Simple VPN Privacy Policy

This Privacy Policy constitutes a comprehensive disclosure of the data collection, processing, and protection practices employed by Simple VPN ("Company," "we," "us," or "our") in connection with our website, mobile applications (Simple VPN and Simple VPN Lite), and all associated services (collectively referred to as the "Services").

The Services are operated by Simple VPN Technologies Pte. Ltd., a company incorporated under the laws of the Republic of Singapore. This Privacy Policy is governed by and construed in accordance with Singapore law and applicable international data protection regulations.

By accessing or utilizing our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy and our Terms of Service.

1. Fundamental Privacy Commitment and No-Log Policy

Simple VPN operates under a strict and uncompromising zero-log policy. We categorically do not collect, store, monitor, or log any user activity data, including but not limited to browsing history, traffic destination, data content, IP addresses, DNS queries, connection timestamps, bandwidth usage, or any other information that could be utilized to identify an individual user or their online activities.

This commitment extends to all aspects of our VPN service infrastructure and represents a core principle of our business operations and technical architecture.

2. Categories of Information Collected

In accordance with our privacy-first approach, we employ data minimization principles and collect only the information that is strictly necessary for service functionality and improvement:

Anonymous Technical Data: Device type and model, operating system version, application version, crash reports and error logs, connection success and failure statistics, and general geographic location by country (not specific location data).
Account Information: Where account registration is utilized, we may collect your email address and encrypted authentication credentials.
Subscription and Payment Data: Email address associated with subscription, selected service plan, and payment method information processed through certified third-party payment processors in compliance with PCI DSS standards.
Customer Support Communications: Messages, emails, and other communications submitted through our support channels for the purpose of providing technical assistance.

3. Lawful Basis and Purposes for Data Processing

We process personal data solely for the following legitimate business purposes:

Operating, maintaining, and ensuring the security of our Services
Managing user accounts and subscription services
Processing payments and managing billing inquiries
Providing customer support and technical assistance
Communicating service updates, security notices, and administrative information
Improving service performance, reliability, and user experience through anonymized analytics
Ensuring compliance with applicable legal and regulatory requirements

4. Third-Party Service Providers and Data Processing

We engage select, reputable third-party service providers to support specific operational functions. These partnerships are governed by strict data processing agreements:

Firebase (Google LLC): Analytics, crash reporting, and application performance monitoring
Adjust GmbH: Mobile attribution and campaign analytics
Advertising Partners (AdMob, Unity Technologies, Liftoff Mobile): Advertisement serving and revenue optimization

We ensure that all third-party processors maintain appropriate technical and organizational measures to protect personal data and do not have access to any VPN usage data or user activity information.

5. Data Sharing, Disclosure, and International Transfers

We maintain strict control over personal data and limit sharing to the following exceptional circumstances:

Service Providers: With contracted third-party processors under binding confidentiality and data protection agreements
Corporate Transactions: In connection with mergers, acquisitions, or asset transfers, subject to equivalent privacy protections
Legal Compliance: When required by applicable law, court order, or governmental regulation
Consent: With your explicit, informed consent for specific purposes

International data transfers are conducted in accordance with applicable data protection laws and utilize appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Data Security and Protection Measures

We implement comprehensive, industry-leading security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security framework includes:

End-to-end encryption for data transmission and storage
Multi-factor authentication and access controls
Regular security audits and vulnerability assessments
Employee training on data protection best practices
Incident response and breach notification procedures

7. Individual Rights and Data Subject Requests

You possess comprehensive rights regarding your personal data, including:

Right of access to your personal data
Right to rectification of inaccurate information
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in Section 12. We will respond to all legitimate requests within the timeframes required by applicable law.

8. Data Retention and Deletion Policies

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable legal obligations. Upon expiration of the retention period, data is securely deleted or anonymized using industry-standard methods.

Specific retention periods vary by data category and are determined based on operational necessity, legal requirements, and user expectations.

9. Jurisdiction-Specific Privacy Provisions

European Economic Area and United Kingdom (GDPR/UK GDPR)

For users in the EEA and UK, we comply fully with the General Data Protection Regulation and UK GDPR. We serve as the data controller for personal data processing and provide all rights afforded under these regulations, including the right to lodge complaints with supervisory authorities.

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Simple VPN does not sell, rent, or otherwise monetize personal information. California residents may exercise their rights to know, delete, correct, and limit the use of their personal information by contacting us directly.

Other Jurisdictions

We respect and comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to the Personal Data Protection Act of Singapore and other relevant national and international privacy regulations.

10. Children's Privacy Protection

Our Services are not designed for or directed at individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it.

11. Privacy Policy Updates and Modifications

We reserve the right to modify this Privacy Policy to reflect changes in our practices, legal requirements, or business operations. Material changes will be communicated through prominent notices within our applications or via email to registered users. Continued use of our Services following such notice constitutes acceptance of the modified terms.

12. Contact Information and Data Protection Inquiries

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us through the following channels:

Primary Contact Email: it.narek.dallakyan@gmail.com
Data Protection Officer: Narek Dallakyan
Data Protection Inquiries: it.narek.dallakyan@gmail.com

We are committed to addressing all inquiries promptly and comprehensively in accordance with applicable legal requirements and our commitment to user privacy.