We want to ensure your comprehension of the data (including Personal Information) we gather when you use our Services and/or access our Site. This includes why we collect such data, how we collect, use, and store it, who it may be shared with, and how you can exercise your rights to access, verify, rectify, or delete your information. Similarly, we aim to clarify what data we never collect under any circumstances.

Furthermore, this Privacy Policy highlights the security measures we implement to protect your data and provides information about whom you can reach out to with any questions or concerns about the contents of this Privacy Policy.

Our principle for data collection is to obtain only the necessary data to operate top-tier Services efficiently. We have constructed our systems (and continuously strive to enhance them) so that we don't retain sensitive data about our users. We cannot reveal, misuse, or mishandle data that we do not possess, even when compelled. We do not keep logs of your online activities during your connection to our Services, meaning we do not log your browsing history, traffic destination, data content, or DNS queries. Additionally, we never store connection logs, ensuring no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.

This Privacy Policy should be read alongside the DeepVPN Terms of Service (the “Terms”). Together, they constitute a legally binding agreement between you and DeepVPN, so please review them thoroughly. Unless otherwise specified, the capitalized terms in this Privacy Policy have the same meanings ascribed to them in the Terms.

DeepVPN's primary objective is to safeguard your privacy. To fulfill this mission, DeepVPN's headquarters and registered office are located in the British Virgin Islands (BVI). Deep Technologies Ltd. operates under BVI jurisdiction in accordance with BVI laws.

Table of Contents

• General Information
• Personal Data
• How We Safeguard and Preserve Your Personal Data
• How We Protect Your Personal Data In Relation to Service Providers
• Keys Data
• Usage Statistics Data and App Diagnostic Data
• MediaStreamer Data
• Cookies and Third-Party Analytics
• Engagement with External Products
• Users in the European Union
• Your Privacy Rights
• Users in California
• Use by Children
• Changes to This Privacy Policy
• How to Contact ExpressVPN

General Information

DeepVPN may gather five (5) types of data based on your utilization of the Services, as described below. You can find comprehensive details about each of these in the dedicated sections following this one. If you are merely browsing our Site, please refer to Section 7.

(i) Personal data submitted in connection with your Account (“Personal Data”)

Personal Data refers to any information that can be employed, either alone or when combined with other data, to uniquely identify an individual. We collect Personal Data to furnish you with our Services, prevent fraudulent signups or account hijacking, and may encompass the name, email address, and payment information you provide when creating or updating your Account.

(ii) Aggregated Apps and VPN connection summary statistics (“Usage Statistics Data”)

We collect a minimal amount of Usage Statistics Data to uphold exceptional customer support and service quality. This category of data does not entail details about users’ browsing and internet activities, even when connected to the VPN—we do not gather (and consequently do not utilize, disclose, or store) data about the content or destinations of VPN traffic, DNS queries, or user IP addresses.

(iii) Data added to DeepVPN Keys (“Keys Data”) (relevant solely to DeepVPN Keys users)

Keys Data pertains to all the information stored within the DeepVPN Keys associated with your Account, which might include user logins and passwords to your services and accounts, as well as other forms of data you choose to store. Keys Data is encrypted the moment it is added to DeepVPN Keys, and we are unable to view, decipher, or access Keys Data under any circumstances (even if you request us to do so). You can add, modify, and delete your Keys Data at any time by accessing your DeepVPN Keys dashboard.

(iv) Anonymous App diagnostics, including crash reports (“App Diagnostic Data”) (optional)

App Diagnostic Data, encompassing crash reports, usability diagnostics, and VPN connection diagnostics, constitutes anonymized data that cannot be traced back to individual users. This feature is akin to an “send bug report” option. App Diagnostic Data is not shared by default. You must opt-in, such as through the settings menu of your Apps, to send App Diagnostic Data to us.

(v) IP addresses authorized to use MediaStreamer Services (“MediaStreamer Data”) (applicable solely to MediaStreamer users)

Apart from VPN services, we also offer our optional MediaStreamer service for devices that do not support VPNs (e.g., Apple TV). Users who choose to use MediaStreamer can register specific IP addresses that should be authorized to utilize the service. These IP addresses are solely utilized by DeepVPN to provide the optional MediaStreamer service and not for any other purpose.

Personal Data

DeepVPN collects Personal Data that you provide when creating or updating an Account. We need this information, such as an email address and payment details, to deliver our Services, correspond with you via email, process payments, prevent fraud, address support inquiries, and share relevant updates about your Account and/or the Services.

The specific Personal Data collected will vary depending on the payment method you select and may include details such as your name, billing country, billing address, and/or credit card number. In certain cases, you might be directed to external websites operated by third-party payment processors (e.g., PayPal, BitPay, Paymentwall, Stripe, or other specific payment processors based on your location) to finalize the transaction. To understand what personal data these processors collect and store, please refer to the respective processor's terms and privacy policy. We also offer payment methods like Bitcoin, which minimize the amount of Personal Data you need to provide when subscribing to our Services. Additionally, we collaborate with trusted partners to facilitate the login process, identify fraudulent signups, and prevent account hijacking. These partners may access user IP addresses, which are always stored separately from systems unrelated to these purposes, and are permanently deleted after 30 days.

DeepVPN utilizes your email address for the following purposes:

• To grant you access to our Services, including through password reset or verification emails.
• To send you emails pertaining to your payment transactions.
• To provide you with updates and notifications.
• To communicate with you regarding your Account or in response to your queries.
• To send marketing information, like offers, surveys, invitations, and content related to other matters associated with DeepVPN that we believe might be of interest to you ("Marketing Emails"). You can opt out of receiving Marketing Emails by following the unsubscribe process outlined in these emails.

DeepVPN strictly uses your Personal Data solely for the purposes listed in this Privacy Policy and does not sell or rent it to third parties. We collect and process your Personal Data based on legitimate interests under the relevant law, specifically to fulfill our contractual obligations to you (as per the Agreement between you and DeepVPN).

Any personal information linked to DeepVPN accounts is managed exclusively by DeepVPN, stored on systems, servers, and services owned or leased by DeepVPN and its subsidiaries. In the rare instances where this data might need to be processed by other related entities, it will be shared only as necessary and for the required duration, solely for processing related to the purposes and legitimate interests specified in this Privacy Policy, while ensuring consistent data protection standards. It should be noted that these situations do not involve the transfer of control of personal information of DeepVPN users to any other related entities, including but not limited to our ultimate holding company, Kape Technologies PLC, for any period of time.

How We Safeguard and Preserve Your Personal Data

• Security Measures: We have instituted top-notch physical, procedural, and technological security protocols for our offices and data storage facilities to prevent any loss, misuse, or unauthorized access, disclosure, or modification of your Personal Data. While we have confidence in the strength of these systems, it is crucial to recognize that no data security measures globally can guarantee absolute protection. Hence, our primary principle is to gather minimal data.
• Servers and Data Centers: Our servers are located in data centers that adhere to stringent security practices. None of these data centers require us to collect or retain any traffic data or Personal Data associated with your use of the Services. In the event that any data center insists on the logging of such data, we would immediately discontinue our operations with that service provider and seek alternative solutions. Even if a government were to physically seize one of our VPN servers, there would be no logs or information linking any individual user to specific events, websites, or behaviors.
• Retention of Your Personal Data: We retain your Personal Data, which, to reiterate, never includes any sensitive information such as browsing history, DNS queries, or IP addresses linked to that data or any other online activities, for a limited period as per the relevant data protection law (as long as we have your consent or a valid reason for retaining such data). You can request the deletion of your data by submitting a valid deletion request (refer to Section 11). It's important to note that if you request the deletion of your Personal Data, you will no longer be able to use the Services.
• Legal Considerations: Your Personal Data is managed and stored by DeepVPN, not by its ultimate holding company, Kape Technologies PLC (UK), or any other affiliated entities. DeepVPN operates under the jurisdiction of the British Virgin Islands (BVI) in compliance with BVI laws (in accordance with Section 16 of the Terms). Consequently, any legal requests for Personal Data (or other forms of data) are subject to the jurisdiction and laws of the BVI. We vigorously defend our rights (as well as those of our users) in the event of any attempt to circumvent the privacy protections provided by the BVI. A parent, subsidiary, or related entity cannot be compelled to, nor would it voluntarily, provide Personal Data stored by DeepVPN.

How We Protect Your Personal Data In Relation to Service Providers

Agents, contractors, and third-party service providers of DeepVPN ("Service Providers") may have restricted access to pertinent data to aid us in processing payments, administering the Services, and supporting our business operations. All Service Providers who may access such data are bound by confidentiality and data processing obligations to maintain the data's confidentiality and refrain from using it for any purpose other than carrying out the services they perform on behalf of DeepVPN. These obligations encompass contractual commitments to safeguard data as mandated by applicable laws, including those governing the transfer of Personal Data from the European Union / European Economic Area to a third country.

Service Providers are granted access only to the data required for the services they provide on behalf of DeepVPN, which, in any scenario, will never encompass VPN activity or connection data as we do not collect such data.

In addition to Service Providers, we might share your Personal Data if you have given us your consent to share or transfer your Personal Data (e.g., marketing consents or opt-in to optional additional services or functionality).

Keys Data

We exclusively gather and retain Keys Data if you opt to utilize DeepVPN Keys, the password and secure data management service accessible via your Account. Keys Data stored in DeepVPN Keys is safeguarded using zero-knowledge encryption. No DeepVPN personnel or Service Providers can access or recover the information you store in DeepVPN Keys (even if you grant us authorization to do so).

Your Keys Data remains your property. You retain the ability to add, modify, and delete Keys Data at your discretion by accessing your DeepVPN Keys dashboard. To ensure its security, it is advisable to create a robust and distinctive primary password for DeepVPN Keys, one that is not easily guessed and differs from the password used to access your Account.

You have the option to import data from other password management tools into DeepVPN Keys by following the guidelines in your Account. Prior to doing so, we recommend reviewing the data portability guidelines of your former password manager provider, as these fall outside the purview of DeepVPN.

Usage Statistics Data and App Diagnostic Data

To maintain excellent customer support and ensure high-quality service, DeepVPN collects specific information regarding your VPN usage, as detailed below. The data collected for this purpose is strictly accessible to our staff on a need-to-know basis and may be shared with Service Providers for the mentioned purposes, but is consistently kept confidential.

DeepVPN guarantees that Usage Statistics Data and App Diagnostic Data never include any sensitive information, in line with our overarching commitment to refraining from logging browsing history, traffic destinations, data content, IP addresses, or DNS queries.

Regarding VPN Usage Statistics, our policy of limited data collection ensures that:

• We do not possess information about which user accessed a specific website or service.
• We do not have information about which user was connected to the VPN at a particular time or which VPN server IP addresses they used.
• We do not retain the set of original IP addresses of any user's computer.

If there were attempts to compel DeepVPN to disclose user information based on any of the above, we would be unable to provide this information as the data does not exist.

Apps and App Versions

We gather information concerning which Apps and App versions you have activated to utilize our Services. Knowledge of your current App version allows our Support Team to troubleshoot any technical issues you might encounter.

Successful Connection

As you use the App, we collect data on whether you have successfully established a VPN connection on a specific day (without recording the time of day), the VPN location used (without logging your assigned outgoing IP address), and the country/ISP from which the connection was made (without recording your source IP address). This minimal information assists us in offering technical support, identifying connection issues, providing country-specific guidance on how to optimize our Services, and aiding DeepVPN engineers in identifying and resolving network issues.

Aggregate Data Transfer Amount (in MB)

We gather data on the total amount of data transferred by an individual user. While we provide unlimited data transfer, if we notice that a single user is using more data than a large number of other users combined, thereby impacting the service quality for other DeepVPN users, we may contact that user for clarification.

Usage Statistics Data Summary

In summary, we collect minimal usage statistics to uphold our service quality. For instance, we might be aware that our user John connected to our New York VPN location on Tuesday and transferred a total of 823 MB of data over a 24-hour period. However, John cannot be uniquely identified as responsible for any specific online activity since his usage pattern overlaps with thousands of other DeepVPN customers who also connected to the same location on the same day.

Our systems are designed to deliberately exclude the storage of sensitive data. We may be aware THAT a user has used DeepVPN, but we are unable to isolate the user, and we never gain knowledge of HOW they have utilized our Service. We adhere firmly to our commitment to user privacy by refraining from retaining any data related to a user's online activities.

App Diagnostic Data

With your voluntary consent, we collect anonymized App Diagnostic Data, encompassing crash reports, usability diagnostics, and VPN connection diagnostics. We utilize this data in our network operations tools to optimize network speeds and identify issues and areas for improvement related to specific apps, VPN servers, or internet service providers (ISPs). The App Diagnostic Data we receive is fully anonymized and cannot be linked back to individual users (i.e., we do not store information about which user sent which data, and we do not store user IP addresses).

If you choose to share this information with DeepVPN (via the settings menu of your Account), we will collect the following anonymized App Diagnostics Data:

• Diagnostic details about unsuccessful VPN connection attempts.
• Speed test data.
• App diagnostics, including crash reports and usability diagnostics, without any personally identifiable information. These are managed in an anonymized form by the following Service Providers, bound by non-disclosure and other contractual obligations, depending on the platform on which you use DeepVPN:

  • Windows: Sentry, owned by Functional Software, Inc. See Sentry's Privacy Policy.

  • Mac: Firebase Crashlytics, owned by Google, and Sentry, owned by Functional Software, Inc. See Firebase’s Privacy and Security documentation and Sentry's Privacy Policy.

  • Linux: Sentry, owned by Functional Software, Inc. See Sentry's Privacy Policy.

  • iOS: Firebase Crashlytics, owned by Google, and Apple. See Apple’s Privacy Policy and Firebase’s Privacy and Security documentation. You can disable Apple’s crash reporting in iOS settings as described here.

  • Android: Firebase Crashlytics, owned by Google. See Firebase’s Privacy and Security documentation.

  • Browser extensions: Google Analytics, owned by Google. See Google’s Privacy Policy.

When you activate any of our Apps, you will have the option to choose whether to share App Diagnostic Data with DeepVPN. You can enable or disable the sharing of this data at any time within your App's settings menu. On iOS, you can turn off Apple's crash reporting in the iOS settings.

MediaStreamer Data

MediaStreamer is our service designed for gaming consoles and other devices that are unable to run a VPN (e.g., Apple TV). As this service does not operate through an application and lacks username/password authentication, we utilize a system that permits specific IP addresses, which you can register with us. You can register these IP addresses by logging into our website and accessing the "DNS Settings" page. These registered IP addresses, known as MediaStreamer Data, are securely stored in our system solely for the purpose of identifying authorized devices for MediaStreamer and are not utilized for any other objectives.

If you prefer not to utilize our MediaStreamer service but have devices that cannot support a VPN, we recommend using the DeepVPN App for routers. Unlike our MediaStreamer service, the App for routers does not require the registration of IP addresses. Please reach out to us at [email protected], and we will provide you with guidance on the necessary steps.

Cookies and Third-Party Analytics

For user experience enhancement and analytical purposes, DeepVPN utilizes various analytics services, including those from third-party Service Providers. These services may employ cookies, mobile identifiers, and other data to generate reports and statistics. However, they do not have access to information that directly identifies individuals or any Personal Data that users provide to DeepVPN.

What are Cookies?

Cookies and similar technologies are small text files utilized to store information about your visit to the Site on your computer or mobile device ("Cookies"). They enable websites to retain your actions or preferences over time, thereby allowing us to optimize and enhance the user experience of the Site by facilitating certain functionalities, such as website login and language settings. The specific Cookies we use may change over time as we continuously update and refine our Site.

Disabling Cookies

During your initial visit to the Site, you will be prompted to set your Cookie preferences. You can modify these preferences at any time by selecting Cookie Preferences from the menu at the bottom of most Site pages. Alternatively, you might be able to adjust your Cookie preferences from your browser's settings panel. Please note that our Site may not function as intended if you choose to disable Cookies.

DeepVPN's Cookies

The Cookies employed by DeepVPN enable us to establish your language preference, attribute visitors to a marketing channel, and securely present you with information that is pertinent to your Account once you log in. These Cookies contain a user identifier, but they do not contain any directly personally identifying information, such as your name or email address, and they do not track any activity outside of DeepVPN's domains.

Third-Party Cookies

DeepVPN utilizes Cookies from third-party services for Essential, Functional, and Marketing purposes.

Essential Cookies are necessary for the proper functioning and optimization of the Site. For instance, we utilize PayPal for users to make payments through that service. Other Essential Cookies in use include those that allow payments via Forter, Braintree, and Chargebee; those that aid in the analysis and improvement of page performance, such as Google Analytics, Google Optimize, Visual Website Optimizer, and Google Tag Manager; those that aid in traffic management, content delivery, and the prevention of malicious bots, such as Cloudflare, Cloudfront, and Gstatic; and one that enables you to specify your Cookie preferences, Usercentrics Consent Management Platform. Essential Cookies cannot be disabled, and your use of the Site implies consent to them.

Functional Cookies allow us to properly display or manage elements on the Site. For instance, we use Google Fonts to ensure proper text display. Other Functional Cookies in use include those for displaying video, like YouTube Video and Vzaar; those for producing maps, including OpenStreetMap and Google Maps; those used for managing Cookies, including Google Ajax and jQuery; one for tracking and reporting errors, Sentry; one for displaying avatars, Gravatar; and one for presenting quizzes and questionnaires, Typeform. Functional Cookies can be disabled.

Marketing Cookies are utilized by advertisers to serve ads relevant to your interests. For example, we utilize Google Ads remarketing to display advertisements on third-party websites (including Google) to users who have visited our Site. Other Marketing Cookies in use include those from DoubleClick Ad, Facebook Pixel, Facebook Social Plugins, Google AdServices, Google Syndication, Microsoft Advertising Remarketing, and PayPal Marketing Solutions. Marketing Cookies can be disabled.

Service Providers, including Google, use Cookies to deliver ads based on a user's past visits to the Site. Any data collected will be used in accordance with our Privacy Policy and Google's privacy policy. In addition to setting Cookie preferences via your browser or the menu at the bottom of our Site, users can opt out of Google's use of Cookies by visiting the Google Advertising Opt-out Page. Users may also opt out of Google Analytics by visiting the Google Analytics Opt-out Page and third-party use of cookies by visiting the Network Advertising Initiative Opt-out Page.

Device Information

DeepVPN utilizes device information (such as device type, operating system/language, or user agent, as well as mobile identifiers provided by Android or iOS devices) to generate statistics concerning the marketing channels and advertising partners through which users discovered and registered for DeepVPN Apps. This device information does not contain your name, email address, or any other Personal Data.

Disabling or Resetting Mobile Identifiers

Users have the option to disable or reset the mobile identifiers associated with their devices at any time. For instructions, please refer to Apple's page on Advertising & Privacy on iOS devices and Google's page on Managing your Google Settings on your Android device.

Email/Communication Analytics

To evaluate and enhance the emails and other communications we send, DeepVPN or its Service Providers may collect data for statistical reports. For instance, we may create reports to assess whether emails were sent successfully, if any delivery delays occurred, or the frequency with which an email was opened.

Engagement with External Products

The Site might include connections to external websites, mobile software applications, products, or services that are not owned or managed by DeepVPN and may be governed by distinct terms and conditions. Please note that these third parties may gather personal information from you. DeepVPN does not take responsibility for the privacy practices or content of such external websites. We suggest that you review the terms and conditions and privacy policies of each third-party service provider that you interact with in relation to the Site or the Services.

Users in the European Union

DeepVPN prioritizes user privacy globally, adhering to practices that involve minimal data collection and granting users authority over their Personal Data. The General Data Protection Regulation (“GDPR”) of the European Union (“EU”) necessitates us to delineate these practices specifically for EU users.

In compliance with the GDPR, we gather and handle the Personal Data specified in this Privacy Policy based on the following criteria, contingent on the situation:

• To fulfill our contractual obligations, which encompass:
  • Serving Subscribers with the requested Services.
  • Overseeing subscriptions and handling payments related to our Services.
  • Providing customer support.
• Based on legitimate interests linked to our business operations, including:
  • Enhancing the quality, dependability, and efficacy of our Services.
  • Engaging with customers to impart information and gather feedback concerning our Services.
  • With the consent of users, which can be retracted at any time.

Your Privacy Rights

• Rights: While using our Services, you hold the following rights (subject to specific exceptions or exemptions).
• You have the right to access personal data stored about you.
• You can request corrections to any inaccurate or incomplete personal data we hold.
• You have the right to request the deletion of your personal data. Please note that such deletion might result in the unavailability of our Services to you.
• You can request restrictions on or object to the processing of your personal data.
• You are entitled to request and receive your personal data in a commonly used format (data portability).
• You have the right to withdraw your consent, upon which processing is based, at any time.
• You have the right to file a complaint with your local data protection supervisory authority.
• You can exercise your rights by contacting us as described in Section 16.
• You can authorize a third party to submit a request on your behalf as an authorized agent. To verify the authorized agent's legitimacy, they must possess written authorization signed by you, and you must provide us with a copy of the signed authorization. To ensure your privacy and security, we may take additional steps to verify your identity.
• We will address all requests in accordance with applicable laws and to the best of our ability promptly.

Users in California

• Under the “Shine the Light Act” (California Civil Code Section 1798.83), California residents may request information about any disclosure of personal data to third parties for their direct marketing purposes. We do not disclose any such data to third parties for direct marketing. However, California residents who wish to make a request (once per user per year) may contact us as described in Section 16.
• The following rights (which may be subject to certain exemptions or derogations) apply to individuals covered by the California Consumer Privacy Act (“CCPA”)
• You have the right to know what personal data is being collected about you and how it is used and shared.
• You have the right to request the deletion of your personal data. Please note that such deletion may result in the unavailability of our Services to you.
• You have the right to opt out of the sale of your personal data. However, there is no need to exercise this right as DeepVPN does not sell any data to third parties.
• You have the right not to be discriminated against for exercising any of these rights or other rights under the CCPA.
• You have the right to withdraw your consent, upon which processing is based, at any time.

Use by Children

We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Data from individuals under the age of eighteen (18) or under the age of majority in the jurisdiction of residency / from which the Services are used. If you are under the age of eighteen (18), or under the age of majority in the jurisdiction where you reside or from which you use the Services, do not provide any Personal Data to us without the involvement of a parent or a legal guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide Personal Data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us as described in Section 16.

Changes to This Privacy Policy

We may update our Privacy Policy periodically, with or without notice to you, in accordance with applicable privacy laws and principles. Your continued use of the Services and/or access to the Site constitutes your acceptance of our Privacy Policy.

How to Contact DeepVPN

If you have any questions, concerns, or complaints regarding our Privacy Policy, our compliance with the applicable laws, or how we handle your information, or if you wish to exercise your privacy rights, please do not hesitate to contact us at the following email address:

[email protected]