Again, how does this work?
This sentence might raise suspicions "its VPN service decrypts HTTPS-encrypted traffic". Assuming https is not horribly broken on iOS, the prerequisite for this would be installation of own fake root CA (which would have to be unique, or perhaps not) in phone's memory and then generation of fake ad-hoc certificates to hijack https connections made by applications running on the phone, while also validating (or not?) https certificate of the outbound connection. I see no other way how this could work.
This implies that one would put an enormous amount of trust into developers of this application. Any connection made from the clients' phones could be potentially hijacked, including banking app, private chat etc.
Of course, it is remotely possible that Apple might enable some more refined solution, e.g. users could decide which apps see which CA roots (thus excluding certain apps from fake CA root). Or perhaps something else to limit the scope of this hijacking. The main point is : if you give this much power into hands of single developer, you may yet come to regret it.