VPN MAX Privacy Policy

VPN MAX's core mission is your safety. This Privacy Policy outlines the following:

(a) information that we collect when you are using our Services or the Website

(b) why we collect such information

(c) how we collect, store, and use your data;

(d) under what circumstances your data can be disclosed; and

(e) how you can access your information, check its accuracy, correct it, or have it deleted.

Furthermore, this Privacy Policy states what type of data we do not collect under any circumstances.

This Privacy Policy also describes the information security actions we take and specifies the contact persons handling your queries or complaints should you have any. In order for us to provide the Services to you we need a certain minimal set of data. We do not store your private details on our servers and, therefore, we are incapable of disclosing or misusing those. We do not store information regarding your actions online, logs, or browsing history, as well as details related to traffic destination and content, or DNS queries; we do not keep a connection log, and we do not store your actual IP address, your outgoing VPN IP address, connection timestamps, or session duration. This Privacy Policy and VPN MAX Terms of Service form a single legally binding and valid document presenting an Agreement between you and VPN MAX. Unless otherwise stated, the capitalized terms herein shall have the same meaning given to them in the Terms of Service. Our head office is registered in Kazakhstan. We operate under jurisdiction and in accordance with the laws of Kazakhstan.

General Information

We collect various data depending on how you are using the Services. The respective sections below contain detailed descriptions of the types of data we collect.

(a) Personal details related to your Account (the Personal Details)
Personal Details are any information that can identify a person (on its own, or in conjunction with any other information). We collect this information to provide our Services to you. It includes your email address and any payment information that you give us when creating or updating your Account.

(b) Overall information regarding the apps you use and VPN statistics (the Statistics of Use)
We also collect the minimal Statistics of Use so as to maintain the service quality. This does not include the actual online actions of the users (including while using VPN). We do not collect (and, thus, cannot use or disclose) the information regarding the VPN traffic content or destination, DNS queries, or user IP addresses.

(c) Sanitized app diagnostics, including crash reports (the App Diagnostics) — optional
The App Diagnostics means sanitized messages regarding the apps’ defects and failures, as well as the use and connection diagnostics. These data are not sent by default. You need to permit the transfer of such information in your apps’ settings or manually send the failure report.

Personal Details

We only collect the Personal Details that you give us through your Account. We need your email address and payment information to provide our Services, respond to your requests, receive your payments, and give you important news. Depending on the payment method you select, this may include, e.g., your name, your country, your billing address, and your credit card number. There are also third-party payment services and websites that are controlled by independent operators (e.g., PayPal, BitPay, Paymentwall, Stripe, etc.) and may collect their own sets of data. You can learn about their data collection from their respective terms of service and privacy policies. You can also set up payment using, e.g., Bitcoin so as to keep your transmitted personal details to a minimum.

Why Do We Need Your Email Address?

We will use your email address (including the password reset option) to provide our Services to you, contact you regarding the payment, give you important news, respond to your requests, and share ads and other information related to our services (the Newsletter and Marketing Information). You may opt out of receiving the Newsletter and Marketing Information. This Privacy Policy contains an explicit description of any use of your Personal Details. We do not sell, or provide access to, your Personal Details to any third parties. Our collection of your Personal Details is legitimate; it complies with the requirements of the applicable law, and is performed for the purpose of fulfilling our contractual obligations to you. We control and store the details related to VPN MAX Accounts solely on the servers and systems belonging to us or to our subsidiaries. When in exceptional cases our affiliates need to process your details we provide those to them to a limited extent and for a limited period solely for the declared purpose of such processing; and we ensure the same data protection standards and protocols are observed as we apply ourselves. For the avoidance of doubt, we never transfer control over your Personal Details to our affiliates, including our controlling company.

Our Protection and Retention of Your Personal Details

Security.
We apply the most efficient physical and technical security measures with respect to our offices and data storage facilities that are currently available and that prevent losses, unauthorized use, disclosure of, or changes to, your Personal Details. However, you should understand that there is no such thing as perfect protection. This is why we intend to collect as little data as possible.

Servers and data centers.
We use reliably protected centers that do not require us to collect your Personal Details and information regarding your traffic. We will immediately stop using their services if we receive such a request. Even if a government were to seize our servers, no one could identify you since we do not store any logs.

Storage of your Personal Details.
We store a limited scope of your details for a limited period in accordance with the applicable laws. As soon as the reason for our storage of such details disappears, or as soon as you request us to delete your data, we delete those. Please note that after your details are deleted you will no longer be able to use the Services.

Legislation.
It is VPN MAX and not any of its affiliates that stores and uses your Personal Details. We act under the jurisdiction and in accordance with the laws of Kazakhstan (see Sections 15 and 16 of the Terms of Service). Any legal demand or request related to the Personal Details (and other data) is also governed by the laws of Kazakhstan. If we discover any attempt to bypass the laws we will use our best efforts to protect your rights as well as ours. Our controlling entities, subsidiaries, and affiliates never disclose any Personal Details stores by us, either voluntarily or when obligated.

Our Protection of Your Personal Details From Service Providers

We may provide limited access to some information to our agents, contractors, and third-party service providers (the Service Providers) that support and assist us when processing payments, providing Services, and otherwise. We bind all such Service Providers by strict confidentiality obligations and prohibit them from using the data for any purpose other than cooperation with us as declared. This includes contractual obligations to protect information in accordance with the applicable laws, including regarding the transfer of data from the European Union / European Economic Area to other countries. The Service Providers have limited access to as little information as needed. We do not provide them with information regarding your actions online or VPN connections since we do not have that information ourselves. Beyond that, you may give us permission to transfer additional Personal Details (e.g., for marketing purposes or to receive additional services).

Statistics of Use and App Diagnostics

In order to maintain quality of service, we collect certain information regarding your use of VPN, which we provide to our employees and Service Providers under strict confidentiality commitments solely when necessary and for the purpose stated above. The Statistics of Use and the App Diagnostics do not contain any private details just as we do not store your browsing history, traffic destination and content, IP addresses, or DNS queries. We collect only the minimal data meaning:
We do not know who specifically uses which websites.
We do not know who and when specifically connects to VPN (and which specific server they use).
We do not know your actual IP address.
Under no circumstances are we able to disclose such information because we do not have it.

Apps and Versions of Apps

We need the information regarding the apps you use and their versions in order to provide our Services to you and solve your technical difficulties.

Successful Connection

We collect information related to your successful connections to VPN: the day, on which you connect; the server, to which you connect; and the country, from which you connect (or the ISP that you use). We do not know the exact time of the connection or your outgoing IP address. This information helps us identify the connection problems, recommend you the best way to use our Services, and fix network issues.

Overall Scope of Data Transferred

We need to know the overall scope of data transferred by specific users. We do not limit the traffic; however, excessive data transfer by separate users may negatively affect the quality of our Services. If this is the case, we will contact such a user.

Generalized Statistics of Use

In general, we need the minimal statistics to provide high-quality Services. We may learn that a specific user connects to a specific VPN server on a given day and transfers a specific scope of data. We cannot identify such a user and their specific actions online because they overlap with the actions of thousands of other users of VPN MAX who use the same server on the same day. Our systems are designed in such a way as to strictly destroy any private details. We may only know of the fact that our Services are being used; however, we do not know how exactly they are being used.

