๐Ÿ”’ Privacy Protection

Privacy Policy

Last Updated: March 20, 2026

๐Ÿ“–

1. Introduction

The ClashX website (clashx.tech), hereinafter referred to as "this Website," "we," "us," or "our," is committed to respecting and protecting the privacy of every visitor. ClashX is an open-source proxy configuration tool for macOS. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit and interact with this Website.

This Privacy Policy applies solely to information collected through this Website. It does not govern data processed by the ClashX desktop application, which operates entirely on your local device and does not transmit data to us.

By accessing or using this Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of this Website.

๐Ÿ’ก
Scope Clarification: ClashX is a proxy configuration tool โ€” not a VPN service. We do not operate servers that route your internet traffic. This Privacy Policy covers only the data practices of this informational website.
๐Ÿ“Š

2. Data We Collect

When you visit this Website, we may collect the following categories of information through automated means:

2.1 Technical & Access Data

  • IP Address: Anonymized via Google Analytics 4 (GA4) โ€” full IP addresses are never stored in our analytics.
  • Browser & Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Access Logs: Our hosting provider may temporarily log request metadata (timestamps, URLs requested, HTTP status codes) for security and operational purposes.

2.2 Usage Data

  • Page Views & Navigation: Pages visited, referring URL, session duration, and click interactions.
  • Engagement Metrics: Scroll depth, outbound link clicks, and file download events โ€” all collected in aggregate via GA4.

2.3 Cookie & Identifier Data

  • First-Party Cookies: Theme preference (light/dark mode) and consent state.
  • Third-Party Cookies: Set by Google Analytics and Google AdSense for analytics and advertising purposes (see Sections 6 and 7).
๐Ÿ›ก๏ธ

3. Data We Don't Collect (No-Log Policy)

We maintain a strict no-log policy with respect to the ClashX application and your broader internet activity. Specifically:

โœ“ We do not collect, monitor, or log your browsing activity, DNS queries, or network traffic routed through ClashX.
โœ“ We do not collect personally identifiable information (PII) such as your name, email address, phone number, or physical address through this Website.
โœ“ We do not collect payment or financial information โ€” this Website does not process any transactions.
โœ“ We do not collect proxy server addresses, configuration files, subscription URLs, or connection timestamps from the ClashX application.
โœ“ The ClashX application operates entirely on your local device and does not send telemetry, crash reports, or usage data to us.
โœ…
Zero-Knowledge Principle: We have no technical ability to associate your website visit with your proxy configuration or internet activity. ClashX processes all proxy rules locally on your device.
๐ŸŽฏ

4. How We Use Data

The limited data we collect through this Website is used exclusively for the following purposes:

๐Ÿ“ˆ

Website Analytics

Understanding visitor behavior in aggregate to improve site content, navigation, and user experience. We use GA4 with IP anonymization enabled.

๐Ÿ”ง

Technical Operations

Diagnosing errors, preventing abuse, maintaining security, and ensuring the Website remains available and performant for all users.

๐Ÿ’ฐ

Advertising Revenue

Displaying contextual and personalized advertisements through Google AdSense to fund Website hosting and development costs.

โš–๏ธ

Legal Compliance

Complying with applicable laws, responding to lawful requests from public authorities, and protecting our legal rights.

โš ๏ธ
We Never Sell Your Data: We do not sell, rent, trade, or otherwise transfer your personal information to third parties for monetary or other valuable consideration. This applies under all applicable privacy laws including the CCPA/CPRA.
๐Ÿช

6. Cookies & Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They help websites remember preferences, understand usage patterns, and deliver relevant content. Cookies may be "first-party" (set by this Website) or "third-party" (set by external services).

6.2 Categories of Cookies We Use

โš™๏ธ

Strictly Necessary

Theme preference (light/dark mode) and cookie consent state. These cannot be disabled as they are essential for basic Website functionality. No consent required.

๐Ÿ“Š

Analytics (GA4)

Google Analytics 4 cookies (_ga, _ga_*) measure site traffic and user engagement in aggregate. IP anonymization is enabled. Retention: 14 months. Requires consent.

๐Ÿ’ผ

Advertising (AdSense)

Google AdSense cookies deliver relevant advertisements and measure ad performance. These may enable personalized or contextual advertising depending on your consent. Requires consent.

