Last modified: April 16th, 2018
At ProtonVPN we are committed to protecting and respecting your privacy. Our company's overriding policy is to collect as little user information as possible to ensure a private and anonymous user experience when using the Service. Below is a summary of how we deal with information when you use ProtonVPN.
ProtonVPN is a No-Logs VPN service:
When you use ProtonVPN, we do NOT do any of the following:
You can find details about our no-logs VPN policy here.
Data we monitor from ProtonVPN sessions:
Each time a user connects to ProtonVPN, we only monitor the timestamp of the last successful login attempt. This gets overwritten each time you successfully log in. This timestamp does not contain any identifiable information like your IP address or your location, it only contains the time and date of the login.
Why we monitor timestamps:
We retain this limited information to protect user accounts from password brute force attacks. This is absolutely essential for the protection of user accounts because without the timestamps of login attempts, it is impossible to identify password guessing attempts targeting specific user accounts and to take action to protect those accounts.
Website data collection is limited to the following instances:
Visiting our website: We may employ a local installation of Matomo, an open source analytics tool, or an externally hosted analytics solution like Google Analytics. We only use analytics software to collect non-identifying information such as; title of the page being viewed, screen resolution, outlinks, referrers, and page and website speed. This data cannot be used to personally identify users or visitors as we do not log IP addresses and connect them to specific user accounts. We also do not run externally hosted analytics software on sensitive pages such as on pages where you may enter your username or password.
Why we use analytics software: We use analytics software to help us deliver a higher quality of service. For instance, looking in aggregate at the geographic distribution of ProtonVPN users allows us to understand which countries have the most need for ProtonVPN and allocate development resources towards providing the best service in those countries. Viewing longer term trends in the number of visitors from different countries also allows us to identify quickly which countries have started to block ProtonVPN and take measures to counteract those blocks. Finally, analytics also helps with our outreach and growth initiatives, which are efforts to help ProtonVPN reach and protect the largest number of people possible.
Account creation: We will store the email address you have entered when creating an account. This is for communication and anti-abuse purposes. If you are referred to ProtonVPN by a friend or some other third party who is participating in our referral program, we may associate your account with the referrer to appropriately credit the referrer.
Support: When you submit support requests or bug reports we will collect the data that you chose to share with us about the issue being reported. Bug reports sometimes rely on third parties such as Zendesk.
Payment: The Company relies on third parties to process credit card and PayPal transactions and we do not save your full credit card details. Anonymous cash or Bitcoin payments and donations are also accepted.
How we will use this data
We do NOT have any advertising on our site and the limited information we collect is used for the following purposes:
Active accounts will have data retained indefinitely until they are requested to be deleted by the user.
We take data security very seriously at ProtonVPN. Only employees of the Company have physical or other access to the servers. Data is usually stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also secured. International transfer of data out of the European Union and Swiss territory will be subject to data subjects' consent.
Disclosure of your information
We will only disclose the limited user data we possess when requested by a Swiss court for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Court orders must be approved by either the Cantonal Courts of Geneva or the Swiss Federal Supreme Court. Under Swiss law, it is obligatory to notify the target of a data request, although such notification may come from the authorities and not from the Company.