App Diagnostics

With your voluntary consent we collect sanitized App Diagnostics, including bug reports, usability diagnostics, and connection diagnostics. This allows us to offer the best connection speed and solve the issues related to specific apps, servers, and ISPs. With your consent we may collect the following details:
- diagnostics of failed connections,
- speed test results,
- app diagnostics (sanitized bug reports and usability diagnostics).
We engage the following Service Providers to processing of these sanitized details depending on the platform that you use on the grounds of non-disclosure agreements and other contractual obligations:
- Windows: Sentry (owned by Functional Software, Inc.)
- Mac: Firebase Crashlytics (owned by Google) and Sentry
- Linux: Sentry
- iOS: Firebase Crashlytics and Apple
- Android: Firebase Crashlytics
- browser extensions: Google Analytics (owned by Google).
In any given case you can learn more about the regulations governing the operations of these Service Providers from their respective documents and policies.
We will ask for your permission to send the App Diagnostics when activating any our App. You can opt out at any time in the settings menu. If you use iOS devices, you can turn off the reports in iOS settings.

Our Protection and Storage of Information Regarding Email Addresses, Chat Messages, and Feedback Forms

We store all the correspondence, requests, and complaints, as well as your feedback sent via the Website or the services, together with our response. Depending on the communication method you select we will store your email address and any other information you provide to us. The correspondence archive allows us to provide the Services of the highest possible quality. Communication is carried out through the use of two independent third-party platforms: Zendesk for emails and support requests, and TeamSupport for live chat. These platforms also retain information regarding correspondence, including your email address, user and device technical data required to solve the reported issue, as well as data on the country your request comes from and the operating system of your device. Both platforms apply cutting edge security measures and protocols along with SSL encryption.

Cookies and Third-Party Analytics

We use several analytics services, including the ones offered by third-party Service Providers, to adjust the user experience and analyze our operations. These services may use cookies, mobile identifiers, and other data to generate reports and collect statistics; however, they do not have access to the Personal Details and identifying information submitted to us. Cookies and other similar technologies are small text files that store information regarding your visit to the Website (the Cookies). They allow websites to remember your actions and settings. We use those to optimize and improve the Website operation. We may change the type of the Cookies used from time to time in the course of the Website update and improvement.

Disabling Cookies

You retain the right to control the Cookies settings. You can change them in the settings panel for your browser. Depending on the browser you use, you may be able to control which Cookies you transmit and which you block, as well as to delete them altogether. For more information, please refer to the “help” section of your browser. If you disable the Cookies, our Website may not work as intended.

VPN MAX Cookies

Our Cookies allow us to optimize your language settings and advertisements displayed to you, as well as your Account settings after you sign in. The Cookies contain user identifiers, but they do not identify specific users by their name or email address, nor do they track your actions outside of VPN MAX domains.

Third-party Cookies

We use third-party services (e.g., Google Analytics and Adwords). They collect data for their statistics reports (e.g., reports on the duration of the Website visits or the number of visits to separate pages). We use Google Ads remarketing to show advertisements on third-party websites to our users. This may include advertisements displayed among the Google search results or on websites that are part of the Google Display Network. The Service Providers, including Google, use Cookies for targeted advertising. All the data collected in such a way are regulated by our Privacy Policy and Google’s privacy policy. You may restrict transmission of Cookies to Google and collection of analytics on the Google’s designated page. You may restrict transmission of third-party Cookies on the designated page of the Network Advertising Initiative.

Device Information

The device information includes the device type, its operating system, the language used, Android or iOS mobile identifiers, etc. We use those to collect statistics regarding how the users learn about us and download our apps. It does not include your name, email address, and other Personal Data.

Disabling or Resetting Mobile Identifiers

You may disable or reset your mobile identifiers at any time. You may find detailed instructions on how to do it on Apple’s page on Advertising & Privacy on iOS devices and Google’s page on Managing your Google Settings on Android devices.

Communication Analytics

We strive to improve our communication with the users continuously. In order to do so we may collect statistics (e.g., reports on emails successfully sent or delayed, as well as the number of times the emails are opened).

Interactions With Third-Party Products

We may place links to third-party resources, apps, products, or services on our Website. We do not control those. Before working with them make sure you are aware of the specific terms of use or service relating to them. Owners of such resources may collect your personal details as they deem fit. We assume no responsibility or liability for the privacy policies or the contents of the third-party resources.

