u
unlistvpn
Browser extension privacy policy
Updated 13 July 2026
The unlist VPN extension routes your browser traffic through a server you choose and adds privacy controls. We do not embed analytics or trackers, do not collect your browsing history, and do not sell data. This page explains what data the extension handles and why.
In short. Only your settings and a session token are stored locally in the browser. Your email and password are used once, for signing in, and are not stored by the extension. Your browsing history is not collected and is never sent anywhere.
What data is handled
- Email and password — only when you sign in with email and password. They are sent over a secure connection (HTTPS) to our server app.unlistvpn.ru to verify your unlist subscription. The password is used solely to check the sign-in and is not stored by the extension.
- Sign in with Telegram (QR) — instead of a password you can confirm the sign-in from the unlist mini app in Telegram. The extension receives only a one-time session token tied to your subscription.
- Session token and subscription status — stored locally in the browser (chrome.storage) so you stay signed in and premium-server access can be determined. They are removed when you log out or uninstall the extension.
- Settings — the selected server, privacy toggles, and interface language and region. Stored only locally in the browser and never transmitted.
Proxied traffic
When the connection is on, your browser traffic is routed through the unlist server you selected — that is the extension's purpose. The extension itself does not log the sites you visit and does not send browsing history to the developer. Traffic handling on the servers is governed by the general unlist privacy policy.
Privacy features run locally
- WebRTC protection — prevents the browser from revealing your real IP over WebRTC. The setting is applied inside the browser itself; no data leaves your device.
- Timezone matching — spoofs the timezone reported to web pages so it matches the country of the selected server. It works only inside your browser.
- Smart routing and kill-switch — routing rules are computed locally; the domain lists ship together with the extension.
What we do NOT do
- We do not embed analytics, ad pixels, or third-party trackers.
- We do not collect or store your browsing history.
- We do not sell or share your data with third parties.
- We do not use your data for anything unrelated to the VPN and your subscription.
Support diagnostics
The contact-support button copies a short technical context to your clipboard (extension version, connection status, selected server, toggle states) — only when you press it yourself. This text contains no passwords, tokens, or IP addresses and is not sent anywhere automatically: it is up to you whether to paste it into your message.
Browser permissions and why they are needed
- proxy — route traffic through the selected server (core function).
- webRequest, webRequestAuthProvider — authenticate to the proxy server (the username and password are supplied only to our server).
- privacy — control WebRTC protection.
- declarativeNetRequest — the kill-switch and local block rules.
- storage — store your settings and the session token locally.
- access to all sites (host permissions) — required because a VPN applies to all browser traffic and the timezone spoof runs on any page. The extension does not read or collect page content.
Data storage and deletion
All extension data is stored locally in your browser. Logging out removes the session token; uninstalling the extension erases all local data. On the server side, your account and subscription are managed in accordance with the unlist privacy policy and applicable data-protection law.
Changes to this policy
We may update this policy. The current version is always available at this address; the date of the latest change is shown at the top of the page.
Contact
Privacy questions — admin@unlistvpn.ru or Telegram @vms_admin.