·Privacy policy

Privacy policy

1. Introduction

Mogol Limited (hereinafter “we”, “us” or “our”) operates the website www.vpnhouse.net (hereinafter referred to as “Website”) and other applications such as the free and paid version of VPNhouse, including the mobile and desktop applications of VPNhouse (hereinafter “Services”) and is the controller of the information collected or provided via the Services and Website and Processor. By accessing or using our Services and Website, you accept the terms of this Privacy Policy. If you do not agree with any part of this privacy policy or our terms, please do not access or continue to use our Services or Website or otherwise submit your personal data.

We collect, process, and retain personal data to the extent it is necessary to provide users with our service. In the context of this Privacy Policy, the term 'Personal Information' specifically refers to your email address.

This Privacy Policy applies to information we collect:
  • on the Services and Website;
  • in e-mail or other communications between you and the Services and Website;
  • through the desktop and mobile applications of VPNHouse or applications that we recommended you download from the Website, Google Play, or Apple App Store;
  • when you interact with our advertising and Services on third-party websites and services, if those services or advertising include links to this Privacy Policy.

It does not apply to information collected by us offline or through any other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries); or any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from the Services or Website. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, and we are not responsible for their privacy statements, information, or other practices.

2. Warrant Canary

As of December 1, 2022, we have not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court or any other similar court(s) of any government. We have never placed any backdoors in our hardware or software and have not received any requests to do so. No searches or seizures of any kind have ever been performed on our assets.

3. Information We Collect and How Is Your Personal Information Collected

Information Provided by Users Through Direct Interactions

We may collect, use, store, and transfer the following information that users choose to provide to us:
  • Contact Data and Account Information: Email address.
  • Marketing and Communications Data: Your communication preferences and preferences in receiving marketing from us, our third-party affiliates, or partners.

We and our third-party service providers may automatically collect, use, store, and transfer the following information about you or your device as follows:

  • When VPNHouse app is launched, but before you connect to the VPN, we and our third-party service providers collect device-specific information such as unique mobile ID, operating system and platform, browser type and version, and other technology on the devices you use to access the Website or the Services.
  • When you connect to the VPNHouse VPN, we collect your internet protocol (IP) address, which we pseudonymize, immediately encrypt it, and store it only for the duration of your VPN session. Your IP address is deleted after you disconnect from the VPN without storing or logging it. We do not associate your IP address with your online activities, and we do not store or log your IP address with your online activities.
  • Usage Data includes non-personally identifiable aggregated information about how you use our Services and Website. We do not attribute any specific website visits or app usage to any specific user. We do not keep logs of your online activities and will never associate any domains, websites, or applications that you use with you, your device, or your email.
  • Aggregated Data: We may also collect, use, and share your data to produce and share aggregated data that do not identify you and therefore not considered as Personal Information. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Services feature, to generate statistics about our users, or to calculate ad impressions clicked on.

Personal Information Automatically Collected from Users Through Automatic Data Collection Technologies or Interactions

As you navigate through the Website, we and our third-party service providers may use automatic data collection technologies to gather certain information about your equipment. This includes details such as your device information (including device and application IDs), unique mobile ID, advertising ID, operating system and platform, browser type and version, internet service providers, mobile network names, and cookie information. Such information is used only to improve the Website, provide troubleshoot and perform analytics.

We may use or engage others to use cookies, web beacons, clear gifs, and similar technologies to understand how users access and use our Website. In general, you can browse our Website without telling us who you are or submitting any Personal Information.

Browser Cookies

We do not use cookies on our Website.

Disabling Cookies

The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, be notified when you receive a new cookie, or to disable cookies. Website visitors who disable their browsers' ability to accept cookies will be able to browse the Website, but certain Website features will not function.

Analytics

We use third-party analytics and advertising tools, in particular Google Analytics and Facebook Pixel. Google Analytics is provided by Google, Inc., USA ("Google"). These tools and technologies may collect and analyze certain types of information, including IP addresses, device and software identifiers, onsite behaviour and usage information, feature use metrics and statistics, usage and purchase history, media access control address (MAC Address), and other similar information through the use of technologies such as cookies or pixels. The information generated by Google Analytics about your use of the Website or Services may be transmitted to and stored by Google (for Google Analytics and Firebase) on servers in the United States. Because we activated IP anonymization for Google Analytics, Google will anonymize the last octet of a particular IP address. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. Facebook will use this information for the purpose of evaluating your use of the Services, compiling reports on Services activity and managing advertising content.

4. Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Services are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. Unless expressly stated otherwise, our Services do not provide any Personal Information to these third parties, however, the information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

5. Legal Basis for Processing Personal Information

We will only use your Personal Information when applicable local law allows us to. We may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using it. Generally, we do not rely on consent as a legal basis for processing your Personal Information other than in relation to sending third party direct marketing communications to you via email or other communication method. We do not sell or rent Personal Information to others, we do not log your browsing data, and we delete your IP address when you disconnect from VPNHouse service.

In general, we use information that we collect about you or that you provide to us through our Services and Website, including Personal Information, to:
  • Create new accounts, identify and communicate with current subscribers.
  • Offer troubleshooting, customer support, and notices to registered users about their accounts, including expiration and renewal notices, notices about changes to our Services, Website, changes to our Terms and Conditions and policies, or any products or services we offer or provide through them.
  • Verify your identity when you login to the Services.
  • Administer, maintain, and improve our Services.
  • Present our Services and their contents to you, including any interactive features on the Services, and to provide you with information, products, or services that you request from us.
  • Perform research and analysis about your use of, or interest in, our Services and Website content, products, or services, in order to develop and display content and advertising tailored to your interests on our Website and other sites.
  • Communicate with you and send you promotional information that may interest you about products, services, and offers made available by us, our affiliates, or our marketing partners if you have consented to receive such information from us.
  • Analyse usage and trends on our Services and to better understand how users use the Services.
  • Diagnose or fix technology problems, and detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement.
  • Enforce our terms and conditions and to comply with legal and regulatory obligations.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • In any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this privacy policy.
  • Service Providers. With third party service providers who provide services on our behalf such as processing payments (Srtipe, Google Play and Apple App Store). Our service providers receive only the information necessary to perform their designated functions, and are not permitted to use or disclose this information or your Personal Information for their own marketing or other purposes;
  • Aggregate, Anonymous or De-Identified Information. Sharing aggregate or non- personally identifiable information with non-affiliated third parties for advertising, marketing or research purposes. We do not store or share your personal information with any third parties for their own marketing, advertising or research purposes.

6. Security Measures We Have In Place

VPNHouse is committed to maintaining the utmost confidentiality and security of the personal data entrusted to its care. This Data Security Policy outlines the comprehensive measures implemented by our dedicated IT security team to protect against accidental or unlawful destruction, unauthorized access, alteration, or any other forms of illicit processing. Regular updates to the infrastructure and routine vulnerability scans are conducted to identify and address potential weaknesses promptly.

Our servers undergo rigorous hardening processes, managed through automated configuration tools. To maintain a secure working environment, all workstations are centrally managed using an endpoint management tool. Encryption protocols, adhering to the latest security standards, are employed to secure data both at rest and in transit. VPNHouse adheres to industry-leading information security and data processing policies. We conduct external audits to ensure that our policies align with the current best practices in the industry. VPNHouse fosters a culture of continuous development in security and data protection awareness among its personnel through regular training sessions and awareness activities. Access to databases containing personal data is strictly granted on a need-to-know basis.

In the event of detecting any suspicious activity, VPNHouse is committed to promptly notifying affected parties and providing guidance on steps to enhance protection. However, it is important to acknowledge that, despite these measures, no absolute security of internet communications can be guaranteed, as no technology is entirely invulnerable. By utilizing the services offered by VPNHouse, users expressly acknowledge that the security of personal data is a shared responsibility. Any information provided to or received by VPNHouse through its services is done at the user's own responsibility. Should users have any reason to believe that their interaction with VPNHouse is no longer secure, it is imperative to promptly notify VPNHouse at [email protected]. This Data Security Policy underscores VPNHouse's commitment to maintaining the highest standards of data protection. Users are encouraged to review this policy periodically to stay informed about the security measures implemented by VPNHouse.

7. Disclosure of Your Personal Information

We do not disclose your Personal Information except in the limited circumstances described here:
  • Members of Corporate Group: To members of our corporate group (that is, entities that control, are controlled by, or are under common control with us) who operate services that help us with customer management, customization of content, advertising, analytics, verifications, functionality, and security, and compliance.
  • Service Providers: To our authorized service providers that perform services on our behalf such as payment processing. Our service providers receive only the information necessary to perform their designated functions and are not permitted to use or disclose this information or your Personal Information for their marketing or other purposes.
  • Legal Successors: To a buyer or successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Services and Website users is among the assets transferred. Should such sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your Personal Information uses it in a manner that is consistent with this privacy policy.
We may access, preserve, and share your Personal Information with regulators, law enforcement, or others when we reasonably believe such disclosure is necessary to:
  • Satisfy any applicable law, regulation, legal process, or governmental request.
  • Enforce applicable terms of use, including investigation of potential violations thereof.
  • Detect, prevent, or otherwise address illegal or suspected illegal activities, security or technical issues.
  • Protect against harm to the rights, property, or safety of our company, our users, our employees, or others.
  • Maintain and protect the security and integrity of our Services, Website, or infrastructure.

In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.

We may disclose aggregated information about our users, and information that does not identify any individual. We may share aggregated information with third parties for conducting general business analysis. This information does not contain any Personal Information and may be used to develop content and services that we hope our users will find of interest.

8. International Users And Transfers of Your Personal Information to Other Countries

Our servers are based in multiple countries around the world, so your Personal Information will be processed by server providers worldwide. Data protection laws vary across different countries. Whenever in the course of sharing information we transfer Personal Information to countries outside of the European Economic Area and other regions with comprehensive data protection laws, we will ensure that the information is transferred in accordance with this privacy policy and as permitted by applicable laws on data protection.

By using the Services, you consent to the transfer of information, including Personal Information, to any country, including the United States or countries in Europe, in accordance with GDPR legislation.

9. Retention of Personal Information

We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal requirements. The retention period that is necessary for compliance and legal enforcement purposes varies and depends on the nature of our legal obligations and claims in the individual case.

Where we no longer need to process your Personal Information for the purposes set out in this Privacy Policy, we will delete your Personal Information. If allowed, we will delete your Personal Information upon your request.

10. Choices about How we Collect, Use and Disclose Your Personal Information

We strive to provide you with choices regarding the Personal Information you provide to us.

  • You can choose not to provide us with certain Personal Information, but that may result in you being unable to use our Services or certain features of them because such information may be required to register as a member (email is required to create a VPNHouse account), purchase products or services, contact us (email is required when contacting customer support), or initiate other transactions on our Services.
  • You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Disabling or refusing cookies may make some parts of the Website inaccessible or non-functional. You may opt-out of Google Analytics by visiting the Google advertising opt-out page or by downloading and installing the browser plug-in available at Google Analytics opt-out page.
  • You may delete your account with us at any time. If you delete your account, your Personal Information and all account-related information will no longer be accessible by you and will not be saved. After deleting your account, if you choose to have an account with us in the future, you will have to sign up for a new account.

11. Your Rights Related to Your Personal Information

Subject to local law, you have certain rights regarding the Personal Information we collect, use, or disclose, including the right:
  • to receive information on the Personal Information concerning we hold about you and how such Personal Information is used (right to access);
  • to rectify inaccurate Personal Information concerning you (right to data rectification);
  • to erase your Personal Information (right to erasure, “right to be forgotten”);
  • to receive the Personal Information provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Information to another data controller (right to data portability);
  • to object to the use of your Personal Information where such use is based on our legitimate interests or on public interests (right to object); and
  • in some cases, to restrict our use of your Personal Information (right to restriction of processing).

If we ask for your consent to use your Personal Information, you can withdraw your consent at any time. In case of a withdrawal of your consent you may no longer able to use several functionalities of our Services. You may send us an e-mail at [email protected] to exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the European Economic Area, you have a right to lodge a complaint with your local data protection authority.

Some requests to delete certain Personal Information will require the deletion of your user account as the provision of user accounts are inextricable linked to the use of certain Personal Information (e.g. e-mail address). It is possible that we require additional information from you in order to verify your authorization to make the request and to honor your request.

12. Use of Services by Minors

VPNHouse does not provide its services for use by children, and as such, we do not knowingly collect Personal Data from individuals under the age of eighteen (18) or under the age of majority in the jurisdiction of residency or the jurisdiction from which the services are utilized. If you are under the age of eighteen (18) or under the age of majority in your jurisdiction, do not provide any Personal Data to us without the involvement of a parent or legal guardian.

In accordance with the General Data Protection Regulation (GDPR), we have no intention of offering information society services directly to children. If it comes to our attention that you have provided Personal Data in violation of applicable privacy laws, we will immediately delete such information. If you believe that we may have such information, please contact us at [email protected].

13. Changes to this Policy

We are committed to keeping you informed of changes to our privacy policy to ensure transparency and clarity regarding how your information is handled. We will take the following steps to notify you about updates to this policy:

1. Direct Communication

Whenever we make material changes to this privacy policy, we will send you a direct communication. This communication may be in the form of an email to the address associated with your account or through an in-app notification. We will provide a concise summary of the changes and their implications for your data privacy.

2. Notification Period

We will provide you with a notification period before the changes take effect. This period will give you sufficient time to review the revised policy and decide whether you continue to use our services. During this period, you can choose to withdraw your consent if you are not comfortable with the changes.

3. Prominent Announcement

We will prominently display a notice on our website and within our application to alert users to the upcoming changes. This notice will include a link to the updated privacy policy for your reference.

