Privacy Policy

Last updated: June 11, 2023

Welcome to ZebraVPN. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy outlines how ZebraVPN ("we", "us", "our") collects, uses, maintains, and discloses information collected from users ("you", "your") of the ZebraVPN.

ZebraVPN is a toolkit designed to provide users with the ability to evade online censorship. We understand the sensitive nature of the data that may pass through our services ("products", "services", solutions, "toolkit")
and the importance of protecting it. Our primary goal is to provide a secure, private, and uncensored internet experience while respecting your privacy.

This Privacy Policy applies to all products and services offered by ZebraVPN. It describes the types of information we may collect from you or that you may provide when you use our services, and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using our services, you agree to this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use our services.

This Privacy Policy explains how we collect, use, and disclose your personal information when you use our services. We are committed to protecting your privacy and complying with the applicable data protection laws, including Sweden's Personal Data Act and the European Union's General Data Protection Regulation (GDPR).

In short:

1. The policy complies with Swedish and EU data protection laws, including the GDPR.

2. Personal information refers to any data that can identify an individual directly or indirectly. Examples of personal information are provided.

3. The company prioritizes user privacy and does not collect or store personally identifiable information beyond what is necessary. Personal information is not sold or shared with third parties.

4. The scope and purpose of the privacy policy are outlined. It covers the information collected, how it is used and stored, and the commitment to minimal data collection.

5. The specific types of personal information collected include email address, username, payment information, first connection date, and amount of data transferred. The types of personal information not collected are also listed. Personal information is not shared with third parties except as described in the policy.

6. Aggregate usage statistics are collected to monitor network performance and improve service quality. But these statistics do not contain any personally identifiable information.

7. The use of personal information is limited to account administration, support, and communication. The information is not sold to any third parties.

8. The jurisdiction and governing laws of the privacy policy are Sweden.

9. Information from email and feedback forms is stored only for customer support and correspondence purposes.

10. Security measures are in place to protect personal information but 100% protection cannot be guaranteed.

11. The services are meant for users above 18 years of age. Users in the EU have rights under GDPR.

12. Changes to the privacy policy may happen from time to time, and continued use of services indicates acceptance of the policy.

13. The policy covers the use of cookies and similar technologies for authentication, preferences, security, and performance purposes. The specific third-party services used are also listed.

14. Personal information is retained only for as long as necessary to provide services, maintain records, and comply with legal obligations. After that, the information is deleted or anonymized.

15. Users have certain rights to access, correct, delete personal information, and object to processing under GDPR and similar laws. The process to exercise these rights is provided.

16. Contact information is provided for any questions or concerns related to the privacy policy or data collection practices.

17. Consent to the privacy policy is required to use the VPN services, which provide tools to circumvent censorship. If a user does not agree with the policy, they must not use the services.

Personal Information: Understanding Its Importance

Personal information, also known as personal data, refers to any information that can identify an individual, either directly or indirectly. This may include:

1. Name: Full name, maiden name, mother's maiden name, or aliases.
2. Contact information: Home address, mailing address, email address, telephone number, or mobile number.
3. Identification numbers: Social security number, passport number, driver's license number, tax identification number, or employee ID number.
4. Financial information: Bank account details, credit card numbers, or income information.
5. Employment information: Employer, job title, work history, or salary.
6. Education history: Schools attended, degrees earned, or certifications.
7. Health or medical information: Health insurance, medical conditions, or prescriptions.
8. Online activities: Usernames, passwords, IP addresses, or browsing history.
9. Photos, videos, or audio recordings that can identify an individual.
10. Biometric data: Fingerprints, facial recognition, or DNA samples.
11. Marital status or family information: Spouse's or children's names, ages, or addresses.
12. Political or religious affiliations.
13. Any other information that, when linked to the above data, can uniquely identify an individual.

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we handle it.

Our Commitment to Privacy

We are committed to protecting your privacy and the confidentiality of your personal information. We do not sell or share your personal information with third parties for their marketing purposes. We only use and share your personal information as described in this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy applies to all personal information collected and used by us. It explains what information we collect, how we use and share that information, and your rights regarding your personal information.

Personal Information We Collect

We collect the following categories of personal information:

• Contact information: When you create an account or contact us, we collect your name, email address, phone number, and other contact details you provide.
• Payment information: When you make a purchase, we collect your payment details, such as your credit card number, expiration date, and billing address. We use third-party payment processors to handle payments and do not store your credit card information.
• Technical and usage information: We collect information about your device, operating system, browser, and usage of our services. This includes your IP address, log files, device identifiers, and location data. We use this information to provide, improve, and optimize our services.
• Survey information: We occasionally conduct surveys to better understand our users and improve our services. We collect any information you choose to provide in these surveys. Participation in surveys is entirely voluntary.

We do not collect or store any sensitive personal information such as social security numbers, passport numbers, or driver's license numbers. We also do not collect personal information through automated decision making or profiling.

