Updated Date: April 8, 2026
Effective Date: April 8, 2026
Version: V1.0
Panabit fully recognizes the importance of your personal information to you. We will process your personal information in accordance with the provisions of laws and regulations, adhering to the principles of legality, legitimacy, necessity and good faith, and adopt corresponding security measures to protect the security of your information.
To help you quickly understand the core content of this Policy, a summary is provided as follows:
Serial Number Information Type Specific Information Purpose of Use Applicable Scenarios 1 Account Information Enterprise domain name, username, password Complete account login and identity authentication User login 2 Single Sign-On (SSO) Information Authorization result, access token Complete enterprise single sign-on User selects SSO account for login 3 Device Identification Information ANDROID_ID, identifierForVendor, device_uuidDevice identification, configuration synchronization, security verification Domain name identification, configuration pull, update check, connection control 4 Application and Configuration Information Platform type Determine updates and deliver incremental configurations Configuration synchronization, update check 5 Network and Connection Information Interface information, local IP Establish and maintain VPN connections, troubleshooting and security auditing Network access, VPN connection 6 Local Storage Information Saved domain names, usernames, encrypted passwords, routing settings, protocol consent records Improve usage continuity, save user preferences, and remember login status When the user actively chooses to save information
The current version mainly involves the following permissions or system authorizations:
VPN Authorization: Used to establish a VPN tunnel;
Update Package Installation Authorization: Used for users to actively install updated versions;
Network Access and Network Status Reading: Used for service communication and connection status judgment.
We will not enable non-essential permissions by default, and will only request them from you when you trigger the relevant functions.
The current version does not integrate third-party SDKs (Software Development Kits) for advertising, statistics, push notifications, maps, or payments. Under the current default deployment model, authentication services, controller services, configuration synchronization services, and update services are usually built, deployed, or operated by us ourselves, which are proprietary service nodes used by us to provide this service and generally do not constitute sharing with external third parties. For details, please see the chapter "How We Share, Transfer, and Publicly Disclose Your Personal Information" in this Policy.
You have the right to inquire about, copy, correct, delete, withdraw consent to, cancel your account, etc., in accordance with the law. If you cannot achieve this through product functions, you may contact us via the contact information at the end of this Policy.
Beijing Panabit Software Co., Ltd. (hereinafter referred to as "we") provides you with services such as enterprise domain name identification, account login, configuration synchronization, VPN connection, routing settings, log viewing, and version updates through the Panabit client. This Panabit Privacy Policy (hereinafter referred to as "this Policy") is intended to inform you of how we collect, use, store, share, and protect your personal information, as well as the rights you enjoy.
Please carefully read and fully understand the content of this Policy before using this software. For clauses involving your important rights and interests, we will prompt you to pay special attention to them in bold, list, or other reasonable ways.
Your click on "Agree and Continue" or continued use of this software indicates that you have read and understood this Policy and agree to our processing of your personal information in accordance with this Policy.
We will process your personal information in the following scenarios in accordance with the principles of legality, legitimacy, minimal necessity, and openness and transparency.
When you log in to Panabit, we will process the following information:
Enterprise domain name
Username
Password
Authorization code, access token, or session information in the context of single sign-on
Purposes of processing:
Verify your identity
Confirm the affiliated enterprise and network access configuration
Establish login sessions and access control
To implement domain name identification, authentication configuration pull, update check, incremental configuration synchronization, and security control, we will process the following device identification information:
ANDROID_ID for Android devices
identifierForVendor for iOS devices
device_uuid generated locally by the application and persisted
Purposes of processing:
Identify terminal devices
Associate configuration versions
Support encryption/decryption and local caching of configuration files
Improve service security and stability
When you use functions such as VPN connection, routing settings, and status viewing, we will process the following information:
Local network interface name
Local IP address
Request time, request results, access logs
IP address recorded by the server
Purposes of processing:
Establish and maintain VPN tunnels
Perform local network exclusion and routing processing
Locate connection abnormalities and conduct troubleshooting
When you use the configuration synchronization or update check function, we will process the following information:
Platform type
Application version
Configuration version
Purposes of processing:
Determine whether the configuration needs to be updated
Determine whether a new version of the application exists
Return configurations and update results adapted to the current terminal
To improve user experience and implement necessary functions, we may save the following on your local device:
Enterprise domain name
Username
Encrypted passwords
Routing settings
Authentication session information
Protocol consent status
Purposes of processing:
Implement the function of remembering login information
Save configurations and user preferences
Support protocol version verification and re-consent
On the Android platform, before you click "Agree" on the pop-up window on the home page, we will only read local static resources and protocol status configurations, and will not:
Obtain device identification information;
Initiate business requests;
Automatically log in;
Display the device ID.
