- Nothing is stored on VPN servers, not even common Linux daemon logs like entropy daemons, ntpd, OpenSSH etc.
- We are using our own, private DNS resolvers for DNS queries coming from VPN users. (Feature not fully implemented on all servers yet, full roll-out by the end of January, 2014).
- All DNS queries coming from customers are sent to our private DNS resolvers through encrypted tunnels.
- DNS resolvers do not log anything and are mixing customer queries with millions of random queries we are generating.
- We don’t log or monitor any of our customers’ traffic.
- We keep connection logs for 1 day to help us troubleshoot some problems our customers might encounter. These logs include source IPs and timestamps (connection start/end time).
- We keep bandwidth usage statistics, both for servers (total daily/monthly usage) and for customers.
- Connection logs are transferred in real-time from VPN servers to a secure, full-disk encrypted server in an undisclosed location. No connection logs are stored on VPN servers.
- We don’t use any 3rd party tracking services like Google Analytics (they defeat the purpose of a privacy service).
- We collect billing information from our customers upon placing an order with us. We are required by law to do it, for accounting and tax purposes.
- We collect the e-mail addresses of those who communicate with us via e-mail and/or ticketing system, contact forms.
- We keep support webchat history for one month.
- We keep website access logs for at least 1 month and we regularly check them for various purposes, including but not limited to identifying fraudulent signups and identifying website hacking attempts.
- All website logs are stored on a secure, full-disk-encrypted server.
- In the event of canceling/terminating your VPN account with us, we will delete the VPN account credentials from our authentication databases. If you specify that you’d like to remove all information we have from you in our system, we will delete it. We reserve the right to keep information that, in our sole discretion, is suspicious (e.g., potential fraudulent signups).
- We don’t share/transfer/hand over any kind of information we collect on our website to any third parties, except by court order in the Romanian jurisdiction where we are incorporated.
Only two staff members have admin access to our infrastructure, and they are both security minded professionals with over 12 years of experience in Information Security, Linux, and Network Administration.
Latest policy update: 01/20/2014
Reason of update: simplified and more concise version.