Users in the European Union

We ensure safety and protection of the personal details of users all over the world. We collect the minimal set of information required to provide our Services. We provide our users with full control over their Personal Data. The General Data Protection Regulation (the GDPR) of the European Union (the EU) requires us to outline our practices and obligations in a specific manner for users in the EU. In line with the GDPR, we collect and process the Personal Details specified herein on the following grounds, depending on the circumstances:

1) In order to fulfill our contractual obligations, including:
- provision of the Services the Subscribers request,
- management of subscriptions and processing of payments in connection with our Services,
- provision of technical support to the users.

2) Within the legitimate interest associated with the operation of our business, including:
- improvement of the quality, reliability, and effectiveness of our Services,
- communication of information to the users and receipt of feedback regarding our Services.

3) With the users’ consent that may be withdrawn at any time.

Your Right to Privacy Protection
When using our Services, you have the following rights (subject to certain exceptions or exemptions).
You have the right to access your Personal Details stored by us.
You have the right to request that we correct any Personal Details stored by us if those are inaccurate or incomplete.
You have the right to request that we delete your Personal Details. Please note that if we delete your Personal Details you will no longer be able to use our Services.
You have the right to request that the processing of your Personal Details be restricted, or object to such processing.
You have the right to request and receive your Personal Details in a commonly used format (data portability).
You have the right to withdraw your consent to your Personal Details processing at any moment.
You have the right to file complains or claims with your local data protection supervisory authority.
You can exercise your rights above by contacting us as described in Contact Details Section.
You may authorize another person as your agent to send a request or demand on your behalf. Such an agent may act by virtue of a written appointment signed by you. You shall provide us with a copy of such an appointment. We are entitled to take additional action to identify you and verify your powers so as to ensure your safety and protection.
We handle all the requests in accordance with the applicable laws and as promptly as possible.

Users in California

Under the Shine the Light Act (California Civil Code Section 1798.83), the residents of California may request information regarding personal details disclosure to third parties carried out for direct marketing purposes. We do not disclose any Personal Details to third parties for direct marketing. Nonetheless, California residents may file a relevant request with us as described in Contact Details Section if they wish so. Please note that each user is entitled to one request per year. Individuals to whom the California Consumer Privacy Act (the CCPA) applies have the following rights (subject to certain exceptions or exemptions).
You have the right to know what Personal Details is being collected, how they are stored and used.
You have the right to request that we delete your Personal Details. Please note that if we delete your Personal Details you will no longer be able to use our Services.
You have the right to prohibit the sale of your Personal Details. However, there is no need to exercise this right since we do not sell the Personal Details to third parties.
You have the right not to be discriminated against for exercising any of these or other rights under the CCPA.
You have the right to withdraw your consent to your Personal Details processing at any moment.

Use by Children

Our Services are not intended for the use of children. Therefore, we have no knowledge of any Personal Details of underage persons being collected. The age of majority is determined in accordance with the laws of the jurisdiction of residency and/or use of the Services. If you are an underage person in line with the laws applicable to you, do not provide us with any Personal Details without your parent or a legal guardian involved. For the purpose of the GDPR, we do not intend to offer information society services directly to children. If we learn that your provision of Personal Details to us breaches the applicable laws, we reserve the right to delete such details. If you believe that we might need such information, please contact us as described in Contact Details Section.

Amendments

We reserve the right to amend and supplement this Privacy Policy from time to time. Notification of the users regarding such amendments and supplements is governed by the applicable laws and regulations. You consent to this Privacy Policy by using our Services and/or accessing our Website.

VPN MAX Contact Details

If you have any questions, concerns, or complaints regarding this Privacy Policy, our compliance with the applicable laws, or our processing of your information, or if you wish to exercise your privacy rights, please contact us at the following email address: admin@vpnmax.org. You may also refer any questions regarding this Privacy Policy to our Head of Information Protection Service at admin@vpnmax.org.