1. Introduction

Daric Industries, Inc. ("we," "us," or "our") operates the Iran Nation mobile application (the "App"). The App is a community discussion platform.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the App. We operate worldwide and comply with applicable privacy laws, including GDPR.

2. Information We Collect

We collect the following personal data:

• Name
• Email
• Country of birth
• Photo (profile image)
• Date of birth
• Payment information (for Pro users only)

We also collect:

• IP address
• Operating system (OS)
• Crash logs

Biometric authentication for login is handled by your device platform (e.g., Apple Face ID or Google biometrics) and is not collected or stored by us.

We do not collect usage data, location data, or data from children under 13.

3. How We Collect Information

• Directly from you: Via sign-up forms, profile updates, and Pro subscription inputs.
• Automatically: IP address, OS, and crash logs during App use.
• Webviews: The App includes webviews; any cookies or tracking there are governed by the loaded websites' policies.

We do not use third-party logins, analytics SDKs, advertising partners, or automatic collection beyond the above.

4. How We Use the Information

We use your information to:

• Provide core App features, including issuing badges for users who verify themselves (requires name, date of birth, country of birth, photo).
• Process payments for Pro users (via Stripe).
• Maintain and secure the App.

5. Legal Bases (GDPR and Equivalents)

• Contract: To provide the service, issue licenses/passports, and process payments.
• Legitimate interest: For fraud prevention, identity verification, and App security.

We do not rely on consent for any processing.

6. Sharing and Disclosure

We share data only with:

• Stripe (payment processing for Pro users): https://stripe.com/privacy
• Server host (in Germany): For storage and operations.
• Admins with access controls may view data as needed for reviewing verification applications.

We do not sell data, share for advertising, or disclose to law enforcement except as legally required. No disclosures in mergers at this time.

7. Data Security

We use:

• Encryption in transit (e.g., HTTPS).
• Access controls (limited to certain admins).

8. Data Retention

We retain all data for the duration of your account + 12 months after deletion or inactivity.

9. User Rights and Choices

You have rights to:

• Access your data.
• Rectify inaccurate data.
• Delete your data (erases account and all associated info).
• Object to or restrict processing.
• Portability (receive data in structured format).

To exercise rights or request deletion, email dev@irannation.com. We respond within legal timelines (e.g., 30 days under GDPR).

California residents: No sale or sharing for cross-contextual advertising. Opt-out not applicable.

We honor deletion requests worldwide.

10. Children's Privacy

The App is for adults only (minimum age 18). We do not knowingly collect data from children under 13. No COPPA consent flow.

11. International Transfers

Servers are in the EU (Germany). Data stays within the EEA. No transfers outside require SCCs.

12. Third-Party Links and Services

The App may link to third-party sites or services (including in webviews). Their privacy practices apply; we are not responsible.

13. Changes to This Policy

We may update this Policy. Changes will be posted in the App and on our website with a new effective date. Continued use means acceptance.

14. Security Hardening for High-Risk Environments

Users accessing our platform from high-risk environments (particularly Iran) face sophisticated surveillance infrastructure. This section provides actionable guidance to protect your privacy and security.

14.1 Threat Model Overview

Primary Threat: Traffic Analysis & Correlation

Risk Level: High Likelihood, High Impact

State-level adversaries can monitor connection metadata even when content is encrypted. The following mitigations are designed for this threat model.

14.2 The "Three-Hop" Rule (Advanced Protection)

For maximum anonymity, route your traffic through three distinct layers:

• Hop 1 - Obfuscation Layer: Use V2Ray/XRay with Reality protocol or Shadowsocks-2022. This makes your traffic appear as normal website browsing to the surveillance firewall.
• Hop 2 - VPN Concentrator: Connect to a VPN server in a neutral jurisdiction (Sweden, Switzerland, or Iceland recommended).
• Hop 3 - Destination: Your final destination (our platform or other services).