How We Use Personal Information

We use your personal information for the following purposes:

• To provide and operate our services: We use your personal information to create your account, provide customer support, and operate, maintain, and improve our services.
• To process payments: We use payment information to verify and process transactions for the services you purchase.
• To improve our services: We use personal information and technical data to analyze trends and usage, improve our services, and develop new features and technologies.
• To provide personalized experiences: We may use personal information to customize content and experiences suited to your interests and location.
• To send marketing communications: We may use your contact information and information about your usage of our services to send you newsletters, offers, and other marketing communications we think may interest you. You may opt out of receiving these communications at any time. See "Your Choices and Rights" below.
• To comply with law: We may use your personal information as necessary to comply with applicable laws, legal processes, and government requests.
• To protect our rights: We may use your personal information to protect the vital interests and enforce the rights of our company, including to prevent fraud, abuse, and violations of our Terms of Service.

We do not sell or share your personal information with third parties for their marketing purposes. However, we may share your information with service providers that perform services on our behalf, as described below.

How We Share Personal Information

We share your personal information only with trusted third parties and service providers as described in this section:

• Service providers: We share personal information with third-party service providers and contractors that provide services on our behalf, such as payment processing, web hosting, customer support, and email delivery services. These service providers must maintain the confidentiality of your personal information and are prohibited from using it for any purpose other than providing their services to us.
• Compliance with law: We may share personal information with third parties to comply with applicable laws and regulations, to respond to a legal process or government request, or to protect the vital interests of any person.
• With your consent: We may share your personal information for other purposes with your express consent. For example, we may share your information with third parties to provide more tailored services or promotional offers at your request.

We do not sell or rent your personal information to third parties. Outside of the situations described above, we will not share personal information without notice and consent.

International Data Transfers

We are headquartered in Sweden and primarily store your personal information in Sweden and other countries in the European Economic Area (EEA). Some of our service providers may store or transfer personal information outside the EEA. When we share personal information outside the EEA, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country's data protection laws, contractual obligations placed on the recipient, or other valid transfer mechanisms.

How We Protect Personal Information

We maintain technical, organizational, and physical safeguards to protect the confidentiality and integrity of your personal information. These measures include:

• Data encryption: We encrypt sensitive personal information such as credit card numbers and passwords using SSL and other technologies.
• Access control: We have strict policies that limit access to personal information to authorized persons only. Access is granted on a need-to-know basis.
• Security audits: We conduct regular security audits and reviews of our information security controls and procedures to protect against unauthorized access to personal information.
• Employee training: We provide security and privacy training to our employees to increase awareness of the importance of protecting personal information.
• Storage redundancy: We utilize data storage technologies that provide high availability and redundancy to minimize the risk of data loss.
• Breach notification: In the event of a data breach, we will notify affected users in accordance with applicable data breach notification laws.

While we strive to ensure the security and integrity of your personal information, we cannot guarantee 100% security. By using our services, you acknowledge that some risk of unauthorized access remains.

Data Retention and Deletion

We retain your personal information for the duration of your account and as necessary to fulfill the purposes described in this Privacy Policy. We may retain certain personal information beyond your account closure or the end of our relationship in order to comply with applicable laws and regulations.

When we no longer need your personal information, we securely delete or destroy it. If you close your account, we will generally delete your personal information within 30 days of your account closure, except where retention of that information is necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

You may request deletion of your personal information at any time by contacting us. We will respond to your request within 30 days. However, we cannot delete your personal information if we need to retain it for legitimate business or legal purposes such as to complete the transaction for which the personal information was collected, provide goods or services requested by you, comply with applicable law, or prevent fraud or illegal activity.

Cookies and Similar Technologies

What are Cookies?

Cookies are small text files that are placed on your computer or device by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners.

We use cookies and similar technologies (such as local storage) to enhance user experience, language and regional settings, and improve the overall functionality of our services.

Why Do We Use Cookies?

We use cookies and similar technologies for several purposes, including:

• Authentication: To help us identify you as a user and provide you access to our services.
• Preferences: To remember your preferences, such as language and regional settings, and provide you with a more personalized experience.
• Security: To protect your data and maintain the integrity of our services by detecting and preventing fraud and other security threats.
• Performance: To measure and improve the performance and functionality of our services, ensuring that we deliver the best possible experience for our users.

Third-Party Services

To provide you with our VPN services and tools to circumvent censorship, we collaborate with carefully selected third-party service providers. These partners have been chosen based on their alignment with Sweden's and the EU's legislation, including the General Data Protection Regulation (GDPR) and other relevant data protection laws. By doing so, we ensure that your personal information is treated with the utmost care and protection, just as we do ourselves.

We only share the necessary information with our third-party service providers to fulfill their specific tasks, and they are strictly prohibited from using your personal data for any other purposes. Our agreements with these service providers explicitly state that they must maintain the confidentiality and security of your data and implement appropriate technical and organizational measures to safeguard it.

