1. About This App

Marshall VPN is a VPN application for iOS and Android developed by Marshall Relay Limited (Hong Kong). The App operates its own VPN server infrastructure and also functions as a universal VPN client, allowing users to import third-party server configurations.

Marshall VPN allows users to generate VPN access keys, connect to Marshall-operated servers, import subscription links from third-party providers, view and manage server lists, check server availability, and establish encrypted network connections. On iOS this uses Apple's NetworkExtension; on Android it uses the system VPN facility (VpnService). Both platforms use the open-source sing-box engine on the device to build the tunnel.

2. Core Principle

3. Marshall VPN Servers

Marshall VPN operates its own VPN server infrastructure. When you use Marshall servers:

• Your VPN access key is generated based on a unique device identifier and stored locally on your device.
• The Developer does not log your browsing activity, DNS queries, traffic content, connection timestamps, or bandwidth usage on its servers.
• Server-side infrastructure is designed to minimize data retention. Only the minimum data necessary for service operation (such as connection state) is processed transiently and not stored persistently.

3.1 Subscription services outside the App

If you obtain or renew Marshall VPN access through a subscription interface we operate outside the App (for example automated flows on a third-party platform), we process pseudonymous identifiers and subscription metadata that the platform provides to us — solely to issue credentials and manage access. This processing is separate from data stored locally in the App. It is not used for advertising or unrelated profiling.

4. Data Stored on Your Device

The following data is stored locally on your device only and is never transmitted to the Developer for tracking or analytics:

4.1 iOS: Keychain

• VPN access key / Subscription URL — your VPN credentials or the HTTPS subscription link. Protected by the iOS Keychain with kSecAttrAccessibleAfterFirstUnlock.
• Server configuration cache — server names, addresses, ports, protocol parameters (VLESS, VMess, Trojan, Shadowsocks), and connection settings.

4.2 Android: Encrypted storage

• VPN access key / Subscription URL and server configuration cache — the same classes of data as on iOS, protected using Android EncryptedSharedPreferences (AES encryption backed by the Android Keystore where supported).

4.3 Local preferences (both platforms)

On iOS, preferences are stored in UserDefaults; on Android, in standard app preferences. Examples include:

• Selected server ID — which server you last selected.
• Language preference — your chosen interface language.
• Transport mode — your selected protocol mode (for example VLESS or SS (Shadowsocks)) for Marshall subscriptions.
• Auto-select setting — whether automatic best-server selection is enabled.

This data is sandboxed within the App and is automatically deleted when you uninstall Marshall VPN.

4.4 Transport modes and protocols

The App distinguishes between proxy types in a subscription. You can choose a mode such as VLESS or SS (Shadowsocks); the server list and sing-box configuration match that choice. For Marshall's own subscription, the SS option may use Shadow-TLS together with Shadowsocks when the configuration includes the relevant parameters. Imports from third-party providers can include other or additional proxy types depending on the subscription format.

5. Network Activity

5.1 Key Generation

When you generate a VPN key within the App, a request is sent to the Marshall API containing only a unique device identifier. This identifier is used solely to create your VPN access credentials. No personal information (name, email, phone number, Apple ID, or Google account) is collected or transmitted during this process.

5.2 Subscription Fetch

When using third-party servers, the App downloads server configuration data directly from the subscription URL you provided. The request goes from your device to the subscription provider.

5.3 Server Latency Checks

The App performs TCP connection tests to servers to measure round-trip latency. These are direct connections from your device. No results are sent anywhere.

5.4 Service Availability Checks

The App can optionally check whether popular internet services are reachable by sending lightweight HTTP HEAD requests directly from your device. No results are collected or transmitted.

5.5 Network Tunnel

When you connect, Marshall VPN uses the iOS NetworkExtension framework or Android VpnService, together with the open-source sing-box engine running on your device, to create an encrypted tunnel. All network traffic flows directly between your device and the selected server; sing-box is not a remote service operated by the Developer for processing your traffic.

