Last modified: December 30, 2019
Our Company is committed to protecting and respecting your privacy. It is our overriding policy to collect as little user information as possible to ensure a private and anonymous user experience when using the Service. Below is a summary of the way we deal with information when you use the Service.
When you use the Service, we do NOT do any of the following:
You can find details about our no-logs VPN policy here.
Account creation: To create an account, in order to use our Service, we do not ask your name or surname. All you need to do is select your username, then provide the email address and choose your password. You can also register with your existing ProtonID.
We do store the email address (or ProtonID) you have entered when creating an account for communication and anti-abuse purposes. If you are referred to the Service by a friend or some other third-party who is participating in our referral program, we may associate your account with the referrer to appropriately credit the referrer.
Support: When you submit support requests or bug reports, we will collect the data that you choose to share with us about the issue being reported. Bug reports sometimes rely on third parties, such as Zendesk.
Payment: The Company relies on third parties to process credit card and PayPal transactions, and we do not save your full credit card details. For example, if you make a payment with a credit card, your name and the last 4 digits of the credit card number will become part of the invoice and saved by us. Anonymous cash or Bitcoin payments and donations are also accepted.
How we use this personal data: Your email address is not shared with any third parties. We mainly use it for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails too. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login to the ProtonVPN dashboard and adjust your email preferences under the ‘Account’ tab.
We might also use your data for payment-related matters. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if you need to update payment details. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your credit card payments.
The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics on the number of Android complaints), but they are not combined with any personal data. We do not do any targeted advertising or any profiling.
Right to Access, Rectification, Erasure, Portability, and right to lodge a complaint: Through the Service, you can directly access, edit, delete or export personal data processed by the Company in your use of the Service.
If your account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
Data retention: We retain essential data (such as username, email, billing information) on active accounts in order to provide services. This data is deleted when your account is deleted.
Visiting our website: We may employ a local installation of Matomo, an open source analytics tool. We only use analytics software to collect non-identifying information, such as: title of the page being viewed, screen resolution, outlinks, referrers, and page and website speed. This data cannot be used to personally identify users or visitors as we do not log IP addresses and connect them to specific user accounts.
Why we use analytics software: We use analytics software to help us deliver a higher quality of service. For instance, looking in aggregate at the geographic distribution of the Service's users allows us to understand which countries have the most need for the Service and allocate development resources towards providing the best service in those countries. Viewing longer term trends in the number of visitors from different countries also allows us to identify quickly which countries have started to block the Service and take measures to counteract those blocks. Finally, analytics also helps with our outreach and growth initiatives, which are efforts to help our Company reach and protect the largest number of people possible.
None of the software on our apps will ever access or track any location-based information from your device at any time.
Blog: We have a public blog on our website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact us here.
Social media: We are active on Facebook, Twitter, and Reddit. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Links to other websites: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.
Each time a user connects to the Service, we only monitor the timestamp of the last successful login attempt. This gets overwritten each time you successfully log in. This timestamp does not contain any identifying information, such as your IP address or your location; it only contains the time and date of the login.
We retain this limited information to protect user accounts from password brute force attacks. This is necessary to identify password guessing attempts targeting specific user accounts and to take action to protect those accounts.
We take data security very seriously. Only our employees have physical or other access to our infrastructure and Secure Core servers. Data is usually stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also secured.
We will only disclose the limited user data we possess when compelled by law for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Foreign authorities' data requests must be approved by competent Swiss authorities.
Under Swiss law, it is obligatory to notify the target of a surveillance request, although such notification may come from the authorities and not from the Company.
The Company reserves the right to periodically review and change this Policy, and will notify users who have enabled the notification preference about any change. Continued use of the Service will be deemed as acceptance of such changes.
If you have any questions or comments regarding the data and your privacy, feel free to contact us through our online form.