Privacy Policy

Last updated: April 16, 2026

24Defend is an anti-phishing application developed and operated in Montevideo, Uruguay. This policy describes what data we collect, how we use it, and how we protect it.

1. How 24Defend works

24Defend creates a local VPN configuration on your device that intercepts DNS queries (the step where your device looks up a website address). The VPN is required to intercept DNS queries at the system level, which is the only way to protect users across all apps (WhatsApp, SMS, email, browsers) simultaneously.

The VPN performs DNS filtering locally on your device. The vast majority of queries are resolved on-device using local blocklists and machine learning models without any network call. For suspicious domains not in the local database, the domain name is sent to our servers for analysis.

When we detect a fraudulent domain, we block the DNS query before the page loads and notify you.

2. Data we collect

2.1 Blocked or suspicious domain names

When 24Defend blocks a link or detects a suspicious domain, we send the base domain name (e.g., "fake-site.com") to our servers to improve threat detection. This helps us identify new phishing campaigns and protect all users.

We do not collect allowed domains. Your normal browsing history never leaves your device.

2.2 Aggregated session statistics

We collect aggregated counters about app performance: total DNS queries checked, number of threats blocked, and performance metrics. This data does not contain domain names or browsing information.

2.3 Anonymous device identifier

We generate a random unique identifier (UUID) for your device. This identifier is not linked to your Apple ID, phone number, email address, or any personal information. It is used solely to group telemetry events from the same device.

2.4 Server logs

When the app communicates with our servers, standard server logs may temporarily record IP addresses for security and abuse prevention purposes. These logs are not associated with your browsing activity and are automatically purged within 14 days.

2.5 Data we do NOT collect

• Browsing history (websites you normally visit)
• Web page content
• Passwords or credentials
• Geographic location
• Contacts, photos, or other personal data
• Apple ID or Apple account information

3. How we use the data

• Detection improvement: Blocked domains feed our threat database, protecting all users on the network.
• Performance: Aggregated statistics help us optimize the app.
• Institutional reports: We provide aggregated, anonymized data to financial institutions about phishing attempts targeting their customers.

4. Who we share data with

We do not sell, trade, or rent your data to third parties. Data may be shared with:

• Partner financial institutions: Aggregated, anonymized data about fraudulent domains impersonating their brand (e.g., "47 phishing domains targeting BROU were blocked this month"). No individual user data is shared.
• Infrastructure providers: Amazon Web Services (AWS) hosts our servers under a data processing agreement. Data is stored encrypted in AWS facilities in the United States (us-east-1 region).

We do not use any third-party analytics SDKs, advertising frameworks, or tracking tools.

5. International data transfers

Our servers are hosted in the United States (AWS us-east-1). If you are located in Uruguay or elsewhere in Latin America, your data (blocked domain names and session statistics) is transferred to and processed in the United States. We protect this data using encryption in transit (TLS) and at rest (AES-256).

6. Data security

• All communications between the app and our servers use HTTPS (TLS encryption).
• Data is stored in Amazon DynamoDB with encryption at rest.
• Telemetry events are automatically deleted after 90 days.
• Server logs with IP addresses are purged within 14 days.
• Data access is restricted to authorized members of the 24Defend technical team.

7. Data retention

• Telemetry events (blocked domains): 90 days
• Server logs (IP addresses): 14 days
• Fraudulent domain database: indefinite (necessary for protection)
• Device identifier: while the app is installed

8. Your rights

You can:

• Uninstall the app at any time to stop all data collection
• Disable VPN protection from within the app at any time
• Contact us at dev@24defend.com to request access to or deletion of your data

Under Uruguay's data protection law (Ley 18.331), you have the right to access, rectify, and delete your personal data. We will respond to requests within 5 business days.

9. Children's privacy

24Defend is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

10. VPN usage disclosure

24Defend uses Apple's NetworkExtension API (NEPacketTunnelProvider) to create a local VPN configuration. This VPN:

• Is required to intercept DNS queries at the system level, providing protection across all apps
• Only intercepts DNS queries (port 53)
• Does not route your web traffic through external servers
• Does not log or inspect web page content
• Performs the majority of filtering locally on your device using downloaded blocklists and an on-device machine learning model
• Only contacts our servers when a domain is flagged as suspicious by local analysis (approximately 0.2% of queries)

11. Changes to this policy

We may update this policy periodically. We will notify you of significant changes through the app. Continued use of 24Defend after changes constitutes acceptance of the updated policy.

12. Contact

For privacy questions, data requests, or concerns:

24Defend

Montevideo, Uruguay

Email: dev@24defend.com

Web: www.24defend.com