Quick help
Pick a topic — we'll show the most-asked answers first. If nothing fits, talk to support directly.
Back to topics
Privacy & security
-
Do you keep activity logs?
We log only the total bytes you send and receive — needed for billing on capped plans. We never log destinations, DNS queries, websites visited, or the contents of any traffic. The wireguard / sing-box stacks running on our servers are configured with logging set to error-only and rotate every 24 hours. -
Where is Sham VPN based? What's the legal jurisdiction?
The infrastructure runs on independent providers in Singapore, Germany, Finland, and the US. The operating entity is incorporated outside Syria, in a jurisdiction with no mandatory data retention law for small VPN operators. That said, no jurisdiction is a magic shield — what protects you is that we don't store the activity data in the first place. -
Will the VPN hide me from my ISP / government?
It hides *what* you do online from your ISP — they see only encrypted traffic to our servers, not which sites you visit. It does not hide *who you are* if you log into a service with real-name credentials, post identifying content, or use a phone with your real SIM. The VPN protects the network; the user protects the identity. -
Why is there a Telegram bot? Can I trust it?
The bot is a convenience channel — it lets you check subscription status, get your subscription link, and message support without opening the website. It only stores your Telegram user ID linked to your subscription, nothing more. Telegram (the platform) sees that you talk to our bot, the same way it sees that you talk to any other bot or person. If you want to skip it entirely, the website covers every feature the bot does. -
What if a government requests my data?
There's very little to hand over: an email, a payment reference (crypto TxID or ShamCash receipt), and aggregate bandwidth bytes. No browsing history, no IPs visited, no DNS queries — because none of that is stored. We comply with valid legal process in our operating jurisdiction. We don't have an automated portal or back door; every request is reviewed manually. -
Is my payment traceable back to me?
ShamCash is tied to a Syrian phone number, so it's traceable inside the ShamCash ecosystem. Bitcoin and USDT (TRC20) are pseudonymous — anyone with chain-analysis tools can correlate flows. If full payment privacy matters, use a non-KYC exchange or buy crypto peer-to-peer, then send to us. We never see card details (we don't take cards) and we don't link payments to browsing in any case.
Still need help — talk to support
Start chat Questions
Frequently asked.
Pick a topic to see the most-asked questions for it. Need more? Browse every topic on /support.
About Sham VPN
What is Sham VPN?
A multi-region VPN built for Syria and the wider Sham region, with modern protocols and no activity logs.
Which protocols are supported?
WireGuard for raw speed on open networks, VLESS+Reality for censored networks (looks like a normal HTTPS connection to google.com), and Shadowsocks with obfs as a fallback. The Hiddify app picks the right one for you automatically.
I'm connected but nothing loads
Usually a DNS or split-tunnel problem. In Hiddify, open Settings → Routing and set Mode to "Global" (not Rule). If that doesn't help, switch DNS to 1.1.1.1, disconnect, and reconnect. Still stuck? Try a different server from the list — your current one may be saturated.
The connection is slow
Three quick checks: (1) try a closer server — Singapore/Germany are usually fastest from the region; (2) switch protocol to WireGuard if you're on Reality and your ISP isn't blocking it (WireGuard is faster but more recognisable); (3) test speed without the VPN — if your ISP itself is throttled today, no VPN can fix that.
The VPN keeps disconnecting
If you're on mobile data, your carrier may be actively breaking VPN sessions. Switch to VLESS+Reality on port 443 — it's the hardest to detect. On Android, also enable "Always-on VPN" and "Block connections without VPN" in Settings → Network → VPN to stop the OS from killing the session in the background.
My ISP is blocking the VPN
Switch the active config to VLESS+Reality. It piggybacks on a real TLS handshake to a popular site (google.com / microsoft.com), so to deep packet inspection it looks identical to normal HTTPS — it can't be blocked without breaking those sites. If the current server is fingerprinted, try a different one from the list; we rotate Reality target domains across servers.
Captive Wi-Fi or hotel network won't let the VPN through
Most restrictive networks allow TCP/443 (HTTPS) but block everything else. Use a Reality or Shadowsocks config that runs on port 443 — these are listed first in the Hiddify subscription. WireGuard on UDP rarely works on hotel Wi-Fi.
Telegram / WhatsApp / one specific site is slow but everything else is fine
That's almost always destination-side, not VPN-side. The service may be rate-limiting our egress IP, or routing your region to a far-away data centre. Try a different VPN location: for Telegram, Germany or Finland usually wins; for US-hosted sites, the US location is faster.
How do I know the VPN is actually working?
Visit ipleak.net or browserleaks.com/ip while connected. The reported IP and country should match the server you picked (e.g. Singapore, Germany). If you see your real ISP's IP, the tunnel didn't come up — kill the app and reconnect. If you see the right country but a DNS leak, switch DNS to 1.1.1.1 inside Hiddify.
