Privacy Policy

Last updated: October 15, 2025

1. Introduction

This Privacy Policy explains how we collect, use, and protect your information when you use the OpenVPN Manager dashboard platform (“Service”). The Service was developed as part of an internship (PKL) learning project and is intended for internal use only.

Your trust is our priority. We are committed to protecting your privacy and managing your data responsibly. By using this Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect several types of information to provide, secure, and improve our Service.

a. Information You Provide Directly

  • Account Information: When an account is created for you by an Admin, we store basic details such as your email address and your assigned role (ADMIN or USER).
  • Additional Information: You may be asked to provide additional data such as a password (which we store in encrypted hash format) and a Two-Factor Authentication (2FA) secret key (if you enable it).

b. Automatically Collected Information (Data Logs)

This is a core part of our dashboard’s monitoring and security functionality. We automatically log the following information:

  • Dashboard Activity Logs (UserActivityLog)
    • Details: Each time you LOGIN or LOGOUT.
    • Collected Data: User ID, email, role, IP address, browser User-Agent, and timestamp.
  • IP Change Logs (IpChangeLog)
    • Details: When the system detects that you access the dashboard from a different IP address than your previous session.
    • Collected Data: User ID, old IP address, new IP address, and timestamp.
  • VPN Activity Logs (VpnActivityLog)
    • Details: Information sent by agents from each server node regarding VPN user connection activities.
    • Collected Data: VPN username, connection status (CONNECT/DISCONNECT), public IP address, internal VPN IP, total data sent and received, and timestamp.
  • OpenVPN System Logs (OpenVpnLog)
    • Details: Technical logs from the OpenVPN service on each node.
    • Collected Data: Timestamp, log level (INFO, WARNING, ERROR), and raw log messages.
  • Action Logs (ActionLog)
    • Details: Every administrative action performed in the dashboard.
    • Collected Data: Action type (e.g., CREATE_USER), action details, status, Admin ID, and timestamp.

3. How We Use Your Information

The information we collect is used exclusively for operational, security, and diagnostic purposes, including:

  • To Provide and Manage the Service: Authenticate users, manage VPN profiles, and display operational data.
  • For Security and Auditing: Detect IP address changes as a session security mechanism, track administrative activity for audit purposes, and monitor unauthorized access attempts.
  • For Troubleshooting: Analyze node system logs to diagnose connection or server performance issues.
  • For Performance Monitoring: Track server resource usage (CPU, RAM) and network traffic.

We do not use your personal information for marketing, advertising, or selling to third parties.

4. Data Sharing and Disclosure

We do not share your personal information with companies, organizations, or individuals outside our internal team, except in the following cases:

  • For Legal Purposes: When we believe in good faith that access, use, retention, or disclosure of information is reasonably necessary to comply with applicable law, regulation, legal process, or government request.
  • For Security Purposes: To detect, prevent, or address fraud, security, or technical issues.

5. Data Storage and Retention

  • Storage Security: We use industry-standard security measures, including encryption (hashing) for passwords, to protect your data from unauthorized access, alteration, disclosure, or destruction.
  • Retention Policy: We retain log data for a configurable period determined by the Admin. By default, log data older than 90 days will be automatically deleted from our database through a scheduled task (cron job) to maintain efficiency and privacy. This policy applies to all log types listed above.

6. Your Rights Over Your Data

  • Access and Update: You can access and update your account information through the dashboard or by contacting an Admin.
  • Delete Account: You can request deletion of your account by contacting an Admin. Note that historical log data associated with your activity may remain until deleted according to our automatic retention policy.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any updates or changes.

Back to Login