6. In-App Purchases

On iOS, Marshall VPN offers subscription plans and one-time purchases through Apple's App Store (StoreKit 2). On Android, purchases go through Google Play and Google Play Billing. Payment processing is handled entirely by Apple or Google respectively. The Developer does not collect, process, or store payment card details, full payment credentials, or your Apple ID or Google account information.

7. Optional Feedback

Marshall VPN includes an optional, in-app feedback form. If you choose to submit feedback:

• Only the text you type is sent.
• The submission is fully anonymous — no device identifiers, IP address, account information, or server configuration is attached.
• You are never required to use this feature.

8. Optional diagnostics and log collection

The App includes a Diagnostics screen (iOS: icon in the app header; Android: the same feature from the home screen). There you can turn on Log collection to capture technical lines from the VPN stack, including the sing-box engine, on the device. Logging is off by default.

Log content is stored only on your device in a local buffer or file. You can copy the text or use Share to send a file to someone else (for example to support). These logs are not uploaded to Marshall automatically. The Developer does not receive them unless you choose a channel to send them yourself. Turning off log collection stops further writes; you can also clear the buffer in the same screen. Because diagnostic logs can contain hostnames, destination addresses, or config fragments, you should only enable this feature when you need a technical trace for troubleshooting.

9. Data We Do NOT Collect

The Developer does not collect, store, process, or have access to (including automatic upload):

• Personal identification information (name, email, phone number, Apple ID, or Google account)
• Device identifiers (IDFA, IDFV, serial number)
• IP addresses or geographic location data
• Browsing history, DNS queries, or network traffic content
• Connection logs, session timestamps, durations, or bandwidth usage
• App usage patterns or behavioral analytics
• Remote crash-reporting or remote diagnostic data sent to the Developer; optional in-app log collection (see Section 8) is local and never sent automatically to Marshall
• Payment information or financial data (payments are processed by Apple or Google)

10. Third-Party Code and SDKs

Marshall VPN does not include advertising frameworks, analytics services, crash reporting SDKs, social media SDKs, or attribution tracking SDKs.

The only third-party component is the open-source sing-box library (Libbox), which runs entirely on your device.

11. Third-Party Servers

When using third-party server configurations (imported via subscription links), the servers you connect to are operated by your subscription provider, not by the Developer. The Developer does not control, operate, or monitor these third-party servers and bears no responsibility for their data handling practices.

12. Data Security

• On iOS, sensitive data is stored in the Keychain, Apple's hardware-backed encrypted storage.
• On Android, the equivalent material is protected with EncryptedSharedPreferences (Keystore-backed encryption on supported devices).
• Network tunnel configurations use modern encryption protocols (for example VLESS with Reality, TLS 1.3, Shadow-TLS, or Shadowsocks) depending on the server and mode you select.
• The App enforces HTTPS for subscription links where applicable.

13. Children's Privacy

Marshall VPN is not directed at children under the age of 13. The Developer does not knowingly collect personal information from children.

14. Your Rights and Data Control

• Delete all data — uninstall the App. All locally stored data is automatically removed.
• Reset subscription — use the "Change subscription" button within the App where available.
• Remove VPN configuration — on iOS: Settings → General → VPN & Device Management; on Android: Settings → Network & internet (or Connections) → VPN, depending on your device.
• Manage App Store / Play subscriptions — on iOS: Settings → Apple ID → Subscriptions; on Android: Google Play → Payments & subscriptions → Subscriptions (or the Play Store listing for Marshall VPN).

15. Changes to This Policy

This Privacy Policy may be updated to reflect changes in the App's functionality or applicable regulations. The "Last updated" date at the top indicates the most recent revision.

16. Transparency and security assessments

Marshall may commission independent security reviews of the app, API, or infrastructure as the service matures and publish summaries when practical. VPN client software has no universal mandatory certification; such reviews are voluntary transparency measures, distinct from optional industry certifications (for example ISO 27001) that organizations sometimes pursue separately.

17. Contact

If you have questions about this Privacy Policy:

Email: support@appmarshall.com

Registered address: Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy Central, Hong Kong S.A.R