How do I install on Android?
Download the Hiddify APK from our /download page (Google Play is geo-restricted for many users in the region, so we ship direct). Allow "Install from unknown sources" when prompted — that permission is required for any sideloaded APK. Open the app and tap the "+" button, then paste your subscription link from My account → Devices.
How do I install on iPhone / iPad?
If the App Store is available to you, install "Hiddify" or "Streisand" directly. If it isn't (Apple geo-restricts the Store in some regions), you'll need to either change your Apple ID region temporarily or use TestFlight — contact support and we'll send you a current TestFlight invite. Once installed, open the app, tap Import, and paste the subscription link from your account page.
How do I install on Windows?
Download "Hiddify Next" for Windows from our /download page. Install, open the app, click the "+" button (top-right), choose "Add from clipboard" after copying your subscription link from My account → Devices. The app starts the tunnel as a TUN interface so all traffic is routed automatically — no extra config needed.
How do I install on Mac?
Two good options: "Hiddify" (App Store or .dmg from our /download page) is the simplest; "V2Box" is a lighter alternative. After install, open the app, tap Import → from link, paste your subscription URL. macOS will ask for a one-time system extension approval — accept it from System Settings → Privacy & Security.
How do I install on Linux?
For desktop Linux, the Hiddify Next AppImage on /download works on most distros. For headless servers or routers, use `sing-box` or `wg-quick` directly with the raw config — your account page exposes per-config files under "Show advanced". Need router-specific help (OpenWrt, Mikrotik)? Send us a message — happy to walk you through it.
Where do I find my subscription link?
Sign in, go to My account → Devices. The subscription URL (starts with https://) lives at the top. Copy it once and paste into Hiddify on each device — the app refreshes the server list automatically so you always have the latest endpoints. Don't share this link; it's tied to your subscription and counts against your device limit.
Can I install it on my router so the whole house uses it?
Yes, but only on routers running OpenWrt, Mikrotik, or pfSense — stock ISP routers don't support custom VPN clients. The cleanest approach is WireGuard since OpenWrt has first-class support. Send us a message with your router model and we'll send you a step-by-step config.
How can I pay?
Three ways: ShamCash (instant for Syria), USDT on TRC20 (cheapest crypto fees), or Bitcoin. Cards aren't supported — Syrian cards are blocked by the global card network and we don't run a foreign-cards merchant. ShamCash is the fastest if you have it; crypto is the most private.
Which USDT network should I use? TRC20 or ERC20?
Use TRC20 (Tron network) — fees are usually under $1 and confirmation is fast. ERC20 (Ethereum) also works but Ethereum gas can be $5–$30 per transfer, which is wasteful on a $4 subscription. Never send on BEP20 (Binance Smart Chain), Polygon, or other networks — those go to addresses we don't control and funds may be unrecoverable.
I sent USDT on the wrong network — can you recover it?
Sometimes, but not always. If you sent on BEP20 or Polygon to our TRC20 address, the funds are usually unreachable because we don't control the corresponding address on that other network. Send us a message with the transaction hash (TxID) and exchange screenshot — if recovery is possible, we'll do it. There's no recovery fee, but please don't make it a habit.
How do I pay with ShamCash?
Pick a plan on /pricing, choose ShamCash at checkout, and the page shows the merchant wallet number and the exact amount in SYP at today's rate. Send from your ShamCash app, then enter the transaction reference shown in your ShamCash receipt. Activation is automatic within a couple of minutes once we confirm the deposit.
I paid but my subscription isn't active
ShamCash usually activates within 2–5 minutes; crypto needs 1–3 network confirmations (10–30 minutes for BTC, faster for TRC20). If it's been longer, send us the transaction reference (ShamCash) or the TxID (crypto) and the email on your account — we'll verify manually and activate. Keep your receipt until activation lands.
What's your refund policy?
We refund within 7 days of purchase if you've used less than 5 GB on the subscription. Crypto refunds go back on the same network you paid from (your wallet address required); ShamCash refunds go to the ShamCash account that paid. Beyond 7 days we generally don't refund — but if something is genuinely broken on our side, message us and we'll work something out.
How do I renew? Is there auto-renew?
No auto-renew — your subscription simply expires on the end date and we send a reminder 5 days and 1 day before. To renew, sign in, go to My account → Subscription → Renew, and pay again with any supported method. If you renew before expiry, the new duration stacks on top of your remaining days.
I forgot my password
Go to /login and click "Forgot password". We'll email you a reset link valid for 30 minutes. If the email doesn't arrive within a few minutes, check spam and confirm you're using the email address you signed up with. Still nothing? Message support with your subscription's transaction reference and we'll verify and reset manually.
Can I change the email on my account?
Yes. Sign in, go to My account → Profile → Change email. We send a verification link to the new address; the change isn't finalised until you click it. The old email stays linked until verification completes, so if you mistype the new one you don't get locked out.