6.3 Google Consent Mode v2

This Website implements Google Consent Mode v2 to ensure that Google tags (Analytics and AdSense) respect your cookie preferences. When you have not provided consent:

  • analytics_storage is set to denied โ€” no analytics cookies are written.
  • ad_storage is set to denied โ€” no advertising cookies are written.
  • ad_user_data and ad_personalization are set to denied โ€” no user data is shared with Google for ad purposes.

Cookieless pings may still be sent to Google in a privacy-preserving manner to support basic measurement, but no personal identifiers are transmitted until you grant consent.

6.4 Managing Cookies

You can manage or delete cookies at any time through your browser settings:

Browser Cookie Settings 
Chrome:  Settings โ†’ Privacy and Security โ†’ Cookies and other site data
Safari:  Preferences โ†’ Privacy โ†’ Manage Website Data
Firefox: Settings โ†’ Privacy & Security โ†’ Cookies and Site Data
Edge:    Settings โ†’ Cookies and site permissions โ†’ Manage and delete cookies

You may also use our on-site cookie consent banner to update your preferences at any time. Note that disabling essential cookies may impair certain Website features.

๐Ÿ”—

7. Third-Party Services

This Website integrates the following third-party services. Each service operates under its own privacy policy and may collect data independently:

7.1 Google Analytics 4 (GA4)

Purpose: Aggregate website traffic analysis, user engagement metrics, and content performance measurement.

Data Collected: Anonymized IP, pages visited, session duration, device and browser metadata, geographic location (country/city level), and engagement events.

Data Processing: IP anonymization is enabled by default. Data is processed by Google LLC in the United States under Standard Contractual Clauses (SCCs).

Retention: User-level data is retained for 14 months and then automatically deleted.

Privacy Policy: Google Privacy Policy

Opt Out: Install the Google Analytics Opt-out Browser Add-on, or decline analytics cookies via our consent banner.

7.2 Google AdSense

Purpose: Display advertisements to support Website operational and hosting costs.

Data Collected: Cookie identifiers, browsing interests (if personalized ads are consented to), device information, and ad interaction data.

Personalization: Ad personalization depends on your consent. Without consent, only contextual (non-personalized) ads are served.

Privacy Policy: Google Advertising Privacy Policy

Ad Settings: Manage personalization at Google Ad Settings. You can also opt out of personalized advertising via DAA Opt-Out or EDAA Your Online Choices.

7.3 GitHub

Purpose: Hosting our open-source repository, issue tracking, and community engagement.

Data Collected: When you click links to our GitHub repository, you leave this Website and become subject to GitHub's data practices. We do not receive personal data from GitHub.

Privacy Policy: GitHub Privacy Statement

7.4 Affiliate Partners

Scope: Some pages on this Website contain affiliate links to the following partners. Clicking these links may result in the partner placing tracking cookies or identifiers for attribution purposes.

Purpose: Referral source identification, commission calculation, fraud prevention, and campaign performance analysis. You are never charged extra for using an affiliate link.

Partners & Their Privacy Policies:

Cookie Consent: Non-essential affiliate tracking cookies are only activated after you provide consent where required by applicable law.

๐Ÿค

8. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share limited data only in the following circumstances:

  • Service Providers: We share data with trusted third-party service providers (Google Analytics, Google AdSense, hosting providers) who process data on our behalf under strict contractual data protection obligations.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, any personal data held by us may be transferred as part of the transaction. We will notify you via a prominent notice on this Website of any change in ownership or use of your data.
  • With Your Consent: We may share information for any other purpose with your explicit consent.
๐Ÿ’ก
Minimal Sharing Principle: We share only the minimum data necessary to achieve the stated purpose, and we require all recipients to maintain the confidentiality and security of your data.
๐ŸŒ

9. International Data Transfers

This Website is accessible globally, and data collected through third-party services (particularly Google Analytics and Google AdSense) may be transferred to and processed in countries outside your country of residence, including the United States.

9.1 Safeguards for EU/EEA Data

Where personal data of EU/EEA residents is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): Google operates under the European Commission's Standard Contractual Clauses for data transfers to the US and other third countries, as adopted in June 2021.
  • EU-US Data Privacy Framework: Google LLC is certified under the EU-US Data Privacy Framework, providing an additional mechanism for lawful data transfer.
  • Supplementary Measures: Technical measures such as encryption in transit (TLS 1.3) and at rest, as well as pseudonymization (IP anonymization), supplement the legal safeguards.

