Privacy
VPN.com Privacy Policy & Cookie Policy
Effective Date: January 30, 2017
Last Updated: December 27, 2025
1. Incorporation by Reference; Priority; Defined Terms
This Privacy Policy & Cookie Policy (this “Policy”) is incorporated into and forms part of the VPN.com Terms of Service (the “Terms”). Capitalized terms not defined in this Policy have the meanings given in the Terms. If there is a conflict between this Policy and the Terms, the Terms control except where applicable law requires otherwise. This Policy applies to VPN.com LLC (“VPN.com,” “Company,” “we,” “us,” or “our”) and governs Personal Data processing in connection with the website located at www.vpn.com and any related subdomains, pages, services, tools, APIs, applications, communications, marketing, advertisements, and other interactions that link to or reference this Policy (collectively, the “Services”).
2. Scope; Global Standard; Future-Proofing Through 2050
We operate globally. Where multiple privacy laws apply, we apply a risk-based, highest-standard approach for the relevant processing activity and jurisdiction. This Policy is designed to remain durable as laws evolve through 2050, including successor privacy, cybersecurity, AI governance, advertising, and consumer protection frameworks.
3. Categories of Personal Data We Process
We may collect, receive, generate, infer, or otherwise process the following categories of Personal Data (depending on how you interact with the Services):
(a) identifiers (e.g., email address, phone number, account identifiers);
(b) device and technical data (e.g., IP address, browser/OS, device identifiers);
(c) usage and interaction data (e.g., pages viewed, clicks, session events);
(d) advertising/marketing and attribution data (e.g., ad impressions, conversions, referral parameters);
(e) approximate location data (e.g., inferred from IP);
(f) communications data (e.g., support requests);
(g) transaction and commercial data (e.g., purchase/subscription metadata; payment handled by payment processors);
(h) security and integrity data (e.g., logs, fraud/abuse signals);
(i) inferred and segmentation data (e.g., preferences/interests derived from usage); and
(j) AI-assisted outputs and classifications used to operate, secure, and improve Services (subject to legal constraints).
4. Sources of Personal Data
We collect Personal Data:
(a) directly from you;
(b) automatically from your device/browser;
(c) from service providers and partners that support the Services; and
(d) from advertising/analytics and attribution partners where enabled and lawful.
5. Purposes of Processing
We process Personal Data to:
(a) provide, operate, maintain, and improve Services;
(b) authenticate users and administer accounts;
(c) provide customer support;
(d) send transactional and service communications;
(e) measure performance, analytics, and A/B testing;
(f) deliver advertising, measure attribution, and perform remarketing where permitted;
(g) prevent fraud, abuse, and security incidents;
(h) comply with legal obligations and respond to lawful requests;
(i) protect our rights, users, and the public; and
(j) support business operations, audits, governance, and continuity.
6. Legal Bases (Where Applicable)
Depending on jurisdiction, we process Personal Data based on one or more of: consent; contractual necessity; legal obligations; legitimate interests (balanced against your rights); vital interests; and public interest/legal authority.
7. Cookies, Trackers, and Similar Technologies
We use “Trackers” (including cookies, pixels, SDKs, local storage, scripts, and identifiers) to operate the Services, remember preferences, measure performance, and (where allowed) support advertising and attribution. Trackers may be first-party or third-party. Trackers may be session-based or persistent.
8. Tracker Categories
(a) Strictly Necessary (security, fraud prevention, load balancing, core functionality)
(b) Functional/Experience (preferences, embedded content, integrations)
(c) Measurement/Analytics (audience measurement, performance, debugging)
(d) Marketing/Advertising (attribution, frequency capping, remarketing, conversion measurement)
9. Advertising, Affiliate Relationships, and Attribution
We may earn revenue from affiliate relationships and advertising. If you click a link and/or purchase a product or service, we may receive compensation. We do not promise outcomes from third-party services and we are not responsible for third-party privacy practices. We use attribution and conversion measurement tools to understand marketing effectiveness.
10. “Sale,” “Share,” Targeted Advertising, and Global Opt-Out Signals
We honor legally required opt-out rights, including opt-out of “sale”/”sharing” (as defined by applicable laws) and targeted advertising where required. We also support user-enabled global privacy signals such as Global Privacy Control (GPC) where recognized by law and technically feasible.
11. AI, Automation, and Profiling
We may use automated systems (including AI) to detect fraud/abuse, improve performance, personalize content, and support measurement. Where required, you may have rights to access meaningful information about certain automated processing, request human review of decisions that produce legal or similarly significant effects, and contest outcomes, subject to applicable law and security constraints.
12. Sharing and Disclosure of Personal Data
We may share Personal Data with:
(a) vendors/service providers (hosting, analytics, support, security, communications, payments);
(b) advertising and measurement partners where enabled;
(c) professional advisors (legal, audit, compliance);
(d) affiliates/related entities;
(e) authorities where legally required; and
(f) successors in a merger, acquisition, financing, reorganization, bankruptcy, or similar transaction (subject to applicable law and notice requirements).
We require appropriate contractual protections for processors and restrict use to business purposes where required.
13. International Transfers
Your Personal Data may be processed in the United States and other jurisdictions. We use recognized transfer mechanisms and safeguards where required (e.g., contractual protections and security measures) and will comply with localization requirements where applicable.
14. Data Retention
We retain Personal Data only as long as necessary for the purposes described, including to provide Services, comply with law, resolve disputes, enforce agreements, and maintain security. Retention periods may vary by category, jurisdiction, and operational necessity. We may retain de-identified/aggregated data longer where permitted.
15. Security
We implement administrative, technical, and physical safeguards designed to protect Personal Data. No system is 100% secure; you are responsible for maintaining the confidentiality of your credentials and using secure devices and networks.
16. Children
The Services are not directed to children, and we do not knowingly collect Personal Data from children below the minimum age required by applicable law. If you believe a child provided Personal Data, contact us so we can take appropriate action.
17. Your Rights (Global)
Depending on where you live, you may have rights to: access; correct; delete; port; restrict/limit processing; object; withdraw consent; opt out of targeted advertising; and appeal decisions. We will not discriminate against you for exercising rights. We may need to verify your identity and may deny or limit requests where legally permitted (e.g., security, fraud prevention, legal obligations).
18. Region-Specific Notices
(a) EEA/UK (GDPR and successors): rights to access/erasure/rectification/portability/restriction/objection and complaint to a supervisory authority.
(b) Brazil (LGPD): rights to confirmation/access/correction/anonymization/portability/deletion and ANPD complaint.
(c) United States (state laws): rights to access/correct/delete/port; opt out of targeted advertising and certain disclosures; honoring global opt-out signals where required.
19. Changes to This Policy
We may update this Policy as described in the Terms’ notice provisions. Material changes will be provided where required. The “Last Updated” date reflects the most recent revision.
20. Contact
VPN.com LLC
PO BOX 33623
Decatur, GA 30033, USA
Email: legal@vpn.com