Privacy Policy

1. Information Collection

1.1 Information We Collect

To provide and maintain our services, we may collect the following categories of information:

• Account information: When you register a Proton VPN account, we collect the email address and username you provide. Note that we do not require your real name or other personally identifiable information to use our services.
• Payment information: When you subscribe to a paid plan, we collect necessary payment processing information. We use third-party payment processors and do not directly store your full credit card number or bank account. If you pay with cryptocurrency, we do not collect any personally identifiable information.
• Technical information: We may collect limited technical information to maintain the service, including your IP address (used only to prevent abuse and fraud, never associated with your browsing activity), device type, operating system version, and app version.
• Communication information: When you contact our customer support team, we collect the message content and contact details you send so we can respond to your requests.

1.2 Information We Do Not Collect — No-Logs Policy

Proton VPN enforces a strict no-logs policy. We never collect or record any of the following:

• Your browsing history or websites visited
• Data transfer content or traffic data
• Connection timestamps or connection duration
• Session duration
• Bandwidth usage
• DNS query records
• Specific servers you use (not associated with your account)
• Any network activity data traceable to your personal identity

Our no-logs policy has been verified by independent third-party security audits. Audit results have been published publicly and are available for review at any time.

2. Information Usage

We use the collected information for the following purposes:

• Service provision: Processing your account registration, managing subscriptions, providing VPN connection services.
• Maintaining security: Detecting and preventing fraud and abuse, ensuring the security and integrity of the service. We may use IP addresses for rate limiting to prevent brute-force attacks and DDoS attacks.
• Service improvement: Analyzing anonymized usage statistics (not associated with personal identity) to improve our service performance and user experience.
• Customer support: Responding to your inquiries, handling technical issues and service requests.
• Legal compliance: Complying with law enforcement as required by Swiss law when receiving valid legal requests. Since we do not log user activity, even when receiving legal requests, we cannot provide your browsing history or connection data.
• Communications: Sending service-related notifications (such as service updates, security announcements, account change notifications). You can opt out of marketing communications at any time, but service-related notifications cannot be opted out.

3. Information Sharing

We do not sell, rent, or trade your personal data to any third party. In the following limited circumstances, we may share your information:

• Service providers: We may share necessary information with trusted third-party service providers to maintain our service operations (such as payment processors, cloud infrastructure providers). All service providers are bound by strict data protection agreements and may only process data at our direction.
• Legal requirements: If we genuinely believe disclosure of your information is reasonably necessary to comply with a legal requirement, we may disclose information to the minimum extent necessary. Due to our no-logs architecture, the information we can actually provide is very limited.
• Protecting rights: When necessary to protect our rights, property, or safety, or the safety of our users or the public, we may disclose necessary information.
• Business transactions: In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction. We will notify you before such transfer occurs and ensure the recipient continues to comply with this Privacy Policy.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: Retained during the lifetime of your account. When you delete your account, we will permanently delete your personal data within 30 days.
• Payment records: In accordance with Swiss tax and accounting law requirements, payment transaction records are retained for 10 years. However, these records only contain transaction amounts and dates, not your browsing activity or VPN usage data.
• Support communications: Customer support communication records are retained for 3 years and then automatically deleted.
• Technical logs: Limited technical logs used to prevent abuse (such as IP address rate limiting records) are automatically deleted within 24 hours after processing.
• Anonymized data: Anonymized usage statistics containing no personal identity information may be retained indefinitely for analysis purposes.

5. Your Rights

Under the Swiss Federal Data Protection Act (FADP) and the EU General Data Protection Regulation (GDPR), you have the following data protection rights:

• Right of access: You have the right to request access to the personal data we hold about you at any time.
• Right to rectification: If you find that personal data we hold about you is inaccurate or incomplete, you have the right to request correction.
• Right to erasure: Under certain circumstances, you have the right to request deletion of your personal data ("right to be forgotten"). Note that we may need to retain certain information to meet legal obligations.
• Right to restrict processing: Under certain circumstances, you have the right to request restriction of our processing of your personal data.
• Right to data portability: You have the right to receive personal data you provided to us in a structured, machine-readable format, and the right to transfer this data to other data controllers.
• Right to object: You have the right to object to our processing of your personal data under certain circumstances.
• Right to withdraw consent: If we process data based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of the above rights, please contact us using the contact information provided at the end of this policy. We will respond within 30 days of receiving your request.

6. Security Measures

We take multi-layered security measures to protect your personal data:

• End-to-end encryption: All VPN connections use AES-256 bit encryption, ensuring your internet traffic cannot be intercepted or read by third parties.
• Zero-access encryption: Your Proton account data is protected with zero-access encryption technology, meaning even we cannot read your encrypted data.
• Physical security: Our servers are deployed in secure data centers deep in the Swiss Alps, subject to strict physical access controls.
• Open source audits: Our applications are open source, subject to review by security researchers worldwide. We also conduct regular independent third-party security audits.
• Swiss jurisdiction: We are headquartered in Switzerland, governed by the world's strictest privacy protection laws. Switzerland is not an EU member, not subject to EU data retention directives, and not a member of the Fourteen Eyes alliance.
• Employee training: All our employees receive data protection training and sign confidentiality agreements.

7. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy, or wish to exercise your data protection rights, please contact us at:

We are committed to responding to all data protection-related requests within 30 days. If you are unsatisfied with our response, you have the right to file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

This Privacy Policy may be updated from time to time. Significant changes will be notified to you through in-app notifications or email. Continued use of our services indicates your acceptance of the updated Privacy Policy.