Proton VPN Service
Last modified: February 8, 2021
Our Company is committed to protecting and respecting your privacy. It is our overriding policy to collect as little user information as possible to ensure a private and anonymous user experience when using the Service. Below is a summary of the way we deal with information when you use the Service.
Proton VPN is a No-Logs VPN service
When you use the Service, we do NOT do any of the following:
- Log users’ traffic or the content of any communications
- Discriminate against devices, protocols, or applications
- Throttle your Internet connection
You can find details about our no-logs VPN policy here.
Data we collect and why we collect it
Personal data (related to your account):
Account creation: To create an account, in order to use our Service, we do not ask your name or surname. All you need to do is select your username, then provide the email address and choose your password. You can also register with your existing Proton account.
We do store the email address (or Proton account) you have entered when creating an account for communication and anti-abuse purposes. If you are referred to the Service by a friend or some other third-party who is participating in our referral program, we may associate your account with the referrer to appropriately credit the referrer.
Support: When you submit support requests or bug reports, we will collect the data that you choose to share with us about the issue being reported. Bug reports sometimes rely on third parties, such as Zendesk.
Payment: The Company relies on third parties to process credit card and PayPal transactions, and we do not save your full credit card details. For example, if you make a payment with a credit card, your name and the last 4 digits of the credit card number will become part of the invoice and saved by us. Anonymous cash or Bitcoin payments and donations are also accepted.
Referral information: Proton has a referral program that is open to Proton users, publications, non-profit organizations, etc. If you are coming to Proton via such a referral program, your subscription may be attributed to the referrer. Some referrals are managed internally by Proton while others may rely upon third-party platforms used by the referrers, and if you are coming to Proton via a referrer, our site may communicate with such referrer platforms for the purposes of crediting referrers.
How we use this personal data: Your email address is not shared with any third parties. We mainly use it for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails too. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login(new window) to the Proton VPN dashboard and adjust your email preferences under the ‘Account’ tab.
We might also use your data for payment-related matters. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if you need to update payment details. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your credit card payments.
The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics on the number of Android complaints), but they are not combined with any personal data. We do not do any targeted advertising or any profiling.
Right to Access, Rectification, Erasure, Portability, and right to lodge a complaint: Through the Service, you can directly access, edit, delete or export personal data processed by the Company in your use of the Service.
If your account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
Data retention: We retain essential data (such as username, email, billing information) on active accounts in order to provide services. This data is deleted when your account is deleted.
Non-personal data (protonvpn.com website and our native applications)
Visiting our website: We may employ a local installation of Matomo, an open source analytics tool. We only use analytics software to collect aggregated non-identifying information, such as: title of the page being viewed, screen resolution, outlinks, referrers, and page and website speed. This data cannot be used to personally identify users or visitors as we do not log IP addresses and connect them to specific user accounts.
Why we use analytics software: We use analytics software to help us deliver a higher quality of service. For instance, looking in aggregate at the geographic distribution of the Service's users allows us to understand which countries have the most need for the Service and allocate development resources towards providing the best service in those countries. Viewing longer term trends in the number of visitors from different countries also allows us to identify quickly which countries have started to block the Service and take measures to counteract those blocks.
Using our native applications (apps)
None of the software on our apps will ever access or track any location-based information from your device at any time.
Public Information and Third-Party Websites
Blog: We have a public blog on our website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact us here.
Social media: We are active on Facebook, Twitter, and Reddit. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Links to other websites: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.
We take data security very seriously. Access to our infrastructure and Secure Core servers is tightly controlled. All of the Proton VPN servers are encrypted and we do not log VPN session data. Offline backups may be stored periodically, but these are also secured. For users with heightened security needs, it is possible to optionally i) enable 2FA on account access ii) enable login history so that suspicious login attempts can be tracked iii) remove the linked recovery email iv) pay anonymously with cash or bitcoin.
Third Party Networks
Proton's alternative routing technology allows Proton apps to bypass many censorship blocks, but your network traffic may go through third party networks which we do not control. This could enable a third party to record your IP address or see that you are using Proton apps (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted. By default, alternative routing is not used for Proton apps unless they detect that censorship measures are active on your network. Alternative routing can also be completely disabled in the Settings panel of all of our mobile and desktop applications. However, doing so may cause you to be unable to access your Proton account if you are on a network that is censoring Proton. Learn more(new window).
Disclosure of your information
We will only disclose the limited user data we possess when compelled by law for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Foreign authorities' data requests must be approved by competent Swiss authorities.
Under Swiss law, it is obligatory to notify the target of a surveillance request, although such notification may come from the authorities and not from the Company.
The Company reserves the right to periodically review and change this Policy, and will notify users who have enabled the notification preference about any change. Continued use of the Service will be deemed as acceptance of such changes.
If you have any questions or comments regarding the data and your privacy, feel free to contact us through our online form.