Below is a list of the third-party services we utilize, along with a brief description of their purpose and links to their respective privacy policies:

• Cloudflare: Cloudflare provides content delivery network (CDN) and Domain Name System (DNS) services. For more information, please read the Cloudflare Privacy Policy.
• Terrahost.no: Terrahost.no offers hosting services. To learn more about their privacy practices, please refer to the Terrahost.no Privacy Policy.
• Stripe: Stripe is responsible for payment processing. You can learn more about their privacy measures in the Stripe Privacy Policy.
• Nowpayments.io: Nowpayments.io also handles payment processing. For additional details, please read the nowpayments.io Privacy Policy.
• Paypal.com: Paypal.com is another payment processing partner. For more information on their privacy practices, please consult the paypal.com Privacy Policy.
• vercel.com: Vercel.com provides hosting services as well. To learn more about their privacy measures, please read the vercel.com Privacy Policy.
• Google fonts: Google fonts supplies fonts for our services. For more information on their privacy practices, please visit the Google fonts Privacy Policy.
• Google Workspace: Google Workspace is responsible for email services. To learn more about their privacy measures, please read the Google Workspace Privacy Policy.
• Microsoft Azure: Microsoft Azure provides hosting services. For more information on their privacy practices, please read the Microsoft Azure Privacy Policy.
• OVH Groupe SAS: OVH Groupe SAS provides hosting services. For more information on their privacy practices, please read the OVH Groupe SAS Privacy Policy.

By using our VPN services, you acknowledge and agree to the use of these third-party services and their respective privacy policies. Rest assured that we have taken every possible step to ensure the protection and privacy of your personal information. If you have any questions or concerns, please contact us at ["[email protected]"].

Service Providers

We may share your personal information including IP address, connection timestamps, session duration, amount of data transferred, software and device information with third-party service providers who help operate and maintain our network. These providers are required to keep your information confidential and secure, and may only use it to assist us. Current service providers include:

• Terrahost.no AS: VPN server hosting. Located in Norway. https://www.terrahost.no/privacy-policy/
• AWS (Amazon Web Services): VPN server hosting. Located in the US. https://aws.amazon.com/privacy/
• Cloudflare: DDoS protection and website security. Located in the US. https://www.cloudflare.com/privacypolicy/
• Google Workspace: Email services. Located in the US. https://policies.google.com/privacy
• Vercel: Website hosting. Located in the US. https://vercel.com/legal/privacy-policy
• OVH Groupe SAS: VPN server hosting. Located in France. https://www.ovh.com/fr/g2162.privacy_policy.

We may update or change service providers at any time. We only share the minimum amount of information necessary for them to perform their specific services. Their access to your data is strictly limited to these purposes.

Legal Compliance

We may disclose your personal information to local law enforcement agencies, government authorities or third parties if required by Sweden's law to comply with legal obligations or valid requests. We may also share your information if we believe it is necessary to protect our rights, users, network or services. In such cases, we will notify you of the disclosure unless legally prohibited.

Note: we do not respond to requests from law enforcement agencies outside of Sweden.

International Data Transfers

Since we operate globally, we may transfer your personal information to countries outside of your place of residence, including countries with differing data protection standards. Certain service providers and third parties that assist us in providing our services may be located in such countries. We take all necessary steps to ensure adequate protection for your information with all international data transfers by using legally approved mechanisms such as EU-approved Standard Contractual Clauses.

Data Retention

We retain your personal information only for as long as necessary to provide and maintain our services. When the information is no longer required for these purposes, we securely delete or anonymize it.

User Rights

Under the GDPR and other privacy laws, you have certain rights related to your personal information. To exercise any of these rights, please contact us through our customer support. We will respond to all requests within 30 days:

1. Access: You have the right to request a copy of your personal information.
2. Rectification: You can ask us to correct or update inaccurate information.
3. Erasure: You can request deletion of your data, and we will erase it unless we have a lawful reason for retaining it.
4. Restriction: You can restrict how we process your information if you contest its accuracy or our purpose for processing it.
5. Objection: You can object to certain types of processing like direct marketing. We no longer process your data for that purpose after you object.
6. Portability: You can request a copy of your data in a machine-readable format or ask for it to be transferred to another controller.
7. Automated Decisions: You have the right not to be subject to a decision based solely on automated processing, including profiling.
8. Complaint: You have the right to lodge a complaint with the appropriate supervisory authority.

Note:

• We may ask you to verify your identity before responding to any requests.
• We may reject requests that are unreasonable or require disproportionate effort.
• We may not be able to fulfill your request if it affects the rights and freedoms of others.

Privacy Policy Changes

We reserve the right to revise or modify this Privacy Policy at any time. We will post the latest version of our Privacy Policy on our website. Your continued use of our services after any changes or modifications constitutes your acceptance of the updated Privacy Policy. If you do not agree with the new policy, you should discontinue using zebravpn.com and our VPN services.

Contact Information

If you have any questions or concerns regarding this Privacy Policy or our data collection practices, please contact us through our customer support channels. We take our users' privacy concerns seriously and will make every reasonable effort to solve them in a satisfactory matter. Email: ["[email protected]"]

Consent

By using our VPN services, you are consenting to the collection, use and disclosure of your personal information as outlined in this Privacy Policy. Continued use of our services constitutes continued consent to this Privacy Policy. If you do not agree with our Privacy Policy, please refrain from using our VPN services.