Privacy Policy
Last updated: September 01, 2025
This Privacy Policy explains how PolarVPN (“PolarVPN”, “we”, “our”, or “us”) collects, uses, and protects information when you use our mobile applications, desktop applications, websites, and related services (collectively, the “Services”).
1) Who we are
PolarVPN provides virtual private network (VPN) Services designed to enhance your online privacy and security. For the purposes of data protection laws, we act as the “data controller” of your personal information processed under this Policy.
2) Scope
This Policy applies to information processed when you use the Services, contact us, or otherwise interact with us. It does not apply to third-party websites, services, or applications that are not under our control.
3) Information we do not collect
We built PolarVPN around a strict no‑activity‑logs approach. Specifically, when connected to the VPN we do not log:
- Your browsing history or the content of traffic;
- DNS queries issued by your device;
- Traffic destination or metadata that could identify what you view online;
- Original IP address associated with your VPN session;
- Any timestamps that could be tied to your VPN activity.
4) Information we may collect
We aim to minimize personal data collection. Depending on how you use the Services, we may process:
Account and basic app information
- App and device metadata (e.g., app version, OS version, language, device model) to ensure compatibility and deliver updates.
- Anonymous diagnostics and crash reports if you opt in via your OS settings or in-app prompts. These reports help us fix bugs and improve performance.
- Support communications: when you reach out to us (e.g., by email), we process the information you provide so we can respond.
Connection management data (minimal)
To maintain service reliability and prevent abuse (e.g., DDoS, credential stuffing), our systems may temporarily and automatically process limited technical data such as:
- Non-identifying routing information required to establish a VPN connection;
- Aggregate load and performance metrics per server (not tied to specific users);
- Ephemeral identifiers (e.g., tokens) necessary for session management, which are deleted when no longer needed.
We design these processes so they are not used to monitor your online activity.
5) How VPN traffic is handled
VPN traffic is encrypted between your device and our VPN servers. We do not inspect, log, or store the contents of your VPN traffic. Network firewalls may automatically block known malicious traffic patterns to keep our infrastructure and users safe.
6) Legal bases (EEA/UK)
Where applicable (e.g., the EEA, UK), we process personal data under the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR): to provide and maintain the Services;
- Legitimate interests (Art. 6(1)(f) GDPR): to secure the Services, prevent abuse, and improve quality in a privacy-preserving way;
- Consent (Art. 6(1)(a) GDPR): for optional diagnostics or communications, where required;
- Legal obligations (Art. 6(1)(c) GDPR): to comply with applicable laws.
7) How we use information
- Provide, maintain, and troubleshoot the Services;
- Protect the security and integrity of our network and users;
- Communicate with you about updates, support, and important notices;
- Comply with legal obligations and enforce our terms;
- Improve the Services through privacy-preserving analytics and diagnostics.
9) Data retention
We retain information only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by law. Diagnostic data and ephemeral connection data are retained only for the minimum period needed for troubleshooting and service reliability, after which they are deleted or de-identified.
10) Data security
We employ administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; however, we continually work to improve our safeguards.
11) International transfers
We may process information on servers located in different countries. Where required, we implement appropriate safeguards for cross-border data transfers, such as contractual clauses approved by relevant authorities.
12) Payments
If you purchase a subscription through a platform provider (e.g., Google Play, Apple App Store), the platform processes your payment information. We do not receive your full payment card details. We may receive limited transaction metadata (e.g., purchase confirmation, country/region, product identifier) to activate and manage your subscription.
14) Advertising
We do not use third-party advertising SDKs in our VPN tunnel and do not sell your data. If we display any in-app promotions in the future, they will not have access to your VPN traffic. We will update this Policy if our advertising practices change.
15) Your rights
Depending on your location, you may have rights regarding your personal information, such as the right to access, correct, delete, or receive a copy of your data, and to object to or restrict certain processing. You may also have the right to withdraw consent where processing is based on consent.
To exercise your rights, contact us at [email protected]. We may need to verify your request to protect your privacy and security.
16) Children’s privacy
The Services are not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children.
17) Changes to this policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date, and, where appropriate, notify you through the Services or by other means.
18) Contact us
If you have questions or requests about this Policy or our privacy practices, please contact us at [email protected].