To implement specific functions, we may need to request or use relevant system permissions or system capabilities. The current version mainly involves the following content:
Item Description Permission/Capability Name VPN Authorization / VPN Configuration Authorization Applicable Platforms Android, iOS Purpose of Use Establish enterprise VPN tunnels to achieve secure network access Trigger Time When you actively initiate a VPN connection Is it Mandatory Yes Impact of Refusal Unable to establish a VPN connection, and the network access function after login will be unavailable
Notes:
On Android, the request is made through the system VPN authorization process;
On iOS, the request is made through the system VPN configuration authorization process;
We will not forcibly initiate VPN authorization before you actively connect.
Item Description Permission/Capability Name Install apps from unknown sources / Update package authorization Applicable Platforms Android Purpose of Use Install the new version installation package when you actively perform application updates Trigger Time When you actively click to update and confirm installation Is it Mandatory Only mandatory for the in-app update installation function Impact of Refusal Unable to complete installation through the app, but you can still manually update through other legal means
The following permissions are mainly used to implement network connections and service operation, and usually do not require separate pop-up confirmation like VPN authorization, but will take effect in the system installation and operation mechanism.
Permission Name Applicable Platforms Purpose of Use INTERNETAndroid Access network resources such as enterprise services, update services, and protocol links ACCESS_NETWORK_STATEAndroid Judge network status and handle connection logic CHANGE_NETWORK_STATEAndroid Cooperate with connection and network status management FOREGROUND_SERVICEAndroid Run as a foreground service during VPN connection FOREGROUND_SERVICE_SPECIAL_USEAndroid Support foreground service scenarios for special VPN purposes WAKE_LOCKAndroid Reduce the impact of device hibernation on connections in specific scenarios
Up to the current version, Panabit has not applied for or actually used the following capabilities:
Camera
Microphone
Contacts
Album/Photo reading
Precise location
Short messages
Calendar
Bluetooth scanning
Complete list of installed applications
If relevant permissions or capabilities are added in future versions, we will:
Individually inform you of the purpose before the function is triggered;
Update this Policy again when necessary;
Re-obtain your consent in accordance with the requirements of laws and regulations.
Please note:
Non-essential permissions will not be enabled by default;
You may refuse or withdraw relevant authorizations;
Refusing mandatory authorizations will result in the corresponding functions being unavailable, but will not affect your ability to view the content of the Agreement.
We process and store your personal information within the territory of the People's Republic of China. The current version does not have regular business scenarios involving the transmission of personal information overseas.
We will retain your personal information for the shortest period necessary to achieve the purposes of processing. After the retention period expires, we will delete or anonymize your personal information in accordance with the law, unless otherwise stipulated by laws and regulations.
The retention period of locally cached information depends on:
Whether you actively delete or log out;
Whether the protocol version has changed;
Whether the configuration cache has expired;
Requirements of laws, regulations or supervision.
We will not sell or rent your personal information to irrelevant third parties.
Under the current default deployment model, authentication services, controller services, configuration synchronization services, and update services are usually built, deployed, or operated by us ourselves. Therefore, the aforementioned business requests are usually sent to our proprietary or controlled service nodes, which does not constitute sharing with external third parties.
