← Back to home

Privacy Policy

Effective date: 1 червня 2026

⚠️ Draft — fill company details in config/legal.php before publishing.

This Privacy Policy explains how PrivMars ("PrivMars", "we", "us") handles information when you use our VPN service, website (https://privmars.com), and apps (together, the "Service"). Privacy is the product, so we collect as little as technically possible to run a paid account and keep the network healthy.

1. Our no-logs commitment

We are a no-logs VPN. We do not monitor, record, store, or share:

  • the websites, services, or IP addresses you connect to;
  • your DNS queries or browsing history;
  • the contents of your traffic;
  • the source IP address you connect from, tied to your account, beyond what is transiently needed to route a live connection;
  • per-session bandwidth or activity logs that could be used to reconstruct what you did.

VPN nodes are configured to keep traffic in memory only for the duration of a live connection. We cannot produce an activity history because one does not exist.

2. Information we do collect

Account data

  • Email address — to create your account, send receipts, password resets, and important service notices.
  • Password — stored only as a salted one-way hash; we never see your plaintext password.
  • Subscription & plan — your current plan, status, and renewal date.

Payment data

Payments are handled by our payment processors (see §5). We receive a payment confirmation and a processor reference, plus the plan purchased. We do not store your full card number, CVC, or crypto wallet keys on our servers.

Device & configuration data

  • Device records — a name you give a device and the public cryptographic keys / VPN configuration issued to it, so we can enforce your plan's device limit and let you revoke a device.
  • Last handshake timestamp / endpoint — a coarse "this device connected recently" marker used for security (detecting credential sharing) and to power the "remove a device" screen. This is not a browsing log.

Operational data

  • Aggregate node metrics — overall load, latency, and capacity per node, not linked to any individual user.
  • Support correspondence — if you email us, we keep that thread to help you.

3. How we use information

  • To create and operate your account and authenticate you;
  • To provision and revoke VPN access on our nodes;
  • To process payments, renewals, and refunds;
  • To enforce plan limits and our Terms of Service and prevent abuse;
  • To send transactional email (receipts, password reset, security and service notices);
  • To keep the network healthy and resistant to blocking.

We do not sell your data, and we do not use third-party advertising or behavioural tracking.

4. Legal bases (GDPR)

Where the EU/UK GDPR applies, we process personal data on these bases:

  • Contract — account, provisioning, billing (Art. 6(1)(b));
  • Legitimate interests — security, abuse prevention, network health (Art. 6(1)(f));
  • Legal obligation — tax/accounting records for payments (Art. 6(1)(c));
  • Consent — any optional communications you opt into (Art. 6(1)(a)).

5. Sub-processors & third parties

We share the minimum necessary data with vetted providers who act on our behalf:

ProviderPurposeRegion
Stripe, Inc.Card / fiat payment processingUSA / EU
CryptomusCryptocurrency payment processingEU
Hosting providersVPN node & application hostingEU (NL, PL) + edge
Cloudflare, Inc.CDN / edge relay (Workers)Global
Email delivery (SMTP)Transactional email (receipts, password reset)EU / USA

Payment processors receive the data needed to take payment and are independent controllers of that payment data under their own privacy policies. We may disclose information if legally compelled by a valid order — but we cannot disclose activity logs we do not keep (see §1).

6. Cookies

We use only the cookies needed to run the site:

  • a session cookie to keep you logged in;
  • a locale cookie to remember your language;
  • a CSRF-protection token.

No advertising or cross-site tracking cookies are used.

7. Data retention

  • Account & device data: kept while your account is active, deleted (or anonymised) after account closure, subject to any legal retention period.
  • Payment/billing records: retained as required by tax and accounting law.
  • Live connection data: held in memory only during the connection, then gone.

8. Your rights

Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to object or lodge a complaint with a supervisory authority. To exercise any right, email privacy@privmars.com. You can also delete devices and request account deletion from your dashboard or by contacting support.

9. International transfers

Our nodes and providers operate in multiple countries. Where data moves across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

10. Security

We use encryption in transit, hashed credentials, least-privilege access, and modern VPN protocols. No system is perfectly secure, but we design to minimise the data that could ever be exposed.

11. Children

The Service is not directed to children under 16 (or the minimum age in your country), and we do not knowingly collect their data.

12. Changes

We may update this Policy. Material changes will be announced on this page and, where appropriate, by email. Continued use after the effective date means you accept the updated Policy.

13. Contact

Privacy questions: privacy@privmars.com
General support: support@privmars.com
Controller: PrivMars.

Privacy Policy Terms of Service Refund Policy Статус