We have updated our Terms and Conditions and Privacy Policy to prepare for GDPR

The main objective of GDPR is to give the public more control over their personal data and to simplify regulations for international businesses by establishing an EU-wide law. The GDPR replaces the 1995 Data Protection Directive(new window).

Both Proton VPN and Proton Mail were developed specifically to further online privacy. We are strong advocates of privacy as a fundamental human right, and we are also strong supporters of the GDPR legislation. In anticipation of GDPR(new window) coming into effect, we have conducted a review of our Terms and Conditions and Privacy Policy to ensure compliance.

Because we are a privacy-focused service, our existing policies are already fairly consistent with GDPR, but because a large number of Proton VPN users are from the EU we have nevertheless made a few changes to prepare for GDPR. Below is a summary of the changes we made. Our new policies go into effect starting April 16 and are already available for review on our website.

Summary of policy changes:

First, in line with the new requirements, our Privacy Policy now specifically requires that we obtain consent from our users before any of their data can be transferred out of Switzerland or the European Union for purposes not already explicitly stated in our Privacy Policy.

While our Privacy Policy has always mentioned that we record the timestamp of the user’s last login (but never the IP address), in accordance with GDPR, we have further explained why we retain this timestamp. Recording the timestamp is absolutely essential for the protection of user accounts because without the timestamps of login attempts, it is impossible to identify password guessing attempts targeting specific user accounts and to take action to protect those accounts.

We have also changed our money back policy from 60 days to 30 days to make it consistent with the policy that is informally used by Proton Mail(new window). This will only apply to new subscriptions and not retroactively to subscriptions from the past 60 days. This policy change is necessary because previously different policies would apply depending on whether a user upgraded via protonvpn.com or proton.me.

Our Terms and Conditions now also include a standard notice regarding external websites to which we link from our website. Specifically, we are not responsible for the content of external websites that we link to, we have no liability for any content hosted on a third-party site, and external sites are governed by the terms and conditions of those sites.

Because Proton VPN and Proton Mail may introduce a referral program in the future, our policies have been updated to include the following provision: If you are referred to Proton VPN by a friend or some other third party who is participating in our referral program, we may associate your account with the referrer to appropriately credit the referrer.

While the use of analytics software was already mentioned in our existing policies, in line with the GDPR requirements we are adding additional details. Currently, Proton VPN does not run any analytics software on our website, but we anticipate that this will change in the future for several reasons. First, various countries have started to block Proton VPN, and currently we have no way to identify those blocks unless we receive user complaints. The nature of the blocks often means the users who have been blocked are also unable to complain. The addition of analytics would allow us to see in real time when a block goes into effect and to work faster to counteract it.

As another example, looking in aggregate at the geographic distribution of Proton VPN users allows us to understand which countries have the most need for Proton VPN. We can then allocate development resources toward providing the best service in those countries.
Consistent with our existing policies, we will deploy analytics carefully and we will never associate usernames and passwords (logins) with IP addresses. All collected data will be anonymous and will not contain any personally identifying information, and IPs will be stripped out whenever possible. Analytics will also not be deployed on sensitive pages, such as the login pages and password reset pages. Analytics will only be used for visits to our website, and we do not log any VPN activity, consistent with our existing No Logs VPN policy(new window).

Our long-term goal is to use Matomo, an open source, self-hosted analytics software, for protonvpn.com site analytics. However, because Matomo still has limited capabilities, and because detecting country blocks is an urgent need for Proton VPN, we will also initially utilize Google Analytics for some low-sensitivity analytics, such as homepage visits, while we invest in improving the capabilities of Matomo and contributing back to the Matomo open source community.

Finally, our policies now specifically mention that we comply with GDPR, even though as a Swiss company we do not have a formal legal requirement to do so. While it is only mandatory to extend the new GDPR protections to EU citizens and residents, we are applying its provisions globally.


We are happy to see that online privacy is getting the attention it needs from the EU, and we hope that the GDPR will push more companies to respect privacy. If you have any questions about our new policies, don’t hesitate to let us know. Your privacy is important to us, so with or without GDPR, we will always work to provide the Proton VPN community with the highest level of privacy and security.

Best Regards,
The Proton VPN Team

Follow us to stay up to date on Proton VPN news and releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati