PureVPN’s Privacy Policy

PureVPN is available as a mobile, TV and web-based application. The mobile app, including Android TV app and Apple TV app can be downloaded from the Google “Play Store” and Apple “App Store”, respectively (hereinafter collectively referred to as the “App”). The web-based version and proxy browser extensions (hereinafter referred as the “Web-App”) are available via recommended web browsers such as Google Chrome, Brave, Mozilla Firefox for Windows, Mac and Linux devices. All of our applications, mobile, TV and Web-Apps are designed to protect your online privacy and security.

In order to use our App and Web app, you need to create a user account. This account serves as your identity with PureVPN and is required to access our services. When you sign up with PureVPN, we will ask for the following information:

• Name.

• Email address.

• Password.

• Payment method.

This information is collected and stored to provide and improve our services to you (“stored data”). No other information is collected or stored at signup.

Additionally, we also collect the following information for customer support during service usage:

• Day of connection (Date) – We do NOT track or store the time you connected to our services.

• ISP Tracking (ISP Name and Routes) – We do NOT track or store your personal IP or exact location.

• Connection time – We do NOT track or store the specific times you connected to our server.

• Usage and Activity logs – We do NOT monitor or store any activity log for any user.

For app and service improvements, we collect the following information:

• Software analytics and statistics.

• Data from emails, live chats, and feedback forms.

None of the data listed above can be used to identify or track users.

We do NOT store any logs that can identify or help in monitoring your activity. We do this to ensure PureVPN has no information to share even if we are forced to. None of the following records are stored by PureVPN.

• Browsing activity.

• Identifiable connection logs.

• Records of IPs assigned.

• A customer’s original IP.

• Connection timestamps.

• Browsing history.

• Sites visited.

• Outgoing traffic.

• Content or data accessed.

• DNS queries generated by the user.

You are invisible – even we can’t see what you do online

NOTE: In case you have enabled the Tracker and Ad Blocker feature we will be able to view the domains during the connection period.

Our systems, processes, and servers are designed not to store any of the above-mentioned user information. We do this by design to ensure no data can be stored.

The information we collect enables us to provide our services to you. We process the information for the following:

• To provide, operate, and maintain our services.

• To improve, personalize and expand our services.

• To analyze and improve user experience.

• To communicate with you, either directly or through one of our partners. We communicate with our users for user service, providing updates and other information related to the services, and for marketing and promotional purposes.

• To process your transactions.

• To improve our contract management.

• To enforce our Terms of Service or other legal rights.

Our VPN connection logs DO NOT collect:

• Your origin IP

• Your VPN IP

• The specific time a user connected to our server

• Any activity conducted when connected to our servers

Read more about our no-log audits here https://www.purevpn.com/no-log-vpn .

NOTE: In the case of a Dedicated IP add-on purchase, a fixed and dedicated VPN IP is assigned to the user which remains in our records for 25 days after a subscription ends.

NOTE: For the Extended WireGuard Duration add-on (manually configured), a fixed VPN IP is assigned to the user. This IP remains in our records for 24 hours after the subscription ends or after the associated key is removed due to inactivity or disconnection.

NOTE: Our Tracker and Ad Blocker feature helps protect your privacy by blocking unwanted online trackers and advertisements. To improve this feature and enhance your browsing experience, we temporarily record the names of the trackers and ads that are blocked and how often they are blocked. This information is stored for a minimum period only in system memory and then automatically deleted. We do not collect or retain any personal information about you. The Tracker and Ad Blocker is an optional feature, you can enable or disable it at any time, according to your preferences.

Bandwidth use and consumption

All PureVPN subscribers get access to unlimited bandwidth on all VPN locations, except the Residential Network (add-on) which offers limited bandwidth. We keep track of the total bandwidth consumed by a user to make sure everybody is getting the highest speeds and the best possible experience from our product.

PureVPN reserves the right to contact users about bandwidth irregularities and service disruption for other users resulting from these irregularities.

Software analytics and statistics

PureVPN collects minimal connection statistics and reports. None of these include identifiable data or behavior, such as web traffic details, IP addresses and DNS requests.

This collection is done strictly to ensure the best possible service and customer support is delivered to our customers.

PureVPN conducts VPN diagnostics and monitors crash reports to:

• Better understand the functionality of our software.

• See how often the PureVPN app and Web App is used.

• Understand events occurring within the app.

• See aggregated usage.

• Track performance data.

• Track failed connection attempts.

We use a number of tools in our client software for the reporting mentioned above. These tools are:

• Google Analytics – Please visit Google’s Terms here.

• iTunes – Please visit the Privacy Policy here.

• Firebase – Please visit the Privacy Policy here.

• New Relic – Please visit the Privacy Policy here.

• MixPanel – Please visit the Privacy Policy here.

• Facebook Pixel – Please visit Facebook’s Privacy Policy here. You can stop the use of your data for the purpose of displaying Facebook ads by clicking here.

• Intercom.io – Please visit the Privacy Policy here.

• Sentry – Please visit the Privacy Policy here.

We regularly update our App and Web-App to enhance and ensure the quality of our Services. These updates aim to improve functionality, enhance security, and ensure that our offerings continue to meet the needs of our customers effectively. It is the responsibility of our customers to keep their apps updated at all times to ensure compatibility with our terms and conditions*.

*Users are notified about upgrades whenever possible.

We would like to notify our Users that there are times when we force update our App and Web-App to the latest version to ensure that our users get the best experience.

Data from emails, live chats, and feedback forms

Other than users’ data, it is important for PureVPN to keep a record of all user correspondence to ensure smooth service delivery and superior customer service. We keep a record of all correspondence, be it questions, complaints or compliments submitted via our App and Web App.

PureVPN uses multiple third-party platforms for customer support and correspondence:

• Zendesk: for support tickets (read their privacy policy here).

• Intercom: for customer support via chat (read their privacy policy here).

• Mailchimp: for emails (read their privacy policy here).

• SendGrid: for emails (read their privacy policy here).

• UseInsider: for emails and Push Notifications (read their privacy policy here).

• MixPanel: to maintain relations with our users (read their privacy policy here).

The customer’s name and email address are stored with the third-party platform when they correspond with PureVPN while using any of these services. For detailed information on how these third parties handle your data, refer to the privacy policies linked above.

Our Dark Web Monitoring feature, available through subscription on our PureVPN Apps and Web App, is designed to enhance your online safety and privacy.

Upon subscribing to PureVPN, this feature will automatically fetch your email address and scan the dark web for any data breaches involving it. Additionally, you may choose to provide other information, such as your phone number, credit card number (without the CVV code), Social Security number, national identity number, and passport number to be scanned on the dark web.

This feature is available for Standard and Plus Plan subscribers with limited functionality, where they can add an email address and only view the number of breaches found against their information. However, the Max Plan subscribers can view all the breach details, add other monitoring assets like phone number, credit card number, SSN/National Identity number, and passport number, and also get recommendations from us. Users who don’t want to use this feature may opt out any time by disabling auto-monitoring from the settings.

We share the monitoring assets provided by you with SpyCloud, which include email address, phone number, credit card, passport number or Social Security/National identity number unless you have opted out, along with any information you choose to monitor (stated above), with our trusted service provider SpyCloud (“Trusted Third Party”). SpyCloud compares this information against its breach databases to detect any compromised data. We encourage users to review the SpyCloud Privacy Policy https://spycloud.com/legal/privacy-policy/ to understand how your data is handled.

As part of our Dark Web Monitoring Services, we use Twilio, a third-party service provider, to send SMS messages for phone number verification to ensure the security and authenticity of your account. Your phone number is shared with Twilio solely for this purpose and is processed in accordance with Twilio’s Privacy Policy. Twilio employs industry-standard security measures to protect your data, which is retained only as necessary for verification and in compliance with applicable laws. If you choose not to provide your phone number, you may opt out of using the Dark Web Monitoring Service.

It is important to note that we have implemented a One-time Password (OTP) authentication mechanism whereby the user will be sent an OTP on their phone or their email addresses to prove their identity prior to viewing their breached personal data. This authentication procedure provides an added layer of security for using our Dark Web monitoring feature.

Your email address and any other information shared for the purpose of this feature are only used for breach detection and are not stored or used for any other purpose by the Trusted Third Party. If any compromised data is detected, you will be promptly notified, allowing you to take swift action to protect your information. All data processed for this feature is wiped from their systems once you disable the service. By subscribing to PureVPN and opting into this feature, you consent to this process and confirm your understanding of our privacy policy.

Personal data breaches

• Details of personal data breaches are provided to our subscribers upon successful verification, to ensure that the particular subscriber exercises control, ownership and authorization to view, modify and take necessary action upon the breached data being revealed to the particular subscriber of Max Plan. Personal data that can be attributed or be used for creating a digital profile is not available or returned in the public search results through this feature either on our App or Web App.

Directions for our users

• By using this feature and by subscribing to this feature our users agree that they shall not share the information or reports received with any other third parties. This feature is intended to be used by our customers only.

• Users are solely responsible for any data they provide to PureVPN for the Dark Web Monitoring service. If any data provided to PureVPN for the verification and search of breach data, such as an email address, phone number, credit card, Social Security number, national identity number, passport number, is wrongfully submitted and does not belong to the user, PureVPN will not be held liable for such misuse. The user shall bear full responsibility for any consequences arising from providing intentionally false or unauthorized information.

How do we collect, hold, and use personal information for Dark Web Monitoring?

• We collect personal information from individuals directly, who subscribe to our services.

Use of this Information

• We use the personal information we collect solely for the purpose of delivering our services. Whenever new breach data is detected, our system checks the subscriber data to determine if any of the subscriber’s information appears in the breach data. If so, we send a notification via email or through our app or web app. These notifications are only sent to subscribers who have completed a ‘double opt-in’ process, which requires you to enter your email address at the time of account creation and confirm your subscription to receive alerts.

Dark Web-Storage

• To allow us to monitor your data on the dark web you can choose to provide any of the following information; email address, phone number, credit card number, Social Security number, national identity number and passport number. We do not store any of this information in its textual form. Instead, this information is encrypted and we store the encrypted version to protect and secure our users’ information. We only share the necessary data with our Trusted Third Party, who then provides us with information on any compromised data related to our users. It should be noted that our Trusted Third Party does not store this information.

Disclaimer

• The Dark Web Monitoring service is provided on an “as is” and “as available” basis. PureVPN makes no representations or warranties of any kind, express or implied, regarding the accuracy, reliability, or completeness of the data breach results or any other aspect of the service. PureVPN and its partners, including SpyCloud, do not guarantee that the Dark Web Monitoring service will detect all potential security breaches or threats related to the information you provide for monitoring.

• GZ System Ltd, PureVPN expressly disclaims any liability for any direct, indirect, incidental, or consequential damages that may result from the use of the Dark Web Monitoring service, including but not limited to loss of data, financial loss, or damage to reputation, except in cases of gross negligence or willful misconduct.

Indemnification

• By using the Dark Web Monitoring service, you agree to indemnify, defend, and hold harmless PureVPN, GZ Systems Ltd, its affiliates, officers, directors, employees, agents, and partners from and against any and all claims, liabilities, damages, losses, costs, or expenses (including reasonable attorney fees and legal costs) arising from or related to:

• Your misuse of the Dark Web Monitoring service;

• Your intentional submission of inaccurate, misleading, or false information (including data that does not belong to you);

• Any breach of this Privacy Policy or the Terms of Use by you;

• Any unauthorized use of data or personal information that you provide for monitoring through this service.

Our systems are spread across the globe, which means the stored data is traveling through servers in multiple locations which might or might not be in the customer’s country of residence. While we rely on some third-party service providers to deliver our services, we make sure that the stored data is protected during this process. PureVPN has strict data processing agreements in place with all service providers to safeguard data. For transfer of personal data from the European Economic Area (EEA) to third countries we rely on Standard Contractual Clauses.

It is important for users to understand that their stored data will be transferred and/or processed when required, as it is an integral part to maintain excellence in our services and live up to our Terms of Service.

With the exception to the stored data mentioned in Section 3. What Information We Collect, PureVPN neither stores any user data nor sells or rents it out to any third party. Hence, no such information is kept with us. The only information mentioned in Section 3 What Information We Collect is stored to provide the products and services required by users which is kept safe without sharing or selling it to any third party.

Security measures to protect your information

• All stored data is secured with strong cryptographic algorithms and other security measures wherever required. PureVPN takes appropriate measures for the protection of all customer information against any unauthorized access, alteration, destruction and disclosure of data. Access to personal customer information by PureVPN employees, contractors and agents is restricted.

• It is important for all users to understand that despite the strictest precautionary and cybersecurity measures that have been deployed following the international best practices and standards for information security architecture. Information systems are susceptible to breach and taken, no system cannot be declared 100%, protected or secure.

• In the event of a data breach, we will notify you and the relevant supervisory authority within 72 hours, as required by the GDPR, if the breach is likely to result in a high risk to your rights and freedoms.

• For users in California, in compliance with the CCPA, you will be notified if your unencrypted personal information is accessed by an unauthorized party.

Retention of Information

• PureVPN may retain your information including your name and email address as required or permitted by applicable laws and regulations, including to honor your choices, for our records purposes and to fulfill the purposes described in this privacy policy, specifically, we retain information for our legitimate interests and essential business purposes, such as operation, maintaining and improving our services; complying with our legal obligations; providing you services on the App and Web app and exercising our legal rights and remedies, including enforcing our terms of use. We retain this data until you remain our subscriber and actively use our App and Web App.

Rights as Data Subjects:

• Depending on your location, you have certain rights under GDPR for European residents, and CCPA for residents of California.

For users in the European Union (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

• Right to Access: You can request access to the personal data we hold about you at any time.

• Right to Rectification: You can correct any inaccurate or incomplete personal data that we may have.

• Right to Erasure: You may request the deletion of your personal data when it is no longer needed for the purposes for which it was collected.

• Right to Restrict Processing: You may ask us to restrict the processing of your personal data.

• Right to Object: You may object to the processing of your personal data for direct marketing purposes.

• Right to Withdraw Consent: You have the right to withdraw your consent for data processing at any time.

To exercise your rights under GDPR, please contact us at support@purevpn.com. We will respond to your request within 30 days. Your email address will be kept and used to avoid account duplication and creation of fake accounts in your name. Your email address will be deleted only after we receive an explicit request from you to do so.

For Users in the United States (CCPA)

If you are a resident of California or U.S, you have the following data protection rights:

• Right to Know: You have the right to know the categories and specific pieces of personal information we collect, how we use it, and whether we share or sell it.

• Right to Delete: You can request the deletion of your personal information that we hold, subject to exceptions under the CCPA.

• Right to Opt-Out of Sale: PureVPN does not sell personal information, but if this changes, you will have the right to opt out of the sale of your data.

• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights, including being denied services or offered different pricing.

To exercise these rights, you may contact us at [support@purevpn.com]. We will verify your identity and respond within the timeframe required by CCPA.

For Users in Other Regions (Including Asia, Middle East, and Oceania)

• If you reside in other regions such as Asia, the Middle East, Australia, or New Zealand, your rights under applicable local laws may include the ability to access, correct, or delete your personal data. We are committed to complying with the privacy regulations in all regions where we operate, and we offer you similar rights to those provided under GDPR and CCPA.

• To inquire about your rights or exercise them, please contact us at [support@purevpn.com]. We will respond to your request in accordance with the laws applicable in your jurisdiction.

PureVPN utilizes different types of cookies to store information related to a visitor on our website. This is done in order to provide the best experience, and to deliver advertising messages and offers that are relevant to our users.

Please see how PureVPN Uses Cookies to get a better understanding about the cookies we employ, what type of data is collected, how that data is used, and how a user can opt-out of this program.

PureVPN’s App and Web App might contain links to other third-party websites. We do not control how they operate their privacy practices nor can we take responsibility for them. For detailed information on how these third parties handle your data, refer to the privacy policies linked above.

As with all online businesses, PureVPN also uses third-party payment processors. All payment data rests with the respective processor.

However, some do require us to process the payment. And in such cases we process all payments realtime and pass it on to the processor and chargeback service without storing any data.

Please review the privacy policy of your preferred payment processor for a better understanding of the information they collect, store and use. Because privacy and anonymity are at the heart of what we do, PureVPN has included Coin Payments in the list of payment methods we accept. These are 100% anonymous payment methods that will protect your privacy.

We accept the usage of our website, apps, extensions and services by the users as an agreement of our Privacy Policy and Terms of Usage.

The services provided by PureVPN are intended for people 18 years or older, or as required by applicable laws in the relevant jurisdiction, who are capable of providing informed consent. We do not knowingly collect personal data from children under the age of 13 (or the minimum age required by applicable law) without verifiable parental consent, in accordance with the Children’s Online Privacy Protect Act (COPPA) and other applicable regulations. If you suspect that the information, including personally identifiable information (PII), has been recorded or used to subscribe to our services by a minor. Parents or legal guardians must notify PureVPN immediately at support@purevpn.com.

All data requests, including those made on behalf of the minor, are subject to successful verification of identification before any request be processed. If we discover that a child under the age of 13 has provided us with personal information without parental consent, we will promptly delete such data from our systems.

Our legal basis for collecting and using your personal information is primarily to provide you with our services and may depend on:

• The personal information concerned.

• The specific context in which it is collected.

The only time we collect personal information from users is:

• When the users sign up and enter into a contract with us.

• Where the processing is in our legitimate interests and does not violate your privacy rights.

As defined herein, the best and most robust information security architecture has been deployed to ensure a seamless user experience and protect user rights. However, in the unlikely event of a data breach, system failure, or any arising dispute, reasonable efforts shall be made to resolve the dispute in an amicable manner. The user understands that there are certain unavoidable risks that arise in the normal course of business operations and that PureVPN or GZ Systems Ltd, and their affiliates shall not be liable (financial or non-financial), damages, or injury, whether direct or indirect, to the maximum extent permissible under applicable law, except in cases of gross negligence or willful misconduct resulting from your use of our service.

PureVPN may update its Privacy Policy from time to time. When changes are made that significantly impact how we process your personal data, we will notify you in advance through appropriate channels, such as in-app notifications, updates on our website, or via email of any material changes in our Privacy Policy.

PureVPN encourages you to review this page regularly to stay informed about any updates. By continuing to use our services after changes have been made, you acknowledge and accept the revised Privacy Policy.

The date of the latest revision will always be displayed at the top of this page.

For any questions or clarity on our Privacy Policy, please send your queries to legal@purevpn.com

Last updated: February 17, 2025