Our commitment to transparency resulted in a lengthy document. However, we tried to make it more readable by providing short summaries of each section of the Policy in plain language.
Additional information on your personal data may also be indicated in contractual terms, supplemental privacy statements, or notices.
1. What information is collected and why?
Summary: We provide no-logs VPN, meaning we do not monitor, collect or log information about applications, services, or websites you visit while using Atlas VPN.
We do not log your browsing activity, browsing history, records of IPs assigned, original IP, sites visited, outgoing traffic, content, or data accessed. So, even if compelled, we cannot provide such data as we do not have it in the first place.
We try to minimize the collection of any data. However, we need to collect some information to provide our Service for you, improve and optimize it, deliver you relevant information, create new and better privacy services and comply with our legal obligations.
We may process the following categories of personal data:
1.1. Information for creating your account
Email address. As part of registration, we only ask for your email address. It is necessary to create your Atlas VPN account and to use our Service. We use passwordless authentication, which means that you do not need to provide us with a password to sign up and log in — your email address is enough.
1.2. Data needed to receive our paid Services
We also process some of the payment data ourselves (e.g., date of purchase, credit card owner’s full name, part of your credit card number, and its expiration date) in case of recurring payments.
Subscription data. When you subscribe to our Services we process certain subscription information (e.g., your email address, the subscription plan you have chosen, subscription term, subscription ID, subscription frequency, amount, currency, status, auto-renewal status, information about enabled/disabled features, such as SafeBrowse (also named Shield) or others.)
Information for payment fraud prevention. To prevent fraudulent payments for the Services, your personal data (such as email address and device information) is verified by the fraud management tools of our payment processing partners. If a payment transaction is considered high-risk, we may decline it.
1.3. Communication data
Email address. We use your email address for communication purposes to i) respond to your requests or inquiries, ii) send you important updates related to your use of our Service, iii) we may also send you tips, offers, and other marketing content (you can unsubscribe to the marketing content by following instructions which are included in our emails).
Customer support inquiries. We may keep the information that you provide to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but not limited to: payment information for customer verification processes, your country name, information of your OS, local application logs, etc.
Communication optimization data. We use various tools to help us optimize our emailing campaigns. These tools track actions you perform with an email, such as open it or unsubscribe from further communication. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) and its version, device ID, model in order to optimize push and email notifications.
Live chat widget. If you contact us via live chat widget, in addition to processing your contact information, we will also process your device information (such as type of the operating system and browser) and IP address. This information is necessary for our support to determine the user's country, prevent abuse, see if the user is connected to our servers, and help our support to process queries faster.
1.4. Social networks data
Account data. For the purpose of managing and administering our profiles on social networks (e.g., Facebook, Twitter, Reddit, LinkedIn, YouTube, Instagram, TikTok), we may collect and process your personal data (e.g., full name, social network profile name, pictures, and/or public comments) you provided voluntarily.
1.5. Referrals data
Information for participating in referral programs. Participation in referral programs maintained by Atlas VPN requires referrers to submit personal data (e-mail address) so that Atlas VPN could i) reach out to the referred party; ii) contact referrers with regards to their participation in referral programs and/or provision of rewards. It is the referrer's responsibility to abide by applicable privacy laws when disclosing third parties’ personal data to Atlas VPN, including informing third parties that they are providing referred parties’ personal data to 2 and how it will be used and processed. Referred parties may unsubscribe from any future communication at any time. If you believe that one of your contacts has provided us with your personal data and you would like it to be removed from our database, please contact us.
1.6 Promotional games data
1.7. Information collected on our Website
Access logs. For security reasons, on our Website, we collect access logs (e.g., IP address, browser type, operating system). We use them to ensure information security since they help protect us from cyber threats (such as DDoS attacks, scanning, and others).
Cookies. As standard on the internet, we use different types of cookies, pixels, and other similar technologies (collectively referred to as “cookies”), including third-party cookies on our Website. Cookies are small blocks of data placed on your device when you visit our Website. They help us collect non-personally identifiable information about the use of our Website and provide you with basic functionality. You can check what cookies we use in our.
1.8. Data collected when using our applications
In-app event information. We collect basic application usage data to help ensure the smooth functioning of our Service and improve the applications.
The in-app events contain the following information:
1.8.1. General event information: event, which application sent the event, event time, and limited routing information.
1.8.2. Application information: name, version, and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).
1.8.3. Account information: active/inactive Atlas VPN subscriptions, current and past active/inactive plans, trial information.
Device information. We collect some device information on our application. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of our Services.
Device identifiers. Sometimes we may record a mobile device’s identifiers for sales attribution purposes. Identifiers are assigned to your device by the OS manufacturer. They can be reset at any time from your device’s settings. For manufacturer’s instructions, see the following policies:for iOS devices and for Android devices.
1.9. Technical information
Statistical server load information. We monitor server performance (CPU, RAM, server net usage) to recommend the most suitable servers to our users.
2. Data processed when using Atlas VPN+ features
Summary: As an optional part of the service, we provide advanced privacy and security features. If you use any of these features, we may process additional information as described below.
Data Breach Monitor. To enable the Data Breach Monitor feature, you are asked to enter an email address you want to monitor for breaches. When using the feature, your hashed email address is shared with our third-party service provider to check for details associated with the email in known leaked credential databases. A third-party service provider does not use your email address for any other purposes than helping you monitor data breaches where your email address appeared.
SafeBrowse (Shield). When enabled, the SafeBrowse (Shield) feature blocks third-party trackers, ads, and malicious websites by matching domain names against a database of already known items. We only process the domain name and its status.
3. Ground for processing of personal data
Summary: If you have any questions about the processing of your data, please contact us at.
Your personal data is processed:
- Where it is necessary to fulfill our contract with you at your request. Such cases include: i) to provide access to our Services; ii) to process your purchase transactions; iii) to ensure the secure, reliable, and robust performance of our Services and Website.
- When we have a legal obligation to process certain personal data collected from you (e.g., to keep and process records for tax purposes and accounting).
- Where you have provided your consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact you without your prior consent); ii) to communicate with you and manage your participation in our contests, offers, referrals, or promotions. Please note that although Atlas VPN may also process your personal data for marketing purposes when applicable law permits us to contact you without your separate consent, if you choose not to receive marketing communication from us (i.e., if you opt-out), we will honor your request.
- We sometimes may process your personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with you; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services and Website; iii) to protect against harm to the rights, property, and safety of Atlas VPN, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Website and application is being used (crash reports, app store reviews, information about the channel from which our app was downloaded, etc.).
4. How does our Service interact with third parties?
Summary: Sometimes, we need help with certain operations like payments and support, and for those, we use third-party services.
We select our third-party providers with great care, and the disclosure of your data is limited to only what is needed so that they can perform their functions. Please note: we do not sell or trade your personal data.
Service providers. We use third-party service providers to help us manage our day-to-day operations, such as customer support, payment processing, marketing, diagnostics and analytics, and others. As a result, some of these service providers may process personal data.
Here is the list of our main trusted third-party providers. The list is inclusive but not exhausting and is subject to change. We add third parties to the list only when we decide to have long-term relations with them:
- Live chat and support service: Zendesk (provided by Zendesk Inc.)
- Marketing, application analytics, and diagnostics: Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.), Iterable (provided by Iterable Inc.), Sendgrid (provided by Twilio Inc.)
- Conversion attribution system: Hasoffers (provided by Tune Inc.)
- Payments processing: RevenueCat (provided by RevenueCat, Inc.), PayPal (provided by PayPal, Inc.), Google Pay (provided by Google), CoinPayments (provided by CoinPayments Inc. and UAB Star Ventures), PaymentWall (provided by Paymentwall Inc.), and Apple Pay (provided by Apple Payments Inc.), Amazon Payments (provided by Amazon Payments, Inc.), Stripe (provided by Stripe, Inc.)
Protection of our rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Terms of Service.
Atlas VPN partners. Sometimes our partners, for example, distributors, resellers, and app store partners, will be independent data controllers of your personal data. In such cases, the procedures established by them (e.g., terms of service and privacy policies) will apply to such relationships. In other cases we may collaborate with partners as joint controllers meaning that we jointly define the purpose and means of data processing with them. Both joint controllers are then responsible for the data processing and its compliance with applicable privacy laws.
We also partner with third parties to display advertising on our Websites or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to you, which may include behavioral, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand your preferences so that we can deliver advertisements that are more relevant to you.
Your personal data may be processed in any country in which we engage service providers and partners. When you use our Services and Websites, you understand and acknowledge that your personal data may be transferred outside of the country where you reside.
5. How do we secure your information?
Summary: Even though there are no guarantees in the ever-evolving security and privacy landscape, we put great efforts into safeguarding your data.
We take the privacy of your data very seriously. Therefore, we enforce various appropriate technical, physical, and organizational security measures for the protection of your personal data.
Technical measures. We use layered defense with firewalls, hashed passwords, and hardened servers. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices. Our infrastructure is regularly updated. We also completed several independent security audits conducted by VerSprite and MDSec.
Organizational measures. We adopted a constant development culture of security and data protection awareness among our employees (including organizing regular and ongoing training and other awareness activities). We analyze the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.
Physical measures. We control access to our facilities with access cards. We also use security alarm systems and CCTV. We store devices with personal data information only in locked rooms or cabinets. Our printers are protected by access control measures. A clean desk policy is implemented.
If we detect something suspicious, we will notify you immediately and guide you through steps to stay better protected. Nonetheless, you should be aware that no security is 100% foolproof. By using our Website and Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Website and Services and that any general information, other data, or information received from you through our Website or our Services is provided at your own responsibility.
6. Choices related to your personal data
Summary: If you would like to edit your information, delete it, or implement any other of your rights relating to the use of your personal information, email us at.
We respect different privacy laws across jurisdictions, such as GDPR, California Consumer Privacy Act, and others. Under the applicable laws, you may have the following rights:
- Access your personal information;
- Ask to receive a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);
- Rectify, correct, update, or complement inaccurate or incomplete personal information;
- Object to the processing of your personal data which is done on the basis of our legitimate interests (e.g., for marketing purposes); or restrict the processing (when there is a legal basis for that);
- Withdraw your consent for the processing of your personal information, where processing is based on a consent you have previously provided;
- Request us to delete your personal data (see section 6.2. Data retention and deletion);
- You also have the right to contact the applicable authorities regarding our processing of your personal data. However, we believe that together we could solve any issues that may arise, so we would be very grateful if you contact us at first.
Opt out. If you receive our communication and wish to unsubscribe from our communication, you can opt out at any time by clicking the “unsubscribe” link at the bottom of each email or contacting us at.
Rectification. If you would like to edit your profile information (e.g., change your email address), please contact our support team at.
Access/Deletion. If you wish to delete your Account or your personal data that we process, or request to provide you with a copy of your personal data, please contact us at
Please note that you will need to pass through the Account verification process so that we can verify that you are the owner of the Account before taking further action on your request.
If you do not agree with the processing of your personal data by Atlas VPN, please do not use our Services and Website. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data based on your email address), or finalizing other Atlas VPN legal relationship with you (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.
To raise any other questions, concerns, or complaints about our privacy practices or about our processing of your personal data, please contact us at.
6.1. Country-specific provisions
Information for users from California. If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at. As per definitions in the CCPA, please note that Atlas VPN does not sell, share, lease, or rent your personal information. According to that, you have an additional right to once per 12 months ask us to provide you with a copy of your data handled by us.
|Company name||Contact details||Country||Purpose of use||Transferred personal data||Transfer date and method||Period of retention and use|
|AMAZON.COM SERVICES LLC, Amazon.com Sales, Inc., Amazon Europe Core S.a.r.l.||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|APPSFLYER LTD||United States, Israel||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|ATLASSIAN PTY LTD||United States||Provide, personalize, and improve our Service||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Functional Software, Inc.||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Cloudflare Inc.||United States, EEA||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Twilio Inc.||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|RevenueCat, Inc.||United States||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|PayPal, Inc.||United States||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|GOOGLE LLC||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Iterable Inc.||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|CoinPayments Inc. and UAB Star Ventures||Lithuania||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Tune Inc.||United States||Provide measurement, analytics, and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Paymentwall Inc.||United States||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|ZENDESK INC||United States||Provide support and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Apple Payments Inc.||United States||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|Stripe, Inc.||United States||Provide payment processing and other business services||Financial information; User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
|UAB Cybercare||European Union||Provide support and other business services||User data||From time to time as contemplated in the contract||For as long as necessary to provide the services or as otherwise agreed in the service contract|
Do Not Track (DNT). DNT is the concept that has been promoted by regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. Currently, we do not respond to DNT signals because no DNT standard has been adopted yet.
6.2. Data retention and deletion
Atlas VPN will keep your personal data for the duration of your use of Atlas VPN and for no more than 1 year following the termination of your use, unless we are legally obligated to maintain certain personal information. Such legal obligations may arise in scenarios including, but not limited to, the following:
- If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute, we will retain the necessary personal information about you until the issue is resolved;
- Where we are required to retain the personal information about you for our legal, tax, audit, and accounting obligations, we will retain only the necessary personal information for the period required by applicable law; and/or,
- Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
You are entitled to delete your account whenever you choose by contacting our customer support or by navigating to the Support Center in the iOS app and selecting “Delete my account”. However, please be aware that we do not provide refunds for any unused portion of the ongoing service period for deleted accounts. It is important to note that in order to proceed with your account deletion request, you may need to undergo the Account verification process to confirm that you are the account owner.
Should you wish to have your personal data deleted, please email us at, and we will, as far as legally possible, comply with your request.
8. Other terms
Summary: Some important final notes.
Limitation of Liability. To ensure the security of personal data, Atlas VPN employs various technical, physical, and organizational security measures; however, it is your responsibility to exercise caution and reason when using the Services and Website. You will be personally liable if your use of the Services and Website violates any third-party privacy or any other rights or any applicable laws. Under no circumstances is Atlas VPN liable for the consequences of your unlawful, willful and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Terms of Service for more information).
Children’s data. Atlas VPN does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Atlas VPN. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.