Diversification: Maintain fallback tools like Psiphon in case primary tools are detected or blocked.

14.3 DNS Hardening

Your DNS queries can reveal which websites you visit. Protect them:

• Use Encrypted DNS (DoH/DoT): Configure DNS over HTTPS in your browser.
• Recommended Providers:
  • Cloudflare: 1.1.1.1
  • Quad9: 9.9.9.9
• Browser Configuration:
  • Firefox: Settings → Privacy & Security → DNS over HTTPS → Select "Max Protection" with Cloudflare or NextDNS
  • Chrome: Settings → Privacy and Security → Security → Use Secure DNS → Select Cloudflare (1.1.1.1)

14.4 IPv6 Leakage Prevention

Critical: ISPs can leak your real location through IPv6 even when VPN is active on IPv4.

• Disable IPv6 on all network adapters in your operating system settings.
• In your VPN client (e.g., v2rayNG), enable "Block IPv6" or "Prefer IPv4" in the app-specific settings—not just OS settings.
• Verify no IPv6 leakage at ipv6leak.com or similar testing services.

14.5 Understanding Metadata & URL Exposure

Even with HTTPS encryption, surveillance systems can see:

• DNS Leak (The "Phonebook"): When you type a website address, your computer asks a DNS server "Where is this website?" Your ISP logs this query.
• SNI Leak (Server Name Indication): During the SSL handshake, your browser announces the domain name in plain text so the server knows which certificate to provide. Surveillance systems read this "Hello" packet.

Level 1: Browser Hardening (Basic Defense)

These settings help but may not defeat Deep Packet Inspection (DPI) alone:

• Encrypted Client Hello (ECH): Encrypts the SNI "Hello" packet.
  • Firefox: Go to about:config → Search network.dns.echconfig.enabled → Set to True
  • Chrome: Go to chrome://flags → Search "Encrypted Client Hello" → Set to Enabled
• Warning: Some surveillance systems block all ECH traffic because they cannot inspect it. If connections time out, try disabling ECH.

Level 2: Tor with Bridges (Strong Anonymity)

Tor encrypts your traffic in three layers. The ISP sees a Tor connection but cannot see your destination.

• Important: Standard Tor is blocked in Iran. You must use Bridges:
• Snowflake: Makes your traffic look like WebRTC video calls.
• Meek-Azure: Makes your traffic appear as Microsoft cloud browsing (very difficult to block).
• Setup: Open Tor Browser → Connection Settings → "Select a Built-in Bridge" → Choose Snowflake or Meek-Azure.

Level 3: Obfuscation Proxies (Recommended for Iran)

This is the most reliable method. These protocols disguise your traffic as normal web browsing:

• V2Ray / Xray (VMess & VLESS):
  • Clients: v2rayNG (Android), v2rayN (Windows), Nekoray (Cross-platform)
  • Configuration requires a server key (usually a long string starting with vmess:// or vless://)
• Reality / Vision Protocols: Newest protocols designed specifically to bypass sophisticated firewalls.
• Shadowsocks-2022: Encrypted SOCKS5 proxy. Use implementations with AEAD ciphers—older versions are detectable.

14.6 Recommended Workflow

For safe access to politically sensitive platforms from high-risk environments:

1. Launch v2rayNG (Android) or Nekoray (PC).
2. Connect to a VLESS-Reality or Shadowsocks server hosted outside your country.
3. Enable "Tun Mode" (Tunnel Mode): This forces ALL traffic (DNS and data) through the obfuscated tunnel.
4. Open your browser: The surveillance system now sees encrypted data going to a seemingly random server, but cannot read the actual destination.

14.7 Additional Resources

For detailed setup guides and trusted server providers:

• Electronic Frontier Foundation - Surveillance Self-Defense
• Tor Project - Official Downloads
• Privacy Guides - Recommended Tools

Disclaimer: This guidance is provided for educational purposes to help users protect their privacy.

15. Contact Us

For privacy questions, requests, or complaints: