Special Offer: Save $144 on our annual subscription
Disconnected

Privacy Policy

The below privacy policy is effective as of July 12, 2024. Previous policy may be found here.



Last Updated: June 2024

At OVPN Integritet AB (“OVPN”, “we”, “our”, or “us”), your privacy is of the utmost importance. In 2023, OVPN was acquired by the Pango Group (“Pango”). You can learn more about Pango at www.pangoholdingcompany.com

Thank you for taking the time to read our privacy policy (the “Privacy Policy”). This Privacy Policy sets out how we collect, use, process, store, and disclose your personal data on https://www.ovpn.com (the “Website”), the OVPN app (the “App”), and use the OVPN products, namely, the OVPN VPN service (the Website, App, and OVPN VPN services together, the “Services”). We also set out certain changes being implemented in conjunction with OVPN’s acquisition by Pango. By accessing and using our Services after the advance notice and posting of this privacy policy, you freely and expressly consent to the collection, use, processing, storage, and disclosure of your personal data as set out in this Privacy Policy.

For ease of reference, in this product privacy notice we use the term “VPN browsing activity” to refer to online activities you conduct via VPN connections initiated with our VPN products. This includes what you are browsing, viewing, or doing online via the VPN connection.

Key Assurances

OVPN does not record your VPN browsing activities in any way that can be associated back to you, and this policy is not changing as a result of the Pango acquisition. When you use a VPN connection, we do not store any information that identifies what you browse, view, or do online via that VPN connection. The exception is when you choose to communicate with us (such as via chat or email) over a VPN connection and have chosen to identify yourself to us.

Table of Contents

1. When We Collect Information
2. Types Of Information We Do and Don’t Collect
3. How We Use Your Personal Data
4. How We Disclose Your Personal Data
5. Your Privacy Choices
6. Use of Pixel Tags and Cookies
7. Security
8. Retention
9. U.S. State-Specific Disclosure
10. UK/EEA Residents’ Notice
11. Children’s Privacy
12. Third-Party Links On Our Website
13. Changes To This Privacy Policy
14. Contact Us

1. When We Collect Information

We may collect personal data that you provide when you:

  • Register for our Services.
  • Update or otherwise use your account, including billing information.
  • Interact with us including through our newsletter or through customer support.
  • Contact us.

2. Types Of Information We Do and Don’t Collect

Information we DO NOT collect

Our VPN products do not log or otherwise record IP addresses, device identifiers, or any other form of identifier in combination with your VPN browsing activity. Simply put, this means that our VPN products do not store any information about what any specific user browsed or accessed through a VPN connection.

When connecting with Wireguard, we collect your IP address and store it in temporary memory until the end of your VPN session at which point it will be deleted. We assure you that the IP address will never be associated with your VPN browsing activity. This means that we are not able to share your VPN browsing activity with anyone – whether it is an ad network or government agency – because we simply do not store that information.

When you access a site through an OVPN connection, your IP address appears to that site as the IP address assigned by the VPN servers (what we call a “public-facing” IP address). Those public-facing IP addresses are used by multiple users and we do not record the actual IP addresses of users who use those public-facing IP addresses. As a result, we are not able to connect activity originating from a public-facing IP address to activity conducted by any individual user.

Information we DO collect

When you register for an account, we collect:

  • Account information such as a username and password and the timestamp the account was created and updated.
  • Email address for billing purposes, if provided.
  • Payment information such as credit or debit card.
  • Information you provide when you contact us, including any information you provide when you inquire about our services or interact with our customer service team or chat tools which may include your contact information such as name and email address.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • To operate and improve our Services.
  • To process payments securely.
  • For customer support.
  • To communicate with you, including via our newsletter.
  • For marketing and advertising.
  • For other business and legal purposes, such as to detect and prevent fraud, to collect amounts owing to us, and to maintain business records.
  • With your consent.

How We Use IP Addresses

As written above, we do not log or otherwise record IP addresses in connection with your VPN browsing activity. In the interest of transparency, we do collect and use IP addresses in these other contexts:

  • Protecting against fraud in connection with financial transactions with us.

4. How We Disclose Your Personal Data

We may disclose your personal information with your express consent, such as if we introduce a partnership or co-marketing opportunity to you. We may also share your personal data under the following circumstances;

  • To corporate affiliates of Intersections LLC or Pango GmbH, including other companies within the Pango Group family of companies.
  • Vendors or service providers who operate as personal data ‘processors’ on our behalf and have no independent rights to use your information for their own benefit. For example, we may disclose your name and email address to email service providers who help us provide our email newsletters.
  • We use vendors to help us manage and optimize our Website, which may include the use of pixel tags to collect anonymous website metrics. See the Cookies and Pixel Tags section below for more information about these uses.
  • Help us provide our chatbot. This may include disclosure of the communications with our service provider, Zendesk. The contents of the communications will not be used for any purpose other than to support us, but are also subject to Zendesk’s applicable terms of use, privacy and security policies which can be found here.

In addition, we may share your personal data, in order to:

  • Protect the legal rights of our company, our employees, our agents, and our affiliates.
  • Protect the safety and security of our customers.
  • Detect and protect against fraud.
  • Comply with law or legal process.

As part of a business transition.

  • We may also share your personal data with prospective purchasers in a confidential method exclusively to evaluate the proposed transaction.
  • We may also share your personal data with another company that buys the assets or stock in us. That company may use and disclose personal data for purposes similar to those described in this Privacy Policy.

We may share aggregate or anonymous information for any purpose. This means that the information we share does not identify specific individuals, or is combined with other data to protect your privacy.

5. Your Privacy Choices

You have the right to exercise the following choices with our use of your personal data:

  • Access the personal data we maintain about you.
  • Delete the personal data we maintain about you.
  • Correct inaccurate personal data we maintain about you
  • Opt out of certain uses of your personal data, notably: Email marketing. You can unsubscribe to our email list by clicking the unsubscribe link at the bottom of marketing emails.

You can exercise these rights by contacting us at privacy@OVPN.com.

6. Use of Pixel Tags and Cookies

Like many companies, we use cookies and similar technologies such as pixel tags (aka; clear gifs, web beacons) (collectively, “Cookies”). As noted, cookies or other tracking technologies are not utilized as part of our VPN services. You can learn about our use of cookies in our Cookie Policy.

7. Security

OVPN employs a range of administrative, organizational, technical, and physical safeguards designed to protect your data against unauthorized access, loss, or modification. Access to your Account Information and Services Information is restricted to our employees who require such access to perform their job functions. While our controls are strong, no data security measures can guarantee 100% protection.

For our VPN services, our network providers do not require us to collect or share any information about what our users are doing via a VPN connection through their networks. Our VPN servers are monitored using a state-of-art intrusion detection system backed by a 24x7 security operations center.

8. Retention

We will retain your account and payment information for as long as your account or inquiry is active or as needed to provide you with the Services, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. As previously mentioned, no information about what our users do when connected to our VPN services is stored beyond a session. Even if we delete some or all of your personal data, we may continue to retain and use aggregate or anonymous data previously collected and/or anonymize or aggregate your personal data.

9. U.S. State-Specific Disclosure

Some U.S. states have enacted comprehensive privacy laws that require businesses to offer an opt out of the “sale” or “share” of your personal data for targeted advertising. We do not sell or share your personal data for targeted advertising purposes.

10. UK/EEA Residents’ Notice

Residents of the United Kingdom (“UK”) and European Economic Area (“EEA”) are provided certain privacy rights under the UK and EU General Data Protection Regulations (“GDPR”).

Legal Basis

Under the GDPR, we process ‘Personal Data’ (as defined in the GDPR) under the following legal basis.

Processing Activity Legal Basis under GDPR
Use of our VPN services Contract fulfillment
Placement of cookies through our Website Consent
Implementing our customer support tools Contract fulfillment
Improving our Website and Services Legitimate Interest
Product, Marketing, or Service-Related Communications Legitimate Interest

Controller Designation

Under the GDPR, we are designated as a ‘Controller.’

Cross-Border Data Transfers

Our account and VPN services are currently operated in the EU, but we reserve the right to transfer account-related information to servers in the United States or another location of our choosing. If you are a resident of the EEA, UK, or Switzerland, we may transfer to, and store the data we collect about you, to countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, UK, and Switzerland. We rely on Standard Contractual Clauses (“SCCs”) for the transfer of personal data to countries that have not received an applicable adequacy decision, as well as the UK’s ‘International Data Transfer Addendum’ to the SCCs.

For more information on cross-border transfers of your Personal Data or the appropriate safeguards in place, please contact us at privacy@OVPN.com.

Data Protection Officer

We have appointed a Data Privacy Director to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, or would like to request access to your Personal Data, please contact our Data Protection Officer at DPO.pango@twobirds.com.

Additional Rights for UK or European Economic Area Residents

In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11. Children’s Privacy

We do not intentionally collect any personal data from children under the age of 16. If you are under the age of 16, please ask a parent or guardian for help in using our Website or Services. If you believe we have obtained personal data associated with children under the age of 16, please contact us at privacy@OVPN.com and we will delete it.

12. Third-Party Links On Our Website

Our Services may contain links to other websites or services. We do not exercise control over the information you provide, or is collected by these third party websites. We encourage you to read the privacy policies or statements of the other websites you visit.

13. Changes To This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy on this page with a “Last Updated” effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.

14. Contact Us

If you have any questions about our privacy or security practices, or if you would like to request access to or correction of your personal data, you can contact us by email at privacy@OVPN.com or at:

Intersections, LLC
250 Northern Ave., 3rd Floor
Boston, MA 02210