Our commitment to transparency resulted in a lengthy document. However, we tried to make it more readable by providing short summaries of each section of the Policy in plain language.
Additional information on your personal data may also be indicated in contractual terms, supplemental privacy statements, or notices.
1. What information is collected and why?
Summary: We provide no-logs VPN, meaning we do not monitor, collect or log information about applications, services, or websites you visit while using Atlas VPN.
We do not log your browsing activity, browsing history, records of IPs assigned, original IP, sites visited, outgoing traffic, content, or data accessed. So, even if compelled, we cannot provide such data as we do not have it in the first place.
We try to minimize the collection of any data. However, we need to collect some information to provide our Service for you, improve and optimize it, deliver you relevant information, create new and better privacy services and comply with our legal obligations.
We may process the following categories of personal data:
1.1. Information for creating your account
Email address. As part of registration, we only ask for your email address. It is necessary to create your Atlas VPN account and to use our Service. We use passwordless authentication, which means that you do not need to provide us with a password to sign up and log in — your email address is enough.
1.2. Data needed to receive our paid Services
We also process some of the payment data ourselves (e.g., date of purchase, credit card owner’s full name, part of your credit card number, and its expiration date) in case of recurring payments.
Information for payment fraud prevention. To prevent fraudulent payments for the Services, your personal data (such as email address) is verified by the fraud management tools of our payment processing partners. If a payment transaction is considered high risk, we may decline it.
1.3. Communication data
Email address. We use your email address for communication purposes to i) respond to your requests or inquiries, ii) send you important updates related to your use of our Service, iii) we may also send you tips, offers, and other marketing content (you can unsubscribe to the marketing content by following instructions which are included in our emails).
Chatbot. If a user contacts us through a live chat on our Website, we are able to see the user’s IP address. This information is necessary to determine if the user is connected to our servers so that we can help solve related issues.
1.4. Social networks data
Account data. When you interact with us on our social media channels (e.g., Facebook, Twitter, Reddit, LinkedIn, YouTube, Instagram, TikTok, etc.), we will process your social media profile information, post information, and other information you voluntarily provided.
1.5. Information collected on our Website
Access logs. For security reasons, on our Website, we collect access logs (e.g., IP address, browser type, operating system). We use them to ensure information security since they help protect us from cyber threats (such as DDoS attacks, scanning, and others).
1.6. Data collected when using our applications
In-app event information. We collect basic application usage data to help ensure the smooth functioning of our Service and improve the applications.
The in-app events contain the following information:
i. General event information: event, which application sent the event, event time, and limited routing information.
ii. Application information: name, version, and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).
iii. Account information: active/inactive Atlas VPN subscriptions, current, and past active/inactive plans, trial information.
Device information. We collect some device information on our application. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of our Services.
Device identifiers. Sometimes we may record a mobile device’s identifiers for sales attribution purposes. Identifiers are assigned to your device by the OS manufacturer. They can be reset at any time from your device’s settings. For manufacturer’s instructions, see the following policies: Apple Advertising & Privacy for iOS devices and Manage your Google Settings for Android devices.
1.7. Technical information
Statistical server load information. We monitor server performance (CPU, RAM, servers net usage) to recommend the most suitable servers to our users.
2. Data processed when using certain Atlas VPN features
Summary: As an optional part of the service, we provide advanced privacy and security features. If you use any of these features, we may process additional information as described below.
Data Breach Monitor. To enable the Data Breach Monitor feature, you are asked to enter an email address you want to monitor for breaches. When using the feature, your hashed email address is shared with our third-party service provider to check for details associated with the email in known leaked credential databases. A third-party service provider does not use your email address for any other purposes than helping you monitor data breaches where your email address appeared.
SafeBrowse. When enabled, the SafeBrowse feature blocks third-party trackers, ads, and malicious websites by matching domain names against a database of already known items. We only process the domain name and its status.
3. Ground for processing of personal data
Summary: If you have any questions about the processing of your data, please contact us at [email protected].
Your personal data is processed:
- Where it is necessary to fulfill our contract with you at your request. Such cases include: i) to provide access to our Services; ii) to process your purchase transactions; iii) to ensure the secure, reliable, and robust performance of our Services and Website.
- When we have a legal obligation to process certain personal data collected from you (e.g., to keep and process records for tax purposes and accounting).
- Where you have provided your consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact you without your prior consent); ii) to communicate with you and manage your participation in our contests, offers, referrals, or promotions. Please note that although Atlas VPN may also process your personal data for marketing purposes when applicable law permits us to contact you without your separate consent, if you choose not to receive marketing communication from us (i.e., if you opt-out), we will honor your request.
