing
Authentication Data Access: The extension accesses passwords from your local desktop Vault via 127.0.0.1:4545.
No Data Collection: The extension does not collect, store, or transmit any authentication data.
Local Communication Only: All communication happens between the extension and your local desktop app.
No External Servers: The extension never sends data to external servers or third parties.
Permissions Used
Storage: Stores the Vault connection token (UUID) locally in the browser.
ActiveTab: Detects login forms on the current webpage for autofill.
Host Permission (localhost): Communicates with the local desktop Vault application only.
15. Android Application — LastParadox VPN
This section specifically covers the LastParadox VPN application for Android (com.lastparadox.vpn.lp_android_vpn), distributed via Google Play. This section is provided to satisfy Google Play's VPN policy and Prominent Disclosure requirements.
15.1 — Purpose of the VPN Permission
The Android application uses the android.permission.BIND_VPN_SERVICE system permission exclusively to route the device's internet traffic through the Tor anonymity network. The VPN tunnel is used solely to provide privacy and anonymity to the end user. It is never used to:
Collect, inspect, or log network traffic content.
Redirect traffic for advertising, analytics, or data harvesting purposes.
Manipulate DNS responses or inject content into web traffic.
Operate as a commercial exit node or relay for third-party users.
15.2 — Data Collected by the Android Application
The LastParadox VPN Android application collects zero user data. Specifically, it does not collect, transmit, or store:
Browsing history: No URLs, domains, or DNS queries are logged.
Network traffic: Packet content passing through the VPN tunnel is never inspected, recorded, or stored.
IP addresses: Neither the user's real IP address nor the destination IP addresses are logged.
Connection metadata: No timestamps, session durations, bandwidth usage, or connection counts are recorded.
Device identifiers: No IMEI, Android ID, advertising ID, or hardware identifiers are collected.
Location data: No GPS coordinates, cell tower data, or network-based location data are accessed or transmitted.
Personal information: No name, email address, phone number, or account information is required or collected.
15.3 — Data Stored Locally on Device
The following data is stored exclusively on the user's device using Android's secure storage APIs (FlutterSecureStorage) and is never transmitted to any server:
Local identity (auto-generated): A cryptographic key pair (public key + private key) generated at first launch using a CSPRNG. This identity is pseudonymous and contains no personally identifiable information.
Wallet addresses: Ethereum and Solana wallet addresses derived from the local key pair. These are stored locally and used for on-chain interactions initiated by the user only.
VPN consent flag: A boolean value stored in SharedPreferences recording that the user has read and accepted the Prominent Disclosure before activating the VPN. Key: vpn_prominent_disclosure_accepted_v1.
Application settings: User interface preferences (e.g., selected host).
15.4 — VPN Tunnel Architecture & Encryption
All traffic routed through the VPN passes through the following encryption chain:
Step 1 — TUN interface: Android's VpnService API creates a virtual TUN network interface that captures all device traffic (0.0.0.0/0).
Step 2 — Tun2Socks: A native library converts raw TUN packets into SOCKS5 connections routed to the local SOCKS proxy at 127.0.0.1:1080.
Step 3 — SOCKS5 proxy (embedded): A Dart-native SOCKS5 server running on 127.0.0.1:1080 chains all connections to the Tor SOCKS port at 127.0.0.1:9050.
Step 4 — Tor network: Traffic exits through the Tor network via an anonymous exit node. The user's real IP address is replaced by the Tor exit node's IP address. Traffic traverses at least 3 encrypted hops (Entry → Relay → Exit) before reaching the destination.
The result is that the destination server sees only the Tor exit node IP. The user's real IP address is never exposed to the destination.
The application package (com.lastparadox.vpn.lp_android_vpn) is excluded from the VPN tunnel to allow local SOCKS/Tor communication without routing loops.
15.5 — Prominent Disclosure
In compliance with Google Play's VPN policy, the LastParadox VPN Android application displays a Prominent Disclosure dialog before the VPN tunnel is activated for the first time. This dialog:
Explains the purpose of the VPN permission and how traffic is routed.
States explicitly that zero browsing logs are retained.
Describes the full encryption architecture (TUN → Tun2Socks → SOCKS5 → Tor).
Lists all data stored locally on the device.
Requires the user to scroll through the entire disclosure before acceptance.
Requires explicit checkbox consent before the "ENABLE VPN" button becomes active.
Records consent locally (SharedPreferences) and does not re-display on subsequent activations.
15.6 — Android Permissions Used
The application uses the following Android permissions, each limited to its stated purpose:
BIND_VPN_SERVICE — Required to create and manage the VPN tunnel via Android's VpnService API. Used exclusively for Tor-based traffic anonymization.
FOREGROUND_SERVICE — Required to keep the VPN tunnel active while the app is in the background. Displays a persistent notification ("LastParadox VPN — Protected & Anonymous").
FOREGROUND_SERVICE_SPECIAL_USE — Required on Android 14+ to declare the foreground service type for the VPN service.
INTERNET — Required for the embedded Tor daemon to establish outbound connections through the Tor network.
No permissions related to location, contacts, microphone, camera, or external storage are requested or used.
15.7 — Tor Network & Exit IP Verification
When the VPN is active, the application provides a real-time IP display in the user interface that shows:
VPN OFF: The user's real public IP address (fetched directly via api.ipify.org), confirming the device's current identity on the network.
VPN ON: The Tor exit node's IP address (fetched through the SOCKS5/Tor tunnel), visually demonstrating that the user's real IP has been replaced by an anonymous Tor exit IP.
This dual-display provides transparent, verifiable proof that the VPN tunnel is actively routing traffic through Tor.
15.8 — No Third-Party SDKs or Analytics
The Android application does not include any:
Analytics SDKs (no Firebase Analytics, Mixpanel, Amplitude, etc.).
Advertising SDKs (no AdMob, Meta Audience Network, etc.).
Crash reporting services that transmit device data (no Crashlytics, Sentry, etc.).
Social login SDKs (no Google Sign-In, Facebook Login, etc.).
Third-party tracking or attribution libraries.
All network requests originate from the user's own encrypted Tor tunnel or from local device-to-device communication only.
15.9 — No-Exit-Node Policy on Android
The LastParadox VPN Android application operates in client-only mode. The device running the app:
Acts solely as a VPN client routing its own traffic through Tor.
Does not act as a relay or exit node for other users' traffic.
Does not expose the device's IP address to the public internet on behalf of third parties.
15.10 — User Rights & Data Deletion
Because no data is transmitted to or stored on external servers, there is no user account to delete and no server-side data to request. All locally stored data (identity keys, consent flag) can be removed by:
Clearing the application data via Android Settings → Apps → LastParadox VPN → Clear Data.
Uninstalling the application, which removes all local app data from the device.
Upon next launch after clearing data, a new pseudonymous local identity is generated automatically.
16. Contact Us
If you have questions about this Privacy Policy, please contact us through: