VPZen Privacy Policy

Our Privacy Policy is designed to inform you about the types of information, including Personal Data, that we gather when you use our Services or access our Site. We detail the purposes for which this information is collected, the methods of its collection, usage, and storage, and the circumstances under which it may be disclosed. Additionally, we specify your rights regarding this information: how you can access it, verify its accuracy, correct it, and/or request its deletion. Importantly, we also clarify the kinds of information we never collect.

We take your information security seriously and have outlined the protective measures we implement to safeguard your data. Should you have any questions or concerns about this Privacy Policy, we provide contact details for your convenience.

Adhering to a minimal data collection principle, our goal is to gather only the essential data necessary for providing top-tier Services on a large scale. Our system design and ongoing improvements aim to minimize the sensitive data we hold about our customers. Consequently, we are unable to disclose, misuse, or abuse data we do not possess.

We ensure no collection of logs related to your online activities while connected to our Services. This includes no logging of browsing history, traffic destination, data content, or DNS queries. We also do not store any connection logs, which means there are no records of your IP address, your outgoing VPN IP address, connection timestamps, or session durations.

Please read this Privacy Policy in conjunction with the VPZen Terms of Service (the "Terms"). These documents, read together, constitute a legally binding agreement between you and VPZen. Capitalized terms used here have the same meanings as defined in the Terms.

General Information

VPZen collects three (3) distinct types of data based on your interaction with our Services. These types are detailed in the sections below for your understanding.

(i) Personal Data Associated with Your Account

"Personal Data" refers to any information that, alone or combined with other data, uniquely identifies an individual. We collect Personal Data for the purpose of delivering our Services, which includes preventing fraudulent sign-ups and account hijacking. This data typically comprises your name, email address, and payment details submitted during Account creation or updates.

(ii) Aggregate Apps and VPN Connection Summary Statistics (Usage Statistics Data)

To maintain superior customer support and service quality, we collect a minimal amount of Usage Statistics Data. It is important to note that this data category does not encompass details about your browsing or internet activity, including while connected to the VPN. Specifically, we neither collect nor use, disclose, or store data related to the content or destinations of VPN traffic, DNS queries, or user IP addresses.

(iii) Anonymous App Diagnostics (Optional) (App Diagnostic Data)

App Diagnostic Data, including crash reports and VPN connection diagnostics, represents anonymized data that cannot be traced back to individual users. This data type is akin to a "send bug report" function in apps. By default, App Diagnostic Data is not shared. You need to actively opt in, for instance via the settings menu in your Apps, to send this type of data to us.

Personal Data

VPZen collects Personal Data that you provide when creating or updating an Account. This data is essential for us to deliver our Services, communicate via email, process payments and taxes, prevent fraudulent activities, address support queries, and keep you informed about your Account and/or the Services.

The specific Personal Data collected depends on your chosen payment method and can include your name, billing country, billing address, and credit card number. If you select certain payment methods, you may be redirected to external websites operated by third-party payment processors (like PayPal, BitPay, Paymentwall, Stripe, etc., depending on your location) to complete your transaction. For details on the personal data collected and stored by these processors, refer to their respective terms and privacy policies. We also offer payment options such as Bitcoin to minimize the Personal Data you provide to us. Trusted partners assist us in simplifying login processes, detecting fraudulent sign-ups, and preventing account hijacking. These partners may access user IP addresses, which are stored separately from unrelated systems, cannot be linked to any user's online behavior (as no such behavior is recorded), and are permanently deleted after 30 days.

Your email address is used by VPZen for the following purposes:

• To grant access to our Services, including password resets or verification emails.
• To communicate regarding payment transactions.
• To send updates, announcements, and marketing information like offers, surveys, and content relevant to VPZen that might interest you (“Marketing Emails”). You can opt out of receiving Marketing Emails through the unsubscribe instructions provided in these emails.
• To correspond about your Account or in response to your inquiries.

We use your Personal Data solely for the purposes stated in this Privacy Policy and do not sell or lease it to third parties. Personal Data is processed based on legitimate interests under applicable law, specifically to meet our contractual commitments to you (per the Agreement between you and VPZen).

Personal information linked to VPZen accounts is exclusively controlled by VPZen and stored on systems, servers, and services owned or leased by VPZen and its subsidiaries. In cases where processing by related entities is necessary, data sharing is limited to what is required and for the necessary duration, always adhering to the same data protection standards as outlined in this Privacy Policy. To be clear, this does not include scenarios where control of VPZen users' personal information is transferred to other entities, including our ultimate holding company, Kape Technologies PLC, for any length of time.

How We Protect and Retain Your Personal Data

• Security Measures. We employ industry-leading physical, procedural, and technical security methods at our offices and data storage facilities to prevent loss, misuse, unauthorized access, disclosure, or alteration of your Personal Data. While we are confident in our security systems, it's important to recognize that no data security measures can guarantee absolute protection. Therefore, our core strategy involves collecting only minimal data.

• Server and Data Center Security. Our servers are located in highly secure data centers. These centers do not require us to collect or store any traffic data or Personal Data related to your use of the Services. Should a data center request such logging, we would immediately discontinue their services and seek alternatives. Even in the event of a government seizure of one of our VPN servers, there would be no logs or information connecting any user to specific activities, websites, or behaviors.

• Data Retention Policy. The Personal Data we hold—explicitly excluding sensitive data like browsing history, DNS queries, or IP addresses and any related online behavior—is kept only for as long as necessary under applicable data protection laws. This period lasts as long as we have either your consent or a legitimate reason for the data retention. You can request data deletion by submitting a valid request (refer to Section 11). Note, however, that requesting the deletion of your Personal Data will render you unable to continue using the Services.

• Legal Compliance and Jurisdiction. Control and storage of your Personal Data are exclusively under VPZen, not our ultimate holding company, Kape Technologies PLC (UK), or any other related entities. Powder Logic Ltd., operating under BVI jurisdiction and laws (as outlined in Section 16 of the Terms), handles any legal demands for Personal Data. All such requests are subject to BVI jurisdiction and laws. We are committed to vigorously defending our rights (and those of our users) against any attempts to undermine the privacy protections provided by BVI law. Our parent, subsidiary, or related entities cannot be compelled to, nor will they voluntarily, disclose Personal Data stored by Powder Logic Ltd.

Safeguarding Your Personal Data with Service Providers

VPZen employs agents, contractors, and third-party service providers (“Service Providers”) for various functions, such as payment processing and assisting in the administration of our Services. These Service Providers may have access to certain data as needed to perform their services. However, they are bound by confidentiality and data processing agreements, ensuring that the data remains confidential and is used solely for the tasks they are performing on behalf of VPZen. This includes contractual obligations to protect data in compliance with applicable laws, particularly concerning the transfer of Personal Data from the European Union / European Economic Area to third countries.

Access to data by our Service Providers is limited strictly to what is necessary for performing their services for VPZen. It is important to note that this access does not include VPN activity or connection data, as such data is not collected by us.

Beyond our Service Providers, we may share your Personal Data in situations where you have given explicit consent for the sharing or transferring of your data. This could occur in cases such as marketing consents or opting into additional services or functionalities.

Usage Statistics Data and App Diagnostic Data

To ensure top-notch customer support and service quality, VPZen collects specific information about your VPN usage as outlined below. This data is accessible to our staff only on a need-to-know basis and may be shared with Service Providers as mentioned earlier. However, confidentiality is maintained at all times.

We guarantee that both Usage Statistics Data and App Diagnostic Data exclude any sensitive information, aligning with our policy of not logging browsing history, traffic destination, data content, IP addresses, or DNS queries.

Regarding VPN Usage Statistics, our commitment to minimal data collection entails:

• We are unaware of which user has accessed any particular website or service.
• We cannot determine which user was connected to the VPN at a given time or the VPN server IP addresses they used.
• We do not possess the original IP addresses of a user’s computer.

Consequently, if VPZen is ever required to release user information based on the above points, we are unable to provide such data as it simply does not exist.

Apps and App Versions

VPZen gathers information about the Apps and specific App versions you use to access our Services. This information is crucial for our Support Team to effectively troubleshoot any technical issues you might encounter.

Successful VPN Connections

While using the App, we collect data about whether you successfully established a VPN connection on a particular day (excluding specific times), the VPN location you connected to (excluding your outgoing IP address), and the originating country/ISP (excluding your source IP address). This minimal set of data helps us in providing technical support, such as identifying connection issues, offering country-specific usage tips, and enabling our engineers to resolve network problems.

Aggregate Data Transfer Volume

We track the total amount of data transferred by each user. Although our service includes unlimited data transfer, exceptionally high usage by an individual user, which could impact the quality of service for others, may prompt us to reach out for clarification.

Summary of Usage Statistics Data

In summary, our collection of minimal usage statistics data is vital for maintaining the quality of our service. For instance, we might know that a customer, say John, connected to our New York VPN location on Tuesday and transferred a total of 823 MB of data over 24 hours. However, John's activities cannot be uniquely linked to any specific online behavior, as his usage overlaps with thousands of other VPZen customers who used the same location on the same day.

Our system is specifically designed to exclude the storage of sensitive data. We may be aware THAT a user has utilized VPZen, but we are incapable of identifying WHO that user is or HOW they have used our Service. We uphold our commitment to user privacy by not possessing any data related to users’ online activities.

App Diagnostic Data

We collect anonymized App Diagnostic Data only with your explicit opt-in consent. This data encompasses crash reports, usability diagnostics, and VPN connection diagnostics. The primary use of this data is to optimize network speeds and identify areas for improvement in our apps, VPN servers, or with specific internet service providers (ISPs). Importantly, this App Diagnostic Data is completely anonymized and cannot be linked back to individual users. We do not keep records of which user sent which data, nor do we store user IP addresses.

If you choose to opt in to share this data with VPZen (via your Account's settings menu), we collect the following types of anonymized App Diagnostics Data:

• Information on if and how a VPN connection attempt was unsuccessful.
• Speed test results.
• General app diagnostics, including crash reports and usability insights, without any personal identifiers. These are processed in an anonymized manner by specific Service Providers, which vary depending on your platform of use. Each provider adheres to strict non-disclosure and other contractual obligations:
  • Windows: Sentry (Functional Software, Inc.). Sentry’s Privacy Policy.
  • Mac: Firebase Crashlytics (Google), Sentry (Functional Software, Inc.). Firebase’s Privacy and Security documentation, Sentry’s Privacy Policy.
  • Linux: Sentry (Functional Software, Inc.). Sentry’s Privacy Policy.
  • iOS: Firebase Crashlytics (Google), Apple. Apple’s Privacy Policy, Firebase’s Privacy and Security documentation. Disabling Apple’s crash reporting in iOS settings.
  • Android: Firebase Crashlytics (Google). Firebase’s Privacy and Security documentation.
  • Browser extensions: Google Analytics (Google). Google’s Privacy Policy.

Upon using any of our Apps, you will be prompted to decide if you wish to share App Diagnostics Data with VPZen. This preference can be changed anytime in your App’s settings. For iOS users, Apple’s crash reporting can also be disabled in iOS settings.

Email, Live Chat, and Feedback Form Information Protection and Retention

VPZen maintains a record of any communication you send us via our Site or Services, including questions, complaints, compliments, and our responses. This record-keeping, which may include your email address and any additional information you provide, is crucial for delivering optimal customer support.

We utilize two third-party platforms for managing support correspondence: Zendesk for emails and support tickets, and TeamSupport for live chat. When interacting through these platforms, they store your communication records, including your email address and helpful troubleshooting details like your location and device's operating system. Both Zendesk and TeamSupport employ modern security protocols, including SSL encryption. For more information on their privacy practices, see Zendesk’s Privacy Notice and TeamSupport’s Privacy Policy.

Cookie Use and Third-Party Analytics

VPZen employs various analytics services, including third-party Service Providers, for enhancing user experience and analytical purposes. These services may utilize cookies, mobile identifiers, and other technologies to create reports and statistics, without accessing any personally identifiable information or the Personal Data provided to VPZen.

Understanding Cookies

Cookies and similar technologies are small text files that store information about your visit to our Site on your computer or mobile device (“Cookies”). They enable websites to "remember" your actions or preferences over time, which helps us optimize and enhance your experience on our Site. This includes functionalities like website login and language settings. The specific Cookies we use are subject to change as we continually update and improve our Site.

Managing Cookie Preferences

Upon your initial visit to our Site, you will be prompted to set your Cookie preferences. These preferences can be modified anytime by selecting 'Cookie Preferences' from the menu located at the bottom of most Site pages. Alternatively, you may adjust your Cookie preferences through your browser's settings panel. Please note that disabling Cookies may impact the Site's functionality and your overall experience.

VPZen’s Cookie Usage

Cookies set by VPZen are designed to remember your language preference, attribute site visits to a specific marketing channel, and, once logged in, securely display information pertinent to your Account. These Cookies contain a user identifier but do not include personally identifying details like your name or email address. Additionally, they do not track any activity outside VPZen’s domains.

Third-Party Cookies

VPZen utilizes third-party Cookies for Essential, Functional, and Marketing purposes:

• Essential Cookies: Crucial for the Site's proper functioning and optimization. These are used for services such as PayPal, Forter, Braintree, Chargebee, Google Analytics, Google Optimize, Visual Website Optimizer, Google Tag Manager, Cloudflare, Cloudfront, Gstatic, and Usercentrics Consent Management Platform. Essential Cookies cannot be disabled.
• Functional Cookies: Facilitate the correct display or management of Site elements, including Google Fonts, YouTube Video, Vzaar, OpenStreetMap, Google Maps, Google Ajax, jQuery, Sentry, Gravatar, and Typeform. You have the option to disable Functional Cookies.
• Marketing Cookies: Employed by advertisers to deliver ads that align with your interests. Examples include Google Ads remarketing, DoubleClick Ad, Facebook Pixel, Facebook Social Plugins, Google AdServices, Google Syndication, Microsoft Advertising Remarketing, and PayPal Marketing Solutions. Marketing Cookies can be opted out of.

Device Information Collection

VPZen utilizes device information, such as device type, operating system/language, and user agent, along with mobile identifiers from Android or iOS devices. This data helps us generate statistics about the marketing channels and advertising partners instrumental in introducing users to VPZen Apps. Importantly, this device information does not include your name, email address, or any other Personal Data.

Managing Mobile Identifiers

Users have the option to disable or reset the mobile identifiers linked to their devices at any time. For guidance on how to do this, visit Apple’s page on Advertising & Privacy on iOS devices and Google’s page on Managing your Google Settings on your Android device.

Email and Communication Analytics

VPZen, along with our Service Providers, may collect data to analyze and improve the effectiveness of our emails and other communications. This involves generating statistical reports, such as tracking the success rate of email delivery, identifying any delays, or calculating the frequency of email opens.

Third-Party Product Interactions

Our Site may feature links to external websites, mobile apps, products, or services not under VPZen's control, and these may be governed by their own terms and conditions. Be aware that such third parties might collect personal information from you. VPZen does not oversee the privacy practices of these external entities. We encourage you to review the terms, conditions, and privacy policies of each third-party service provider you interact with in relation to our Site or Services.

GDPR Compliance for Users in the European Union

VPZen's commitment to privacy is a global standard, which includes adherence to the General Data Protection Regulation (“GDPR”) for users in the European Union (“EU”). Our practices, such as minimal data collection and empowering users with control over their Personal Data, align with GDPR requirements.

Under GDPR, the collection and processing of Personal Data detailed in this Privacy Policy occur based on the following grounds:

• To fulfill our contractual obligations, including:
  • Delivering the Services requested by Subscribers.
  • Managing subscriptions and handling payments for our Services.
  • Providing customer support.
• For legitimate interests in operating our business, such as:
  • Improving the quality and reliability of our Services.
  • Communicating with customers regarding our Services and soliciting feedback.
  • Based on user consent, which can be withdrawn at any time.

User Privacy Rights

• Rights Overview: As a user of our Services, you possess the following rights, subject to certain conditions and exceptions:
  • The right to access personal data we hold about you.
  • The right to request correction of inaccurate or incomplete personal data.
  • The right to request deletion of your personal data, which may impact your ability to use our Services.
  • The right to request restriction of, or object to, the processing of your personal data.
  • The right to data portability, allowing you to receive and transfer your personal data in a common format.
  • The right to withdraw consent for data processing at any time.
  • The right to lodge a complaint with your local data protection authority.
  • To exercise these rights, refer to the instructions in Section 16.
• Authorized Agent Requests: You can have an authorized agent make requests on your behalf. This requires written authorization from you, which the agent must provide to us. We may take additional steps to verify your identity for privacy and security purposes.
• We commit to responding to any requests in accordance with applicable laws and within a reasonable timeframe.

Privacy Rights for Users in California

• Shine the Light Act: Under California Civil Code Section 1798.83, residents of California may request information about the disclosure of personal data to third parties for direct marketing purposes. VPZen does not disclose personal data to third parties for direct marketing. However, California residents can make an annual request for this information by contacting us as outlined in Section 16.

• California Consumer Privacy Act (CCPA) Rights: The CCPA provides specific rights to Californians, subject to certain exemptions:

  • The right to know what personal data is collected about you, along with its usage and sharing details.
  • The right to request deletion of your personal data, with the understanding that this may prevent us from providing you with our Services.
  • The right to opt out of the sale of your personal data. VPZen does not sell any personal data to third parties.
  • The right to non-discrimination for exercising CCPA rights.
  • The right to withdraw consent for data processing at any time.

Usage by Minors

VPZen's Services are not intended for children, and we do not knowingly collect Personal Data from individuals under the age of eighteen (18) or the age of majority in their jurisdiction of residence or usage. If you are under this age threshold, do not submit any Personal Data without the involvement of a parent or legal guardian. In compliance with the GDPR, we do not target information society services directly at children. Should we become aware that Personal Data has been provided by someone in violation of privacy laws, we will take steps to delete it. If you suspect that we have collected such information, please reach out to us as detailed in Section 16.

Updates to the Privacy Policy

VPZen reserves the right to modify our Privacy Policy periodically, adhering to applicable privacy laws and principles. We may or may not notify you of these changes. Your ongoing use of our Services and access to the Site signifies your acceptance of any updated terms in our Privacy Policy.

Contacting VPZen

For inquiries, concerns, or complaints about our Privacy Policy, our adherence to relevant laws, or our data handling practices, or to exercise your privacy rights, you can reach us at:

Email: [support@vpzen.io](mailto:support@vpzen.io?subject=VPZen's Privacy Policy)

For specific questions related to this Privacy Policy, our Group Data Protection Officer (DPO) can be contacted at:

Email: [dpo@vpzen.io](mailto:dpo@vpzen.io?subject=Questions regarding VPZen Privacy Policy)