4. Effective Date

The effective date of the updated privacy policy will be clearly stated at the beginning of the document. This will help you understand when the new policy comes into effect and how it applies to your use of our services.

Please note that minor clarifications and improvements to the policy may occur from time to time, and we may not notify you individually about such changes. However, we will always ensure that the latest version of the privacy policy is readily accessible on our website.

We understand the importance of your data privacy, and we want to ensure that you are well-informed about any changes that may affect you. If you have any questions or concerns about the updated privacy policy, please don't hesitate to contact our support team using the contact information provided in the "Contact Information" section of this document.

By providing clear and proactive notifications about policy changes, we aim to maintain a transparent and trustworthy relationship with our users.

14. Enforcement & Cooperation

We regularly review our compliance with this privacy policy. Please feel free to direct any questions or concerns regarding this privacy policy or our treatment of Personal Information by contacting us through feedback forms on the Website or via email [email protected]. If we receive a formal written complaint, our policy is to contact the party lodging the complaint. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the collection, use, and disclosure of Personal Information that cannot be resolved by an individual and us.

15. No Rights of Third Parties

This privacy policy does not establish rights that can be enforced by third parties, nor does it necessitate the disclosure of any Personal Information pertaining to users of the Services.

16. No Error-Free Performance

We do not guarantee error-free performance under this privacy policy. We will use reasonable efforts to comply with this privacy policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be held responsible for any incidental, consequential, or punitive damages relating to this privacy policy. The laws of Cyprus shall, to the extent applicable, govern this privacy policy.

17. California Consumer Privacy Act Notice

As of January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) provides California residents (“Consumers”) certain rights with respect to their personal information, as this term is defined under the CCPA. In addition to the rights, we state under this policy and subject to the exceptions found under the CCPA, Consumers have the right to:
  • Opt-out of the sale of their personal information if we were to sell their personal information.
  • Be informed of certain information concerning our collection and use of their personal information.
  • Request that we delete certain personal information we collected from them.
  • Appoint an agent to exercise their rights provided for by the CCPA, provided that a duly executed notarized power of attorney is presented and provided that the agent has information deemed sufficient to allow us to verify the identity of the Consumer in question and to locate his/her information in our systems.
  • Not be subjected to discrimination for the exercise of these rights. We will not deny California residents the use of our service, neither will we provide a different level or quality of services for exercising any of their CCPA rights unless as permitted under the CCPA.

This Service and Website neither sell nor have sold personal information to third parties for monetary or other valuable considerations in the past 12 months. We may, however, disclose certain personal information with third parties, service providers, and entities within our corporate group to enable them to perform certain services on our behalf and namely to make the Service and Website work properly. Regardless, we respect California residents’ right to exclude personal information from such sharing arrangements and to thereby opt-out of any future sale of their personal information.

18. Users in the European Union

VPNHouse is dedicated to global user privacy, and our current practices demonstrate this commitment by collecting Personal Information in a manner that allows users to have control over their Personal Information. The General Data Protection Regulation (“GDPR”) of the European Union (“EU”) requires us to outline those practices in a specific manner for users in the EU.

Aligned with the GDPR, we collect and process the Personal Data as outlined in this Privacy Policy on one of the following bases, depending on the circumstances:
  • For the purposes of fulfilling our contractual obligations, including:
    • Providing Subscribers with the Services they have requested.
    • Managing subscriptions in connection with our Services.
    • Providing customer support.
  • For a legitimate interest associated with the operation of our business, including:
    • Enhancing the quality, reliability, and effectiveness of our Services.
    • Communicating with customers to provide information and seek feedback related to our Services.
  • With the consent of users, which users can withdraw at any time.
In using our Services, you have the following privacy rights (subject to certain exceptions or exemptions):
  • You have a right to access personal data held about you.
  • You have the right to request that we rectify any personal data we hold that is inaccurate or incomplete.
  • You have the right to request the deletion of your personal data. Please note that such deletion may result in us no longer being able to provide you with our Services.
  • You have the right to request restriction of or object to the processing of your personal data.
  • You have the right to request and receive your personal data in a commonly used format (data portability).
  • You have the right to withdraw your consent on which processing is based at any time.
  • You have the right to complain to your local data protection supervisory authority.
  • You can exercise your rights above by contacting us at [email protected].

You may have a third party submit a request on your behalf as an authorized agent. To confirm that the authorized agent is entitled to submit a request on your behalf, they must have written authorization signed by you, and you must provide us with a copy of the signed authorization. To ensure your privacy and security, we may take further steps to verify your identity.

We will address any requests in accordance with applicable laws and to the best of our ability in a timely manner.

19. Contact Information

If you have any questions about this privacy policy or our information-handling practices, please contact us at [email protected].