Privacy Policy

Last updated:

Who we are and scope

This Privacy Policy explains how BLACKVAULT TECHNOLOGIES SRL ("Blackvault", "we", "us", or "our") collects, uses, and shares information when you use our websites, mobile and desktop apps, browser extensions, VPN service, and related services (the "Services"). We are the data controller for personal data processed in connection with the Services. Your use of the Services is also subject to our Terms of Service.

Key VPN privacy commitments

  • We do not record or store your browsing activity, DNS queries, traffic content, destination IP addresses, or the files you download.
  • We do not store connection timestamps paired with your account that could identify what you did while connected.
  • We operate with minimal connection metadata needed to run the Service (see "VPN connection data" below) and retain it only for the periods stated.
  • We do not sell your personal information or share it with third parties for their own marketing purposes.
  • We support WireGuard and OpenVPN; keys are rotated on each connection; servers use disk encryption for sensitive data at rest.

Information we collect

Account and contact data

  • Email address (required to create an account; used for login, security notices, and support).
  • Name or alias (optional).
  • Support communications, feedback, and forms you submit.

Payment data

Payments for individual consumers are processed by Stripe. We receive payment confirmations, subscription status, and limited billing metadata (e.g., last 4 digits and expiry month for card, or a transaction ID) — we do not store full card numbers. If you purchase via an app store, that store processes payment and shares only the data necessary to activate your subscription.

VPN connection data (minimal)

To operate the VPN, prevent abuse, and troubleshoot, our systems may process the following, retained for the shortest practical period:

  • Ephemeral IP address and port assigned by our VPN servers (during the session only).
  • Connection event telemetry such as successful connection, protocol in use (e.g., WireGuard, OpenVPN), and total data transferred per session (in MB) — not the content or destinations.
  • Aggregate load and performance metrics per server (no per‑site activity).

Where feasible, this telemetry is stored only in memory and aggregated; server‑side logs are minimized and rotated regularly.

App diagnostics (optional)

With your consent, apps may send crash reports and performance diagnostics. These may include device model, OS version, app version, and non‑content technical logs. You can disable diagnostics in settings at any time.

Web usage analytics and cookies

Our websites use essential cookies for authentication and preferences and may use analytics cookies where permitted by law and subject to your consent. See our Cookie Policy and cookie banner for details and controls.

How we use information

  • Provide, operate, and secure the VPN and related Services.
  • Authenticate users and manage subscriptions.
  • Detect, prevent, and respond to abuse, fraud, and security incidents.
  • Provide customer support and communicate service updates.
  • Improve performance and develop new features.
  • Comply with legal obligations and enforce our Terms.
  • Send marketing communications where permitted by law and subject to your choices.

Legal bases for processing (EEA/UK)

  • Contract to provide the Services you request.
  • Legitimate interests in running, securing, and improving the Services, balanced against your rights.
  • Consent for analytics, diagnostics, and marketing where required.
  • Legal obligation for compliance with applicable laws.

Sharing and service providers

We share personal data with vendors who process it on our behalf and under contract (e.g., hosting, data storage, content delivery, payment processing, email, analytics, diagnostics). We require appropriate security and confidentiality commitments. For individual consumer payments, we use Stripe as our payment processor.

  • Legal requirements and protection of rights: we may disclose information where required by law or to protect our rights, users, or the public.
  • Business transfers: information may be transferred as part of a merger, acquisition, or similar event. We will notify you of material changes.

Data retention

  • Account and subscription data: for the life of the account and up to 12 months after closure, unless a longer period is required by law or to resolve disputes.
  • VPN connection telemetry: session‑level data retained transiently and aggregated; server logs (where present) rotate within 30 days.
  • Diagnostics (optional): up to 90 days or until issues are resolved.
  • Marketing preferences: until you unsubscribe or request deletion.

You can request deletion at any time as described below.

Your rights

Depending on your location, you may have rights to access, correct, delete, object to, or restrict processing of your personal data, and to data portability and withdrawal of consent. To exercise these rights, contact us at contact@vault-vpn.com. We may need to verify your request. We respond within one month, extendable as permitted by law for complex requests.

If you are in the EEA, UK, or Switzerland, you also have the right to complain to your data protection authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

International transfers

We operate globally and may transfer personal data to countries outside your own. For transfers from the EEA/UK/Switzerland to countries without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses and vendor due diligence.

Security

  • Encryption in transit and, where appropriate, at rest.
  • Access controls, authentication, and least‑privilege principles.
  • Regular security reviews and monitoring.
  • Vendor security assessments and contractual safeguards.
  • Modern VPN protocols supported: WireGuard and OpenVPN, with per-connection key rotation.
  • Server-side disk encryption for sensitive data at rest.

No method of transmission or storage is completely secure. Keep your credentials confidential and use strong, unique passwords.

Children's privacy

The Services are not directed to children under 16 in the EEA/UK or under 13 elsewhere. We do not knowingly collect personal data from children without required consent. If you believe a child has provided personal data, contact us to request deletion.

Regional notices

California and certain U.S. states

If you are a resident of California, Colorado, Connecticut, Virginia, or Utah, you may have additional rights regarding access, deletion, correction, portability, and the right to opt out of certain processing such as targeted advertising or sale. We do not sell personal information. To exercise rights, use the contact methods below. You may have the right to appeal a decision regarding your request; instructions will be provided in our response.

Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will provide prominent notice and update the date above. Your continued use of the Services after changes take effect constitutes acceptance of the revised Policy.

Contact us

  • Email: contact@vault-vpn.com
  • Postal address (controller): BLACKVAULT TECHNOLOGIES SRL, Calea Floreasca, Bucharest, Sector 1, 014459, Romania
  • EU Representative / DPO contact: contact@vault-vpn.com
  • Supervisory authority (Romania): Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), Bucuresti, Sector 1

Transparency

We plan to publish periodic transparency reports summarizing law enforcement requests (if any) and our responses in line with this Policy and applicable law.