How do I cancel my subscription?
Since there's no auto-renew, there's nothing to cancel — your subscription stops automatically at the end date. You can keep using it until then. If you want to stop receiving renewal reminders, turn them off in My account → Notifications.
How do I delete my account permanently?
My account → Profile → Delete account. We immediately disable login and revoke all active devices; full data (subscriptions, transactions, support history) is purged after 30 days. We keep payment records for the legally-required minimum (tax/compliance), with no personal identifiers attached. Deletion is irreversible — any remaining subscription time is forfeit.
How many devices can I use? How do I remove one?
Monthly and quarterly plans allow 3 devices; yearly allows 5. "Device" means a unique Hiddify install — so phone, laptop, and tablet count as three. To revoke a lost or shared device, go to My account → Devices and click "Revoke" — that device immediately loses access without affecting the others.
How does the referral program work?
Every account gets a personal referral code under My account → Referrals. When a new user signs up with your code and pays for any plan, they get 10% off their first purchase and you get 30 days of subscription credited to your account. There's no cap — credits stack indefinitely.
Which server should I pick?
From Syria and the wider region, Singapore and Germany are the two fastest by a wide margin — pick whichever is less crowded right now (Hiddify shows latency next to each server). Finland is a good third choice. The US server is fine for US-hosted sites but adds noticeable latency for everyday browsing.
Which server is best for streaming?
Depends on the platform. YouTube and TikTok work on all servers. Netflix detects most VPN egress IPs and falls back to its global library on any server — picking Germany or the US shifts which library shows up, but Netflix may refuse to play altogether. For region-locked sports, try US or Germany. We can't guarantee any specific streaming service works.
Why is one server slow today when it was fast yesterday?
Two usual reasons: (1) regional peak hours — Syria and the Gulf hit peak between 8 PM and midnight local, which loads servers nearest the region (SG, DE); (2) a specific server may be congested by one heavy user. Just switch to a different server from the list — your subscription works on all of them simultaneously, no extra cost.
One specific server is blocked but others work
ISPs sometimes blackhole individual IPs that get flagged for VPN traffic. If a server stops connecting suddenly, switch to another from the list and let us know which one failed — we rotate IPs on flagged servers usually within a day or two of confirming the block.
Can I torrent / use P2P?
P2P is allowed on Germany and Finland, blocked on Singapore (provider rules), and discouraged on the US server (DMCA notices reach us within hours and we have to act on them). If you torrent on US, the server may temporarily restrict your account. Stick to DE or FI for that traffic.
Can you add a server in [country]?
Maybe. We pick locations based on routing quality to Syria/the Sham region and demand from existing customers. Send us a message with the country and why it matters for you — if a few people ask for the same one, we'll add it on the next provider sweep. Turkey, UAE, and the Netherlands are the most-requested right now.
Do you keep activity logs?
We log only the total bytes you send and receive — needed for billing on capped plans. We never log destinations, DNS queries, websites visited, or the contents of any traffic. The wireguard / sing-box stacks running on our servers are configured with logging set to error-only and rotate every 24 hours.
Where is Sham VPN based? What's the legal jurisdiction?
The infrastructure runs on independent providers in Singapore, Germany, Finland, and the US. The operating entity is incorporated outside Syria, in a jurisdiction with no mandatory data retention law for small VPN operators. That said, no jurisdiction is a magic shield — what protects you is that we don't store the activity data in the first place.
Will the VPN hide me from my ISP / government?
It hides *what* you do online from your ISP — they see only encrypted traffic to our servers, not which sites you visit. It does not hide *who you are* if you log into a service with real-name credentials, post identifying content, or use a phone with your real SIM. The VPN protects the network; the user protects the identity.
Why is there a Telegram bot? Can I trust it?
The bot is a convenience channel — it lets you check subscription status, get your subscription link, and message support without opening the website. It only stores your Telegram user ID linked to your subscription, nothing more. Telegram (the platform) sees that you talk to our bot, the same way it sees that you talk to any other bot or person. If you want to skip it entirely, the website covers every feature the bot does.
What if a government requests my data?
There's very little to hand over: an email, a payment reference (crypto TxID or ShamCash receipt), and aggregate bandwidth bytes. No browsing history, no IPs visited, no DNS queries — because none of that is stored. We comply with valid legal process in our operating jurisdiction. We don't have an automated portal or back door; every request is reviewed manually.
Is my payment traceable back to me?
ShamCash is tied to a Syrian phone number, so it's traceable inside the ShamCash ecosystem. Bitcoin and USDT (TRC20) are pseudonymous — anyone with chain-analysis tools can correlate flows. If full payment privacy matters, use a non-KYC exchange or buy crypto peer-to-peer, then send to us. We never see card details (we don't take cards) and we don't link payments to browsing in any case.