Last Updated: June 2024
At OVPN Integritet AB (“OVPN”, “we”, “our”, or “us”), your privacy is of the utmost importance. In 2023, OVPN was acquired by the Pango Group (“Pango”). You can learn more about Pango at www.pangoholdingcompany.com
Thank you for taking the time to read our privacy policy (the “Privacy Policy”). This Privacy Policy sets out how we collect, use, process, store, and disclose your personal data on https://www.ovpn.com (the “Website”), the OVPN app (the “App”), and use the OVPN products, namely, the OVPN VPN service (the Website, App, and OVPN VPN services together, the “Services”). We also set out certain changes being implemented in conjunction with OVPN’s acquisition by Pango. By accessing and using our Services after the advance notice and posting of this privacy policy, you freely and expressly consent to the collection, use, processing, storage, and disclosure of your personal data as set out in this Privacy Policy.
For ease of reference, in this product privacy notice we use the term “VPN browsing activity” to refer to online activities you conduct via VPN connections initiated with our VPN products. This includes what you are browsing, viewing, or doing online via the VPN connection.
Key Assurances
OVPN does not record your VPN browsing activities in any way that can be associated back to you, and this policy is not changing as a result of the Pango acquisition. When you use a VPN connection, we do not store any information that identifies what you browse, view, or do online via that VPN connection. The exception is when you choose to communicate with us (such as via chat or email) over a VPN connection and have chosen to identify yourself to us.
Table of Contents
1. When We Collect Information
2. Types Of Information We Do and Don’t Collect
3. How We Use Your Personal Data
4. How We Disclose Your Personal Data
5. Your Privacy Choices
6. Use of Pixel Tags and Cookies
7. Security
8. Retention
9. U.S. State-Specific Disclosure
10. UK/EEA Residents’ Notice
11. Children’s Privacy
12. Third-Party Links On Our Website
13. Changes To This Privacy Policy
14. Contact Us
1. When We Collect Information
We may collect personal data that you provide when you:
2. Types Of Information We Do and Don’t Collect
Information we DO NOT collect
Our VPN products do not log or otherwise record IP addresses, device identifiers, or any other form of identifier in combination with your VPN browsing activity. Simply put, this means that our VPN products do not store any information about what any specific user browsed or accessed through a VPN connection.
When connecting with Wireguard, we collect your IP address and store it in temporary memory until the end of your VPN session at which point it will be deleted. We assure you that the IP address will never be associated with your VPN browsing activity. This means that we are not able to share your VPN browsing activity with anyone – whether it is an ad network or government agency – because we simply do not store that information.
When you access a site through an OVPN connection, your IP address appears to that site as the IP address assigned by the VPN servers (what we call a “public-facing” IP address). Those public-facing IP addresses are used by multiple users and we do not record the actual IP addresses of users who use those public-facing IP addresses. As a result, we are not able to connect activity originating from a public-facing IP address to activity conducted by any individual user.
Information we DO collect
When you register for an account, we collect:
3. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
How We Use IP Addresses
As written above, we do not log or otherwise record IP addresses in connection with your VPN browsing activity. In the interest of transparency, we do collect and use IP addresses in these other contexts:
4. How We Disclose Your Personal Data
We may disclose your personal information with your express consent, such as if we introduce a partnership or co-marketing opportunity to you. We may also share your personal data under the following circumstances;
In addition, we may share your personal data, in order to:
As part of a business transition.
We may share aggregate or anonymous information for any purpose. This means that the information we share does not identify specific individuals, or is combined with other data to protect your privacy.
5. Your Privacy Choices
You have the right to exercise the following choices with our use of your personal data:
You can exercise these rights by contacting us at privacy@OVPN.com.
6. Use of Pixel Tags and Cookies
Like many companies, we use cookies and similar technologies such as pixel tags (aka; clear gifs, web beacons) (collectively, “Cookies”). As noted, cookies or other tracking technologies are not utilized as part of our VPN services. You can learn about our use of cookies in our Cookie Policy.
7. Security
OVPN employs a range of administrative, organizational, technical, and physical safeguards designed to protect your data against unauthorized access, loss, or modification. Access to your Account Information and Services Information is restricted to our employees who require such access to perform their job functions. While our controls are strong, no data security measures can guarantee 100% protection.
For our VPN services, our network providers do not require us to collect or share any information about what our users are doing via a VPN connection through their networks. Our VPN servers are monitored using a state-of-art intrusion detection system backed by a 24x7 security operations center.
8. Retention
We will retain your account and payment information for as long as your account or inquiry is active or as needed to provide you with the Services, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. As previously mentioned, no information about what our users do when connected to our VPN services is stored beyond a session. Even if we delete some or all of your personal data, we may continue to retain and use aggregate or anonymous data previously collected and/or anonymize or aggregate your personal data.
9. U.S. State-Specific Disclosure
Some U.S. states have enacted comprehensive privacy laws that require businesses to offer an opt out of the “sale” or “share” of your personal data for targeted advertising. We do not sell or share your personal data for targeted advertising purposes.
10. UK/EEA Residents’ Notice
Residents of the United Kingdom (“UK”) and European Economic Area (“EEA”) are provided certain privacy rights under the UK and EU General Data Protection Regulations (“GDPR”).
Legal Basis
Under the GDPR, we process ‘Personal Data’ (as defined in the GDPR) under the following legal basis.
Processing Activity | Legal Basis under GDPR |
---|---|
Use of our VPN services | Contract fulfillment |
Placement of cookies through our Website | Consent |
Implementing our customer support tools | Contract fulfillment |
Improving our Website and Services | Legitimate Interest |
Product, Marketing, or Service-Related Communications | Legitimate Interest |
Controller Designation
Under the GDPR, we are designated as a ‘Controller.’
Cross-Border Data Transfers
Our account and VPN services are currently operated in the EU, but we reserve the right to transfer account-related information to servers in the United States or another location of our choosing. If you are a resident of the EEA, UK, or Switzerland, we may transfer to, and store the data we collect about you, to countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, UK, and Switzerland. We rely on Standard Contractual Clauses (“SCCs”) for the transfer of personal data to countries that have not received an applicable adequacy decision, as well as the UK’s ‘International Data Transfer Addendum’ to the SCCs.
For more information on cross-border transfers of your Personal Data or the appropriate safeguards in place, please contact us at privacy@OVPN.com.
Data Protection Officer
We have appointed a Data Privacy Director to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, or would like to request access to your Personal Data, please contact our Data Protection Officer at DPO.pango@twobirds.com.
Additional Rights for UK or European Economic Area Residents
In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
11. Children’s Privacy
We do not intentionally collect any personal data from children under the age of 16. If you are under the age of 16, please ask a parent or guardian for help in using our Website or Services. If you believe we have obtained personal data associated with children under the age of 16, please contact us at privacy@OVPN.com and we will delete it.
12. Third-Party Links On Our Website
Our Services may contain links to other websites or services. We do not exercise control over the information you provide, or is collected by these third party websites. We encourage you to read the privacy policies or statements of the other websites you visit.
13. Changes To This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy on this page with a “Last Updated” effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.
14. Contact Us
If you have any questions about our privacy or security practices, or if you would like to request access to or correction of your personal data, you can contact us by email at privacy@OVPN.com or at:
Intersections, LLC
250 Northern Ave., 3rd Floor
Boston, MA 02210