April 28 2020
As an internet privacy & security service provider, we make sure your privacy is our primary concern, and we will be 100% transparent with our users. We believe the relationship between the users and us is built on trust, and trust is built on the truth. To offer better clarity for you, let's start with three points:
We do not log how you utilize VPN connection, which means we do not see the applications, service or websites you use personally while connected to our Service nor do we store them.
We do not store your original IP address which means we cannot share it to anyone no matter what happened.
We will not sell, use, or disclose any personal data to third parties not mentioned in this Privacy for any purpose.
Our guiding principle toward data collection is to collect only the minimal data required to operate a world-class VPN service at scale. We designed our systems to not have sensitive data about our customers; even when compelled, we cannot provide data that we do not possess.
Categories of Personal
Data, How & Why（Include the data over the past 12 months）
Such as registration date, email address (only if you choose to sign up with an email), subscription status (only if you make the purchase);
This data is automatically collected during actions including registration, purchase. It is strictly used for the user-support purpose.
VPN USAGE DATA
Such as the server you connected, connection timestamp, choice of the protocol, network type and error report;
This data is automatically collected during VPN connection and is used for troubleshooting & VPN service optimization only.
Such as your device information, app version, data usage and geolocation(only city-level)
This data is automatically collected when you open and use XVPN and it helps us to better understand our users and product planning, to further improve the user experience and user satisfaction.
Such as payment method, transaction ID (or reference ID) and timestamp;
This data is automatically collected by us when you make a purchase and is used for user support and troubleshooting only. Virtually, more information including geolocation, cardholder last name and last four digits of the Credit card may be collected independently by a third-party payment platform which is separated from our internal system.
Defense data: when you try to sign in or sign up on our site, we may collect your original IP address which is deleted automatically in 5 minutes to prevent Brute force. We cannot see the IP address or download it during that period.
Analysis data: such as sites visited via our servers from all users, it is anonymous aggregated data mixed from our tens of millions users which is non-identifying. we do not attribute any website visit or app usage to any specific user.
We retain essential data such as account data, status data and payment data to maintain the Service, unless you request a deletion. Besides, VPN usage data will be kept for LESS THAN 48 HOURS for the purpose of user-support and then automatically erased from our system permanently after that period.
We store your Personal Data only as long as it is necessary for the purposes for which it is collected, to provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. We erase or destroy the records containing Personal Data when they are no longer required; this will be done in ways that will ensure your continued privacy.
Free Connected Limited is the Data Controller of the information you provide us.
We are committed to protecting our users’ personal data as we have various technical and organizational measures in places to ensure, e.g., our system will erase the user's original IP addresses automatically if any, and only our authorized employees have the access to the data.
XVPN uses exceptionally strong safeguards to protect the privacy of all our records, including your Personal Data. We implement physical, business and technical security measures. These strong safeguards are designed to prevent unauthorized access, disclosure, loss, theft, copying, use or modification to your Personal Data.
We use the following cookies to help us provide better services on our websites：
Cookies: These cookies store your preference, logins on our site to provide you a fluid experience and will be erased when you close your browser.
Google Analytics: The tool uses a series of cookies to collect information and generate a report on website usage statistics, but does not disclose any personally identifiable information.
You may change your browser or devices’ settings to disable or refuse certain cookies on our site. Please note that disables certain cookies may result in inaccessibility of our services on the websites.
The Third-Party Site may contain links to external websites that do not fall under XVPN’s domain. XVPN is not responsible for the privacy practices or content of such external websites.
Some third parties may be able to collect certain information from you independently from us including third-party payment platforms, analytics-tool providers or advertisers. You can find the information of such third parties listed here, as updated from time to time:
Paymentwall, PayPal, GiftCards, ADVcash, CoinPayments, Adjust, Google Analytics, GCM, AdMob, Applovin, Mopub, Vungle, Fabric, ironSource, InMobi, StartApp, etc.
Consent and Age Restrictions
We do not log information from children under 18 intentionally as the Service is not direct to anyone under the age of 18. DO NOT USE the Service if you are not of legal age.
Rights of Access, Rectification, Deletion, and Restriction
You have the right to inquire as to whether XVPN is Processing Personal Data about you, request access to Personal Data including the categories of personal information we have collected about, and the categories of any of your personal information that we have disclosed for business purpose. You have the right to ask that we correct, amend or delete your Personal Data.
In each case, XVPN provides this information: We provide the receipt of a Verifiable Consumer Request without charge, ,and you can request us up to 2 occasions every 12 months. We will send you a portable, readily-usable format (e.g. XML, or CSV,etc) within 45 days. If reasonably necessary, we may extend this period by an additional 45 days after we notify you.
How to Exercise the Right to Access, Rectification, Deletion, and Restriction
You can use the contact ways to request access to, receive, restrict, or request deletion or rectification of Personal Data held about you by XVPN.
To protect your privacy, XVPN requires you to login to your account with a username and password before granting you access to or allowing you to make any changes to your Personal Data. XVPN makes good faith efforts to provide you with the ability to delete your Personal Data, however there may be circumstances in which XVPN is unable to delete all your Personal Data. For example, we are unable to delete it where we are legally required to keep it, including where we need it to continue to offer you the service.
If XVPN determines that your Personal Data cannot be deleted, we will explain why and provide a contact for further inquiries.
. We will address your concerns and attempt to resolve any privacy issues in a timely manner.
Users in the European Union:
This section applies to individuals in the European Union and to individuals in other countries whose data privacy laws are similar to GDPR.
As a Data Subject you have rights under the GDPR. These rights can be seen below. XVPN will always fully respect your rights regarding the processing of your personal data, and has provided below the details of the person to contact if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR.
(Chapter 3 of the GDPR) each Data Subject has eight rights. These are:
- The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
- The right of access; this is your right to see what data is held about you by a Data Controller.
- The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way.
- The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
- The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
- The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format.
- The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
- Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.
XVPN is committed to user privacy globally, and our existing practices reflect that through minimal collection of data and ensuring users have control over their personal information. The General Data Protection Regulation (GDPR) of the European Union (EU) requires us to outline those practices in a specific manner for users in the EU.
1. For the purposes of fulfilling our contractual obligations to users, including:
Providing users with the Services and Apps they have requested.
Managing user subscriptions and processing payments.
Providing customer support.
2. For a legitimate interest associated with the operation of our business, including:
Enhancing the quality, reliability, and effectiveness of our Site, Services, and Apps.
Communicating with customers to provide information and seek feedback related to our Services and Apps.
You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at: [email protected]
(Please note that we may need one month or longer to respond)
Users in California
XVPN does not share information that identifies you personally with non-affiliated third parties for our own marketing use without your permission.
California Consumer Privacy Act
We will not discriminate against you for exercising your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Users in Nevada
XVPN does not sell information that identifies you personally with non-affiliated third parties. XVPN will not sell or trade Personal Data for commercial purposes.
Here's the end of this Policy
Effective: March 23 2020