Privacy Policy

Effective: May 5, 2026 · Last updated: May 5, 2026

1. Who We Are

The PingAim service and the pingaim.com website are operated by 17748655 CANADA INC., a corporation incorporated under the federal Canada Business Corporations Act. Our registered office is at 1055 East Georgia Street, Vancouver, BC V6A 3P3, Canada. In this policy, "we", "us", and "our" refer to 17748655 CANADA INC.

2. What the PingAim Desktop Application Does Locally

The PingAim desktop application is a Windows program that routes network traffic at the operating system level using the Windows Filtering Platform (WFP). All routing decisions are made locally on your device. Specifically:

• Your routing rules (which app uses which interface) are stored locally on your machine and are never sent to us.
• Your application list is enumerated locally to populate the UI. We do not collect or transmit the list of installed applications.
• Your network traffic content is never intercepted, inspected, read, logged, or modified by the desktop application. We route at the socket/connection level only.
• Monitoring data (ping, jitter, packet loss, bandwidth) is computed locally and displayed in the UI. It is not transmitted anywhere.

3. What We Collect

We collect the minimum amount of data necessary to operate the service. Sections 3.1 and 3.2 describe data related to the desktop application. Sections 3.3 and 3.4 describe data related to the website.

3.1 Pro Subscription

If you purchase PingAim Pro, we collect:

• Email address — to manage your subscription, send receipts, and provide support.
• Payment information — processed entirely by Stripe. We do not receive, store, or have access to your full card number, CVV, or banking details. We receive only a transaction confirmation and the last four digits of your card for display purposes.

3.2 Anonymous Analytics from the Desktop Application (Optional)

The desktop application may transmit anonymous, aggregated usage statistics to help us improve PingAim, such as:

• Application version and Windows version.
• Number of active interfaces (not their names or identifiers).
• Feature usage frequency (e.g., "profiles feature used", not the profile content).
• Crash reports (stack traces without personal data).

Analytics can be disabled entirely in PingAim settings. When disabled, zero telemetry data is transmitted from the desktop application.

The desktop application does not collect or transmit: your network traffic or its contents, websites you visit or DNS queries, names or paths of applications you route, IP addresses of your network interfaces, your geographic location, hardware identifiers, or device fingerprints.

3.3 Website Visits (pingaim.com)

The website is hosted on Cloudflare Pages and served through Cloudflare's global edge network. When you visit the website:

• Cloudflare receives standard HTTP request metadata — your IP address, user agent, requested URL, referrer, and the Cloudflare edge data center serving the request — for the duration of the request. Cloudflare's standard log retention applies; refer to Cloudflare's privacy policy.
• We do not run our own analytics or tracking scripts. We do not use advertising networks, tracking pixels, or third-party advertising cookies.
• We do not place any cookies of our own. The website does not require cookies to function.

3.4 Browser Features That Send Data to Third Parties

Some interactive features on the website cause your browser to send data to third-party services or our own edge endpoints. We disclose them here in full:

• IP-based geolocation lookup (ip-api.com). When you use the "Nearest server", "Estimate ping", or game-page latency features, your browser sends a request to ip-api.com. Your IP address is sent to ip-api.com as part of that request, and ip-api.com returns your approximate city, country, and coordinates. We do not log this lookup on our own servers. ip-api.com's terms and privacy policy apply to that interaction. We are migrating this feature to a server-side lookup using Cloudflare request headers (CF-IPCountry) which does not require sharing your IP with a third party.
• Latency probe (Cloudflare Worker). To measure round-trip time to our edge, your browser sends small HTTP requests to a Cloudflare Worker we operate (currently at pingaim-ping.ioannmiedviediev.workers.dev; being migrated to ping.pingaim.com). Cloudflare receives the standard request metadata described in Section 3.3. We do not retain or analyse this data on our own servers; only the round-trip time measured client-side is used (and cached locally — see localStorage below).
• Error and performance monitoring (Sentry). When the website's JavaScript code throws an unhandled exception, or as part of a 10% sample of page loads for performance metrics, your browser sends an event to Sentry's ingestion endpoint at *.ingest.sentry.io. The event includes the stack trace of the error, the page URL, your browser and operating-system identifier, and basic environment metadata (screen size, viewport, locale). The website does not attach any user identifier (no email, no account ID) to these events; we have configured the SDK to filter out noise from browser extensions and known non-actionable network errors, and we have enabled IP-address scrubbing in Sentry's project settings. Sentry retains these events for up to 90 days, after which they are automatically deleted. Sentry is operated by Functional Software, Inc. d/b/a Sentry, with primary infrastructure in the United States. Sentry's privacy policy applies to that interaction.
• Browser local storage (localStorage). The website may store the following keys in your browser's localStorage; this data lives only on your device and is not transmitted to us:
  • pingaim_rtt — cached latency measurements per Cloudflare colo, used to skip redundant probes on repeat visits.
  • If you log in (see Section 3.5), an authentication token (JWT) and refresh token are stored in localStorage.
  You can clear localStorage at any time from your browser's developer tools or site-data settings.