9.2 UK International Transfers

For transfers of UK personal data, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, ensuring compliance with UK GDPR requirements.

๐Ÿ”

10. Data Security

We implement appropriate technical and organizational measures to protect data processed through this Website:

๐Ÿ”’

Encryption in Transit

All connections to this Website are encrypted via HTTPS (TLS 1.2+). HSTS headers enforce secure connections.

๐Ÿ›ก๏ธ

Security Headers

We deploy X-Content-Type-Options, Referrer-Policy, and other security headers to mitigate common web vulnerabilities.

๐Ÿ”‘

Access Controls

Administrative access to hosting infrastructure is restricted to authorized personnel with multi-factor authentication.

๐Ÿ“ก

IP Anonymization

GA4 anonymizes IP addresses by default, ensuring full IP addresses are never stored in our analytics data.

๐Ÿ—„๏ธ

Data Minimization

We collect only the minimum data necessary for stated purposes and retain it only as long as needed.

๐Ÿ”„

Regular Review

We periodically review and update our security practices to address evolving threats and industry standards.

โš ๏ธ
No Absolute Guarantee: While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users and relevant authorities in the event of a data breach as required by applicable law.
๐Ÿ‡ช๐Ÿ‡บ

11. Your Rights Under the GDPR (EU/EEA)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) grants you the following rights regarding your personal data:

๐Ÿ‘๏ธ

Right of Access (Art. 15)

Request a copy of the personal data we hold about you and information about how it is processed.

โœ๏ธ

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data we hold about you.

๐Ÿ—‘๏ธ

Right to Erasure (Art. 17)

Request deletion of your personal data when it is no longer necessary for the purpose it was collected, or when you withdraw consent.

โธ๏ธ

Right to Restriction (Art. 18)

Request that we limit the processing of your personal data under certain circumstances (e.g., while verifying accuracy).

๐Ÿ“ฆ

Right to Portability (Art. 20)

Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

๐Ÿšซ

Right to Object (Art. 21)

Object to processing based on legitimate interest or for direct marketing purposes at any time.

How to Exercise Your GDPR Rights

  • Contact us using the information in Section 17.
  • We will verify your identity and respond to your request within 30 calendar days. If the request is complex, we may extend this period by up to 60 additional days with prior notice.
  • There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.

Automated Decision-Making: We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

๐Ÿ‡บ๐Ÿ‡ธ

12. Your Rights Under the CCPA/CPRA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information:

๐Ÿ“‹

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected, the sources, business purposes, and categories of third parties with whom we share it.

๐Ÿ—‘๏ธ

Right to Delete

Request deletion of personal information we have collected from you, subject to certain legal exceptions.

โœ๏ธ

Right to Correct

Request correction of inaccurate personal information that we maintain about you.

๐Ÿšท

Right to Opt Out of Sale/Sharing

Direct us not to sell or share your personal information for cross-context behavioral advertising purposes.

๐Ÿ’ก
"Do Not Sell or Share My Personal Information": We do not sell personal information for monetary consideration. However, the use of third-party advertising cookies (Google AdSense) may constitute "sharing" under the CPRA. You can opt out by declining advertising cookies via our consent banner or by sending a request to us via the contact information in Section 17.

How to Exercise Your CCPA/CPRA Rights

  • Submit a request using the contact details in Section 17.
  • We will verify your identity and respond within 45 calendar days. If additional time is needed, we may extend by up to 45 additional days with notice.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive a different level of service or pricing.
  • Authorized Agent: You may designate an authorized agent to submit requests on your behalf, subject to verification.

Global Privacy Control (GPC): We honor GPC signals transmitted by your browser. When detected, we will treat this as a valid opt-out request for the sale/sharing of personal information.

Sensitive Personal Information: We do not collect sensitive personal information as defined under the CPRA (e.g., Social Security numbers, financial account credentials, precise geolocation, biometric data).

๐Ÿ‡ฎ๐Ÿ‡ณ

13. Your Rights Under India's DPDP Act

India's Digital Personal Data Protection Act, 2023 (DPDP Act) grants rights to individuals (referred to as "Data Principals") whose personal data is processed. The DPDP Act is expected to become fully effective by May 2027, with rules currently being finalized. We proactively commit to the following:

๐Ÿ“„

Right to Information

You have the right to obtain a summary of the personal data being processed about you and the processing activities.

