Privacy Policy

What we store and why it is necessary for us

Email Address, with which the user register his/her account

How it looks like	[email protected]
Purposes	to identify user in our system in order to organize the structure of accounts and subscriptions. Please notice, that we never ask real name, surname or official email account of our user, so for the privacy purposes if you want you can register a new email address never used before with any email client to be able to restore user's account if necessary to sent user important information about service and promo materials to give the user access to Client Area on the website, desktop and mobile applications
Storage time	for the whole period when our services are used and for no longer than 3 years after last use of the services
Resource	received from users

Username and Password

How it looks like	XXXXX, XXXXX
Purposes	To give the user access to Client Area on the website, desktop and mobile applications, and ability to connect to VPN servers
Storage time	for the whole period when our services are used and for no longer than 3 years after last use of the services received from users
Resource	received from users

Payment History

How it looks like	Transaction ID XXXXXX, Amount USD XXX, Date XX.XX.XXXX, Payment System XXXXXXXXXX
Purposes	to activate and manage user's subscription to be able to give refund to be able to manage our 7 days money back guarantee to enable auto renewal of subscription
Storage time	for the whole period when our services are used and for no longer than 3 years after last use of the services
Resource	Received from the following payment systems that we use to accept payments for VPN services: Inovio, Paypal, PaymentWall, Cellsynt, Payson, Perfect Money, Bitpay, Cryptonator.

Correspondence with support and other departments of our company

How it looks like	user's tickets and charts in Freshdesk (for the website users) and Freshchat (for mobile app users) ticket systems, including answers of our Support representatives, email correspondence
Purposes	to provide high quality service be sure that the problem, the user applied to us with, has been issued in a proper manner
Storage time	for the whole period when our services are used and for no longer than 3 years after last use of the services
Resource	received from Freshdesk and Freshchat ticket systems, all email boxes pointed on our website and applications

Traffic used, connected to a definite email or user ID

How it looks like	Mbs (XXX Mbs)
Purposes	to understand where and when there is or there can be an overcharge of the definite server in order to add new servers if it's necessary; to limit bandwidth for free accounts
Storage time	2 months
Resource	received from our inner VPN system

User ID

How it looks like	123123
Purposes	to identify user in our system without using his/her email in order to provide the higher level of personal data security; to send some identifying info that is necessary to payment systems for payment processing, instead of email address everywhere it is not prohibited
Storage time	for the whole period when our services are used and for no longer than 3 years after last use of the services
Resource	generated by our inner system

Number of allowable simultaneous connections user has according to his/her subscription type

How it looks like	from 1 to 5
Purposes	to limit simultaneous connection of the user according to the package he/she has paid for
Storage time	until definite connections is active
Resource	generated by our inner system according to the chosen package

What we do NOT store

In order to provide high level security VPN service, we NEVER store information of users that is not essential for trouble-free service functioning. Thus we cannot transfer this info to any third party as we do not have it. Our users must be sure that we do NOT store the following data:

Logs
Connection timestamp
Connection duration
Locations and servers to which user connected
IP addresses
DNS requests

Where users' data are stored and who has access to it

For the security purposes we store our users personal data on the servers worldwide owned by us. All the data stored on these servers are encrypted and highly protected from the interventions of not authorized parties. We are the only one, who has access to this information.

What we have done to comply with GDPR

We have made sure that all our employees, contractors and business partners are aware of new rules of GDPR, focusing the most on training persons who are directly or indirectly related to users personal data processing, including such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We have prepared main principles to organise our information audit and prepare our system to be able to provide users quickly with the information concerning their personal data processing and to add changes or to erasure, structurizing this data strictly according to the rules of GDPR.
We have assured the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
We have assured a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Right to access

According to the Article 15 Section 2 of the GDPR, every our user has the right to obtain from the us confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the user, any available information as to their source;
the existence of automated decision-making.

All personal data and their types that we store, including purposes and sharing, have been pointed in this Privacy Policy. For more detailed information concerning particular user, this user shall send us an email with request to personal data access to [email protected] from the email the user registered with us.

Right to be forgotten

According to the Article 17 Section 3 of GDPR rules, every our user has a right to obtain from us the erasure of personal data concerning him or her without undue delay if:

the user withdraws consent and where there is no other legal ground for the processing;
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

To use the right to be forgotten, the user shall send us an email with request to delete his/her personal data, obviously pointing which exactly data he/she would like to be deleted to [email protected] from the email the user registered with us.

If the user asks to erasure personal data being our active user and having currently an active subscription he/she should understand that the deleting user information being essential for managing his/her subscription will cause the loss of such subscription without any chargeback due to our conditions of chargebacks and money-back guarantee.

Right to rectification

According to the Article 16 Section 3 of GDPR rules, the User shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

To use the right to rectification, the user shall send us an email with request to change and/or add his/her personal data, obviously pointing which exactly data he/she would like to be changed, to [email protected] from the email the user registered with us.

Third parties we share users info with

	Payment systems/what we share:	FreshDesk:
Email	Novio, PayPal, PaymentWall, Payson, Bitpay	Support tickets, Emails with our support staff
User ID	Novio Cellsynt, Perfect Money

How we use third party analytic tools

We use the following analytic tools as Google Analytics, Hotjar, Amplitude, Google Tag Manager and can add another tools in future to analyze trends, administer website, track users movement and gather demographic information about our user base as a whole for marketing purposes. We choose only such services which are GDPR complaint and guarantee the anonymity of the data and no ability to reveal your identity.

Conditions for consent

As we collect only the minimum of data that are necessary for normal service functioning, payment processing and user authentication in our system, and in the same time as we are GDPR compliant and follow all regulation that can be applied to VPN service, the only consent of user is given in the context of this Privacy Policy and Terms of Use in the form of starting using our service by the user.

According to the item 3 Article 7 of GDPR, the user has a right to withdraw his or her consent at any time and the right to be forgotten. For these purposes, the user shall send us an email with request to be forgotten to [email protected] from the email the user registered with us.

Encryption

According to the Article 32 Section 2 of GDPR we have implemented appropriate technical and organizational measures to ensure a high level of security. Our database, where the users personal data is stored, is encrypted at rest with AES 256. 256-bit encryption is a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files. It is one of the most secure encryption methods after 128- and 192-bit encryption, and is used in most modern encryption algorithms, protocols and technologies including AES and SSL. AES has been adopted by the U.S. government and is now used worldwide. Fifty supercomputers that could check a billion (10¹⁸) AES keys per second (if such a device could ever be made) would, in theory, require about 3x10⁵¹ years to exhaust the 256-bit key space.

Disclosure of user's information

We may disclose users personal information to third parties if:

We are, or all of its assets are, acquired by a third party, in which case personal data held by it about its users will be one of the transferred assets, but will remain covered by this Privacy Policy.
We are under a duty to disclose user's data in order to comply with any legal obligation, or in order to enforce our Terms of Service, or to protect the rights, property, or our safety.

Changes to the privacy policy

We have the right to change this privacy policy at any time without any given notice at its discretion by posting such changes on the website. But we will take every reasonable step to notify our users by email

Feedback and questions

Any comments or suggestions that you may have and which may contribute to a better quality of service will be welcome and greatly appreciated.

GDPR COMPLIANCE