Proton VPN Service
Privacy Policy
Last modified: 8 February 2021
This Privacy Policy pertains to the use of Proton VPN, which is a service provided by Proton AG (referred to as “We” or “the Company”), through its website protonvpn.com and associated software (collectively, the “Service”). It outlines (i) the types of information we gather when you access and use our Service, (ii) how we use this information, and (iii) the measures we take to safeguard your information.
Your use of the Service and visit to protonvpn.com constitutes acceptance of the terms and conditions set forth in this Privacy Policy.
Philosophy
At our company, safeguarding your privacy is of utmost importance to us. Our primary objective is to gather the least amount of user information necessary, with the aim of providing you with a secure and anonymous user experience while utilizing our Service. Here’s a brief overview of our approach to handling your information when you utilize our Service.
Proton VPN is a logless VPN service
Our Service does not engage in the following activities:
Recording users’ traffic or the contents of their communications.
Practicing discrimination against devices, protocols, or applications.
Slowing down your Internet connection.
You can find more information about our no-log VPN policy here.
The information we gather and the reasons for gathering it
Personal data (in relation to your account):
Account Creation: To use our Service, you can create an account by selecting a username and providing your email address and password. We do not require your name or surname. If you have a Proton account, you can also use it to register. We store the email address or Proton account you provide for communication and anti-abuse purposes. If you join through a referral program, we may associate your account with the referrer for credit purposes.
Support: When you submit support requests or bug reports, we collect the data you choose to share about the issue being reported. We may rely on third-party platforms like Zendesk for bug reports.
Payment: We rely on third parties to process credit card and PayPal transactions, and we don’t save your full credit card details. When you make a payment with a credit card, we save your name and the last four digits of the credit card number for invoicing purposes. We also accept anonymous cash or Bitcoin payments and donations.
Referral Information: We have a referral program open to Proton users, publications, and non-profit organizations. If you join through a referral program, your subscription may be attributed to the referrer. Some referrals are managed internally by Proton, while others rely on third-party platforms used by the referrers.
How We Use Personal Data: We don’t share your email address with third parties. We use it mainly for account-related communication and recovery purposes. By signing up, you agree to receive communications from us, including promotional emails. You can unsubscribe using the instructions in every email we send or adjust your email preferences in the Proton VPN dashboard.
We may use your data for payment-related matters, such as sending you emails, invoices, receipts, notices of delinquency, and alerting you if you need to update payment details. We use third parties for secure credit card transaction processing and send billing information to them.
The information you provide to our support team is processed for analytics purposes, but it’s not combined with any personal data. We don’t engage in targeted advertising or profiling.
Right to Access, Rectification, Erasure, Portability, and Right to Lodge a Complaint: You can access, edit, delete, or export your personal data processed by us through the Service. If your account has been suspended, and you’d like to exercise your rights related to your personal data, contact our support team. If we violate your rights, you can lodge a complaint with the competent supervisory authority.
Data Retention: We retain essential data, such as your username, email, and billing information, to provide services. This data is deleted when you delete your account.
Non-personal data (protonvpn.com website and our local applications)
Visiting our website: We may employ a local installation of Matomo, an open source analytics tool. We only use analytics software to collect aggregated non-identifying information, such as: title of the page being viewed, screen resolution, outlinks, referrers, and page and website speed. This data cannot be used to personally identify users or visitors as we do not log IP addresses and connect them to specific user accounts.
Why we use analytics software: We use analytics software to help us deliver a higher quality of service. For instance, looking in aggregate at the geographic distribution of the Service’s users allows us to understand which countries have the most need for the Service and allocate development resources towards providing the best service in those countries. Viewing longer term trends in the number of visitors from different countries also allows us to identify quickly which countries have started to block the Service and take measures to counteract those blocks.
How do we collect non-personal website data: We may use various cookies to collect and store information when you visit our website. Users can control the use of cookies at the individual browser level.
Utilizing our proprietary software applications (apps)
In addition to the information mentioned elsewhere in this Policy, our native apps may collect certain data when in use. We may employ mobile analytics software such as Play/App Store app statistics or self-hosted/open-source Sentry crash reporting to promptly address any bugs. Furthermore, some platforms, including the Google Play Store or the Apple App Store, may collect anonymous statistics such as the prevalence of particular devices and operating systems (e.g., Android 6.x versus Android 7.x), the total number of installs, uninstalls, and active users. These statistics are subject to the privacy policy and terms and conditions of the Google Play Store or Apple App Store.
We would like to assure you that our software will never track or access any location-based information from your device at any time.
Information Available to the Public and on Third-Party Websites
Blog: Please note that any information you provide in a comment on our public blog may be accessed, collected, and utilized by anyone. If you find any personal information of yours on our blog and wish to have it removed, please contact us using the provided link.
Social media: Our presence on social media platforms such as Facebook, Twitter, and Reddit means that any communication, material, or information you share with us via these platforms is done so at your own risk and without any assurance of privacy. We do not have control over the actions of other users or the platforms themselves. Please be aware that your interactions with these features and platforms are subject to the privacy policies of the companies that provide them.
Links to other websites: While we may provide links to other websites that may be of interest, we are not responsible for the content of these external sites. Each external site has its own terms and conditions and privacy policies which govern its use.
Data security
At our organization, safeguarding data security is of utmost importance. We implement strict control over access to our infrastructure and Secure Core servers. All Proton VPN servers are encrypted, and we refrain from logging VPN session data. Additionally, any offline backups are regularly secured. For individuals with heightened security requirements, we offer various options, including enabling 2FA for account access, tracking suspicious login attempts through login history, removing linked recovery email, and paying anonymously with cash or bitcoin.
Third-party networks
Proton’s alternative routing technology provides a way for Proton apps to circumvent censorship blocks. However, please note that when you use this technology, your network traffic may pass through third-party networks that are beyond our control. This could potentially allow these third parties to view your IP address and determine that you are using Proton apps, which is similar to the information that your Internet Service Provider can see. It is important to note that these third parties will not be able to view your actual data, as it remains encrypted.
By default, Proton apps do not use alternative routing unless censorship measures are detected on your network. Additionally, you have the option to disable alternative routing entirely in the Settings panel of all our mobile and desktop applications. However, please be aware that disabling alternative routing may prevent you from accessing your Proton account on networks that are censoring Proton.
Disclosing your information
The Company will only reveal user data within the confines of the law. Such disclosure will solely occur when legally compelled for criminal investigations, prevention, detection, or prosecution of offenses, or the enforcement of criminal penalties. Additionally, it includes preventing threats to public security. Requests from foreign authorities for data must be sanctioned by the relevant Swiss authorities.
According to Swiss law, the surveillance target must be informed of the request, although the notification may originate from the authorities and not the Company.
Changes to our Privacy Policy
The Policy is subject to periodic review and modification by the Company, and users who have opted in for notifications will be informed of any changes. By continuing to use the Service, users are considered to have accepted any such changes.
Questions
If you have any inquiries or feedback regarding your privacy and the data, please don’t hesitate to reach out to us via our online form.