3.5 Account Login and API Access

If you create an account on pingaim.com, the following applies:

• Your email address and a password hash (Argon2id) are stored on our authentication server at api.pingaim.com, which is operated by us in Canada.
• Each login issues a short-lived JSON Web Token (JWT) and a refresh token, both stored in your browser's localStorage and sent to api.pingaim.com on authenticated requests. Logging out clears them.
• For each device you log in from, we record a device label, the date of last access, and the issued client certificate's serial number, so you can revoke individual devices from your account page.

4. Channel Bonding (Pro Feature)

The Channel Bonding feature routes your traffic through our relay servers to combine multiple internet connections. Here is how we handle your data:

• All traffic between your device and our relay servers is encrypted end-to-end using QUIC with TLS 1.3 (mutual TLS — both client and server present certificates).
• We do not log, inspect, or store any traffic content passing through the relay servers.
• Relay servers keep no per-connection logs — no destination IPs, no per-session records linking traffic to your account.
• We retain only aggregate bandwidth counters per account (total GB used) for billing and fair-use enforcement.
• Your account email and the issued client certificate identify your device to the relay; the relay's NAT table briefly holds the client IP address while a session is active so return packets can be delivered, and is cleared when the session ends.

5. Data Storage and Security

• Email addresses, password hashes, and subscription data are stored on servers located in Canada.
• Payment processing is handled by Stripe, which is PCI DSS Level 1 certified.
• We use industry-standard encryption (TLS 1.3) for all communications with our servers.
• Static website assets are served from Cloudflare's global edge cache; the origin static build contains no personal data.
• We retain your email and subscription data for the duration of your subscription plus 30 days after cancellation, after which it is permanently deleted. Aggregate bandwidth counters are retained for 12 months for billing dispute resolution and then deleted.

6. Third-Party Services

We use the following third-party services. We do not sell, rent, or share your data with any other third parties beyond what is necessary for these services to function. We do not use advertising networks or third-party tracking pixels.

• Stripe — payment processing for Pro subscriptions. Stripe Privacy Policy
• Cloudflare — content delivery network, DNS, and edge compute (Cloudflare Workers, Cloudflare Pages) for the website and the latency probe described in Section 3.4. Cloudflare Privacy Policy
• ip-api.com — IP-based geolocation lookup invoked by your browser when you use latency or "nearest server" features (see Section 3.4). The lookup happens directly between your browser and ip-api.com; we do not proxy or log it. ip-api.com Terms & Privacy
• Sentry (Functional Software, Inc. d/b/a Sentry) — error monitoring and performance tracing for the website. Receives error stack traces and page-load timings from your browser as described in Section 3.4. Primary infrastructure is located in the United States. Sentry Privacy Policy

7. Your Rights

Depending on where you reside, you may have one or more of the following rights regarding your personal data:

• Access your data — request a copy of any data we hold about you.
• Correct your data — request correction of inaccurate data.
• Delete your data — request permanent deletion of your account and all associated data.
• Export your data — receive your data in a machine-readable format.
• Opt out of analytics — disable all desktop-app telemetry in PingAim settings.
• Withdraw consent at any time for processing that depends on your consent.
• Residents of the European Union, the United Kingdom, and Switzerland may exercise the rights granted by the GDPR / UK GDPR (including the right to lodge a complaint with a supervisory authority). Residents of California may exercise CCPA/CPRA rights, including the right to know, the right to delete, and the right to opt out of "sale" or "sharing" (we do not sell or share personal data as defined by CCPA).

To exercise any of these rights, contact us at [email protected] from the email address associated with your account, or by postal mail at the address in Section 11.

8. Children's Privacy

PingAim is not directed at children under the age of 13 (or under the age of 16 in jurisdictions where that is the threshold). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. For significant changes affecting Pro subscribers, we will notify them via the email address on file.

10. Jurisdiction and Governing Law

17748655 CANADA INC. is a federally incorporated Canadian company. This Privacy Policy is governed by the federal laws of Canada — primarily the Personal Information Protection and Electronic Documents Act (PIPEDA) — and, where applicable to commercial activities within British Columbia, by the British Columbia Personal Information Protection Act (PIPA).

For users located in the European Economic Area, the United Kingdom, or Switzerland, where 17748655 CANADA INC. processes personal data in connection with offering services to such users or monitoring their behaviour in those territories, the EU/UK/Swiss General Data Protection Regulation (GDPR) applies.

For users located in California, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) applies to the extent we are subject to it.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Postal mail: 17748655 CANADA INC., 1055 East Georgia Street, Vancouver, BC V6A 3P3, Canada
• Person accountable for our privacy practices (per PIPEDA s.5(1) Schedule 1, Principle 1): Ioann Miedviediev, Director, 17748655 CANADA INC.