If external recipients such as the following are integrated in subsequent versions or specific deployment scenarios, we will disclose them separately according to the actual situation and obtain your consent when necessary:
Customer-built controllers or customer-designated controller services;
Customer-designated or external identity providers;
Other external update service recipients.
The current default deployment model is explained as follows:
Scenario Current Default Recipient Whether it constitutes sharing with external third parties Account Authentication Our self-operated authentication service No Controller configuration pull / Configuration synchronization Our self-operated controller or configuration service No Application update check and installation package distribution Our self-operated update service No OIDC Single Sign-On Currently usually provided by our self-operated identity service; if an external identity source is integrated, it will be disclosed separately No by default currently
The current version uses several basic open-source components or system capability plugins to implement local authentication, system capability calls, local storage, opening external links and other functions. They are mainly used as local runtime dependencies and do not constitute commercial data cooperation involving sharing personal information with their operators.
Identifiable basic components in the current code include but are not limited to:
Component/Capability Main Purpose Whether it is a third-party commercial sharing party flutter_appauth / AppAuthImplement OIDC (OpenID Connect) login capability No device_info_plusObtain platform device identification-related capabilities No android_idObtain Android ANDROID_IDNo shared_preferencesLocal storage of configurations and consent status No flutter_secure_storageLocal secure storage of tokens/sensitive information No url_launcherOpen protocol and official website links No
Unless we obtain your explicit consent, or need to transfer personal information due to statutory reasons such as merger, division, restructuring, bankruptcy, etc., we will not transfer your personal information to other companies, organizations or individuals.
Unless we obtain your separate consent, or as otherwise stipulated by laws and regulations, we will not publicly disclose your personal information.
We will take reasonable and necessary technical and management measures to protect the security of your personal information, including but not limited to:
Transmission encryption
Encrypted storage of sensitive information
Access permission control
Log auditing
Abnormal monitoring
Regular security checks
Nevertheless, the Internet environment is not absolutely secure. Please properly keep sensitive information such as account passwords and tokens to avoid leakage.
Within the scope stipulated by laws and regulations, you have the following rights regarding your personal information:
Inquiry and access
Replication
Correction and supplementation
Deletion
Withdrawal of consent
Account cancellation
Obtaining explanations
Complaint and report
If you withdraw your authorization for the processing of necessary information or necessary permissions, it may result in the corresponding functions being unavailable, but will not affect the processing that has been carried out based on your consent before the withdrawal.
We may revise this Policy from time to time in accordance with product function changes, legal and regulatory requirements, or business operation needs.
If there are major changes to this Policy, we will give you a prominent notice through pop-up windows, page prompts, reconfirmation of the agreement, etc. Major changes include but are not limited to:
Changes in the purpose, method, or type of personal information processing;
Changes in the objects of information sharing;
Major changes in the methods and procedures for you to exercise your rights;
Changes in the operating entity, contact information, or dispute resolution rules.
If the revised Policy requires re-obtaining your consent, we will seek your consent again in the corresponding scenarios.
We attach great importance to the protection of minors' personal information. If you are a minor under the age of 18, please read this Policy accompanied by your legal guardian and use this software and services with the consent of your guardian.
If you or your guardian have any questions about the protection of minors' personal information, you may contact us via the contact information at the end of this Policy.
If you have any questions, comments, or suggestions regarding this Policy, personal information protection matters, or your rights to personal information, you may contact us through the following methods:
Company Name: Beijing Panabit Software Co., Ltd.
Contact Email: support@panabit.com
Contact Address: 10th Floor, Building 5, Haikai Park, Phase II of Zhongguancun Dongsheng Science Park, Haidian District, Beijing
We will process your request as soon as possible after receiving it and reply to you within the time limit stipulated by laws and regulations.
Beijing Panabit Software Co., Ltd.