โœ๏ธ

Right to Correction & Erasure

You may request correction of inaccurate or misleading data, completion of incomplete data, updating of outdated data, and erasure of data no longer necessary for its original purpose.

๐Ÿ“ฃ

Right to Grievance Redressal

You have the right to a clear mechanism for raising grievances related to data processing, and to receive a timely response.

๐Ÿ‘ค

Right to Nominate

You have the right to nominate another individual to exercise your rights on your behalf in case of death or incapacity.

How to Exercise Your DPDP Rights

  • Contact us using the information in Section 17.
  • We will acknowledge your request and respond within 90 calendar days, or such shorter period as may be prescribed by the DPDP rules once finalized.
  • If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted.

Consent: Under the DPDP Act, we process personal data of Indian residents based on consent provided through our cookie consent mechanism. Consent may be withdrawn at any time, and we will cease processing within a reasonable period following withdrawal.

๐ŸŒ

14. Other Jurisdictions

We respect the privacy rights of users worldwide. Below is jurisdiction-specific information for other regions:

14.1 United Kingdom (UK GDPR)

Following Brexit, the UK operates under its own data protection framework (UK GDPR and the Data Protection Act 2018). UK residents enjoy substantially the same rights as described in Section 11 (GDPR Rights), including the rights of access, rectification, erasure, restriction, portability, and objection.

Supervisory Authority: You may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk.

International Transfers: See Section 9.2 regarding UK-specific transfer safeguards.

14.2 Australia (Privacy Act 1988)

Australian residents are protected under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988. You have the right to:

  • Request access to personal information we hold about you (APP 12).
  • Request correction of inaccurate, out-of-date, or incomplete information (APP 13).
  • Complain about a breach of the APPs and have that complaint handled.

Supervisory Authority: You may lodge complaints with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14.3 Canada (PIPEDA)

Canadian residents are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to:

  • Access personal information held about you and be informed of its use and disclosure.
  • Challenge the accuracy and completeness of your information and have it amended.
  • Withdraw consent for data processing at any time (subject to legal or contractual restrictions).

Supervisory Authority: You may lodge complaints with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

๐Ÿ‘ถ

15. Children's Privacy

This Website is not directed at children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children.

โš ๏ธ
Parental Notice: If you are a parent or guardian and believe that your child has provided personal data to us through this Website, please contact us immediately using the information in Section 17. Upon verification, we will promptly delete any such data from our systems.

We comply with the US Children's Online Privacy Protection Act (COPPA), the GDPR's provisions on children's consent (Article 8), the UK Age Appropriate Design Code, and other applicable laws protecting children's privacy. Google AdSense on this Website is configured to not serve personalized ads to users identified as minors.

๐Ÿ”„

16. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

  • Material Changes: We will post a prominent notice on this Website and update the "Last Updated" date at the top of this page. For significant changes affecting your rights, we will provide at least 30 days' notice before the changes take effect.
  • Minor Changes: Non-material changes (such as formatting updates or clarifications that do not affect your rights) may be made without prior notice.
  • Review Recommendation: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Your continued use of this Website after any changes to this Privacy Policy constitutes your acknowledgment and acceptance of the updated policy. If you disagree with any changes, please discontinue use of this Website.

๐Ÿ“ง

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your data protection rights, please contact us through the following channels:

Contact Information

Response Times by Jurisdiction

๐Ÿ‡ช๐Ÿ‡บ

EU/EEA (GDPR)

Within 30 days, extendable by 60 days for complex requests.

๐Ÿ‡บ๐Ÿ‡ธ

California (CCPA/CPRA)

Within 45 days, extendable by 45 additional days with notice.

๐Ÿ‡ฎ๐Ÿ‡ณ

India (DPDP Act)

Within 90 days, or as prescribed by final DPDP rules.

๐Ÿ‡ฌ๐Ÿ‡ง

UK (UK GDPR)

Within 30 days, extendable by 60 days for complex requests.

For all other jurisdictions, we will respond within a reasonable period, typically no longer than 30 days.

โœจ
Thank You for Your Trust: Protecting your privacy is fundamental to everything we do. We are committed to transparency and will always strive to give you meaningful control over your personal data. If you have any questions, please do not hesitate to reach out.