We're built for privacy. Internally we know what exactly that means; we use privacy as a filter for decision making. If a choice needs to be made between one practice that deepens a user's privacy, and another that would diminish it but accelerate our growth, we'll always take the slower, more private option. If you'd like to know more about our principals and beliefs that drive our choices, please see our about us page.
We realise how important it is that our customers fully understand what we mean by privacy. This policy gives you an overview of;
- What we mean by "logless"
- What information we collect, how its stored, and how its used
- What happens in the case we are subpoenaed, receive a court order or DMCA copyright infringement notice
- What we do with information relating to cancelled or dormant accounts
- How we handle subject access requests
We've tried our best to make this policy human-readable so you can get the facts you need quickly.
Minimum user knowledge is our end goal
When you sign up for IVPN, we collect the minimum amount of information we need to provide and maintain our service. As we grow we'll look to further reduce that personal data footprint, leaning into processes and systems that enable us to provide our service while requiring less and less information to do so.
Question: What don't you log?
- No traffic logging
- No DNS request logging
- No connection timestamp or connection duration
- No logging of user bandwidth
- No IP address logging
- No logging of any account activity except total simultaneous connections (explained below)
Question: What data do you collect and store?
Answer: To create an IVPN account you need only provide an email address. That address is used to facilitate password resets and to send important security updates relating to our service. Should you wish to opt out of email communication please contact out support team to be removed from our mailing list. You're free to use any email address, disposable or permanent. Your email address will be associated with an IVPN ID, an internal ID used to manage your account.
We don't require any other personally identifiable information should you use more anonymous payment methods such as cash or cryptocurrency.
Each account also carries a subscription expiry date so we can manage both trial period expiry and re-subscription.
This is the data we store for an account
|IVPN ID||Email address||expiry date|
And here is the data we store for a cryptocurrency or cash payment
|payment||ivpn_id||amount||currency||timestamp||btcpay_transaction_id (if crypto)|
Question: What if I pay using credit card or PayPal?
Answer: Some payment information may be related to your account, for example, if PayPal is used a PayPal transaction ID with be associated with your account, as well as a subscription ID should you set up a PayPal subscription.
This is the data we store for a PayPal transaction
For credit card payments, we use Braintree as our payment processor, and store a Braintree transaction ID against your account. If you elect to enable auto-renew for card payments, a subscription ID will also be stored.
This is the data we store for a credit card payment
In order to process your payment Braintree and PayPal will request additional information. Braintree requires collection of your card details to process your payment, and PayPal will require name, email and address information to create a new PayPal account as well as agreement to their terms of service. These additional datapoints are not stored by IVPN, though Braintree and PayPal are required to retain them for many years. In addition, no 3rd party payment provider has access to your IVPN ID.
In short, where we can offer anonymous payment methods we will, and we collect as little information as possible to process them. However centralised or 3rd party payment systems and their data processing and storage are out of our control.
Please select cash or cryptocurrency payments should this be of concern.
Question: Why do you store transaction_id and subscription_id?
Answer: To be able to properly process our 7 day money back guarantee and resolve other payment issues, as well as to enable auto-renewal resubscription.
Question: Where is my data stored and who has access to it?
Answer: IVPN is subject to EU law and is in compliance with the EU Data Protection Directive (Directive 95/46/EC), which prohibits companies transferring data to overseas jurisdictions with weaker privacy laws. IVPN will not locate servers in countries where it's forced to break this compliance. Due to the nature of our logging practices VPN servers do not contain any personally identifiable information and thus, if seized, could not be used to identify users.
No 3rd parties have access to any of your data. We always use 1st or 3rd party tools we can host on our own servers in a protected and secure environment.
Question: How do you limit simultaneous connections?
Answer: To authenticate customers our VPN servers send a request to a central authentication server, containing the customers account ID. The authentication server holds a temporary record of all connected customers. When a customer connects to a VPN gateway the authentication server checks how many active authentication records are already in the table for the user ID, if it exceeds the allowed number of simultaneous connections then authentication is denied. When a user disconnects the relevant record is deleted. If an adversary was able to gain access to this data they could only determine which users were logged into the VPN network at that exact moment in time.
That means should you or anyone request to know how many connections you had at a specific time in the past, we couldn't tell you, because we don't store it.
Question: What information is collected and stored when I visit the IVPN website?
Answer: IVPN have selected Piwik as their web analytics platform. Web analytics allow us to understand our users engagement with our site to understand where it delivers value, and where it can be improved in terms of usability, simplicity and speed. It also helps us to understand where our site visitors originate, and audit those referring sites to ensure they aren't making unfounded or exaggerated claims.
Piwik is open source software that is hosted on our own server infrastructure to ensure your privacy (unlike platforms such as Google Analytics). For example, the Center for Data Privacy Protection in France (CNIL) recommended Piwik as the only tool that can easily ensure full compliance with privacy regulations. Piwik is used to analyse in aggregate information about our website visitors.
- your browser user-agent,
- screen resolution,
- referring website,
- IP address.
To ensure your privacy IVPN discard the last two octets of the IP address. Piwik may also set a web cookie to facilitate the identification of users who revisit the site.
Question: What information is retained when I stop using your service?
Answer: When a VPN account is terminated on our network due to the subscription ending, non-payment or for any other reason, all data associated with that VPN account including the account itself is deleted from all systems.
We do not delete our customer's client area account which includes the email address and password which they use to sign up for their account.
However if you wish you can simply request deletion of your client area account by submitting a ticket to our billing department.
Question: How can I get access to the data you store on my behalf via a subject access request?
Answer: In accordance with GDPR legislation, reasonable requests for release of a specific user's data will be honoured within 28 days of an acceptable request from a user or person with a provable legal relationship with that user.
We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. Any refused subject access requests will be responded to without undue delay including the refusal reason as well as recourse to refer to the supervisory authority.
Subject access requests should be made in writing to firstname.lastname@example.org
Question: Where is the regulatory authority that oversees the jurisdiction in which IVPN operates under GDPR?
Answer: IVPN is registered in Gibraltar, and as such the GDPR regulatory body is the Gibraltar Regulatory Authority. Their website can be found here - http://www.gra.gi/.
Question: What happens if you receive a legal notice such as a DMCA for copyright material that I have downloaded?
Answer: Since our customers are using an IVPN issued IP address when using our service, such notices are directed to IVPN and our legal department will issue an appropriate response. Since we store no connection logs, we couldn't associate a request with a customer identity even if legally compelled to do so.
Question: How do you react when requested by an authority for information relating to a customer?
Answer: The company is incorporated in Gibraltar. If a court order is received from a recognised legal authority with jurisdiction over IVPN then the company will comply with that order. However, the company cannot be compelled to hand over information which it does not have. When a customer signs up we request the minimum information possible, a valid email address. If it ever becomes required by law for us to keep a persistent log of our customers connections or any personal data relating to their network activity, we will immediately notify our customers and do everything in our power to move jurisdictions or close the service to protect those who entrust their privacy to us.
Question: What happens if laws change?
By default, if one of our mobile apps crashes while you're using it, anonymized data about the crash will be collected on the device to help us identify the cause of the crash and hopefully fix it in a future update. These "crash logs" contain information such as the state of the app, operating system, and device at the time of the crash, but not your private data.
On our mobile apps, you can opt-out of crash log reporting by disabling it in user preferences.
On our desktop apps, crash logs are only sent manually by user action.
Crash logs are sent to an IVPN controlled server and not third-party vendors.
Changes to policy
If you have any questions or comments regarding this policy, please do not hesitate to contact us.