1. Who we are
This policy describes how VaultWave VPN Ltd. ("we", "us") processes personal data of users of the VaultWave VPN VPN service at pn-v3-06.pages.dev. We are the data controller. For privacy questions, write to privacy@pn-v3-06.pages.dev.
2. Data we collect
We collect the minimum necessary to operate the service: your account email, your subscription status (from Apple / Google), and support messages you send us. We do not collect connection logs, DNS queries, IP addresses during a session, browsing history, or bandwidth-per-user.
3. How we use it
We use your data to operate the service, reply to support messages, comply with tax and accounting law, and detect abuse. We do not use your data for advertising, profiling, automated decision-making, or to train AI models. We will not share data with any third-party AI service without your explicit prior consent.
4. VPN commitment
VaultWave VPN does not sell, use, or disclose user data to third parties for any purpose. We have no connection logs to disclose — we do not keep them. This commitment applies to all VaultWave VPN services, regardless of jurisdiction.
5. Third-party processors
We rely on Apple and Google for App Store billing, Stripe for web billing, and Cloudflare for website infrastructure. Each of these processors has signed a data-processing agreement with us and provides the same or equal protection for user data as outlined in this policy. We do not sell data to them or to anyone else.
6. Data retention
Account email: retained until cancellation plus 30 days. Billing records: 7 years (UK tax law). Support tickets: 180 days. Server load (aggregate, anonymous): 30 days. Connection logs: we do not keep them, so there is nothing to retain.
7. International transfers
Where your personal data is transferred outside the European Economic Area, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission on 4 June 2021, supplemented by end-to-end encryption of all transfers.
8. Your rights (GDPR)
If you are in the EEA, the UK, or Switzerland, you have the right to access, rectify, erase, port, object to, and restrict the processing of your personal data, and to lodge a complaint with your national Data Protection Authority (in the UK: the Information Commissioner's Office). To exercise any right, write to privacy@pn-v3-06.pages.dev. We respond within 30 days.
9. California (CCPA) rights
California residents have the right to know what personal information we collect, to request its deletion, to opt out of its sale (we do not sell personal data), to request correction, and to non-discrimination when exercising any of these rights. To exercise a CCPA right, email privacy@pn-v3-06.pages.dev with the subject "CCPA request".
10. Security and breach notification
We protect your data with AES-256 encryption at rest, TLS 1.3 in transit, and server-side log directories mounted on volatile memory (tmpfs). Our infrastructure is independently audited every year. In the unlikely event of a personal-data breach likely to result in a high risk to your rights, we will notify affected users and the relevant supervisory authority within 72 hours of discovery, in line with Articles 33 and 34 GDPR.
11. Changes to this policy
We may update this policy to reflect changes in the service or the law. Material changes will be notified to you by email at least 30 days before they take effect. Minor edits (typos, clarifications) take effect immediately and are logged.
12. Contact
Data Protection Officer — VaultWave VPN Ltd., 27 Old Gloucester Street, London WC1N 3AX, United Kingdom. Email: privacy@pn-v3-06.pages.dev.