- We sometimes may process your personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with you; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services and Website; iii) to protect against harm to the rights, property, and safety of Atlas VPN, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Website and application is being used.
4. How does our Service interact with third parties?
Summary: Sometimes, we need help with certain operations like payments and support, and for those, we use third-party services.
We select our third-party providers with great care, and the disclosure of your data is limited to only what is needed so that they can perform their functions. Please note: we do not sell or trade your personal data.
Service providers. We use third-party service providers to help us manage our day-to-day operations, such as customer support, payment processing, marketing, diagnostics and analytics, and others. As a result, some of these service providers may process personal data.
Here is the list of our main trusted third-party providers. The list is inclusive but not exhausting and is subject to change. We add third parties to the list only when we decide to have long-term relations with them:
- Live chat and support service platform: Zendesk (provided by Zendesk Inc.)
- Marketing, application analytics, and diagnostics: Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.), Iterable (provided by Iterable Inc.), Sendgrid (provided by Twilio Inc.)
- Conversion attribution system: Hasoffers (provided by Tune Inc.)
- Payments processing: RevenueCat (provided by RevenueCat, Inc.), PayPal (provided by PayPal, Inc.), Google Pay (provided by Google), CoinPayments (provided by CoinPayments Inc. and UAB Star Ventures), PaymentWall (provided by Paymentwall Inc.), and Apple Pay (provided by Apple Payments Inc.), Amazon Payments (provided by Amazon Payments, Inc.), Stripe (provided by Stripe, Inc.)
Protection of our rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Terms of Service.
Requests for data. If Atlas VPN is ever served with valid data requests by law enforcement or courts and applicable law requires us to comply, we have very little data to share because of our no-logs policy (if we are ever asked to do so, the information will reflect in our Warrant Canary page.) We do not collect users’ browsing history or traffic data that could be linked back to a specific user.
5. How do we secure your information?
Summary: Even though there are no guarantees in the ever-evolving security and privacy landscape, we put great efforts into safeguarding your data.
We take the privacy of your data very seriously. Therefore, we enforce various appropriate technical, physical, and organizational security measures for the protection of your personal data.
We use layered defense with firewalls, hashed passwords, and hardened servers. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices. Our infrastructure is regularly updated. We also completed several independent security audits conducted by VerSprite and MDSec.
We adopted information security and data processing policies according to best practices. We adopted a constant development culture of security and data protection awareness among our employees (including organizing regular and ongoing training and other awareness activities). We analyze the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.
If we detect something suspicious, we will notify you immediately and guide you through steps to stay better protected. Nonetheless, you should be aware that no security is 100% foolproof. By using our Website and Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Website and Services and that any general information, other data, or information received from you through our Website or our Services is provided at your own responsibility.
6. Choices related to your personal data
Summary: If you would like to edit your information, delete it, or implement any other of your rights relating to the use of your personal information, email us at [email protected].
We respect different privacy laws across jurisdictions, such as GDPR, California Consumer Privacy Act, and others. Under the applicable laws, you may have the following rights:
- Access your personal information;
- Ask to receive a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);
- Rectify, correct, update, or complement inaccurate or incomplete personal information;
- Object to the processing of your personal data which is done on the basis of our legitimate interests (e.g., for marketing purposes); or restrict the processing (when there is a legal basis for that);
- Withdraw your consent for the processing of your personal information, where processing is based on a consent you have previously provided;
- Request us to delete your personal data (see section 6.2. Data retention and deletion);
- You also have the right to contact the applicable authorities regarding our processing of your personal data. However, we believe that together we could solve any issues that may arise, so we would be very grateful if you contact us at [email protected] first.
Opt-out. If you receive our communication and wish to unsubscribe from our communication, you can opt out at any time by clicking the “unsubscribe” link at the bottom of each email or contacting us at [email protected].
If you do not agree with the processing of your personal data by Atlas VPN, please do not use our Services and Website. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data based on your email address), or finalizing other Atlas VPN legal relationship with you (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.
To raise any other questions, concerns, or complaints about our privacy practices or about our processing of your personal data, please contact us at [email protected].
6.1. Country-specific provisions
Information for users from California. If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at [email protected]. As per definitions in the CCPA, please note that Atlas VPN does not sell, share, lease, or rent your personal information. According to that, you have an additional right to once per 12 months ask us to provide you with a copy of your data handled by us.
Do Not Track (DNT). DNT is the concept that has been promoted by regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites. Currently, we do not respond to DNT signals because no DNT standard has been adopted yet.
6.2. Data retention and deletion
Atlas VPN will keep your personal data only as long as necessary to provide you with the Services, or for as long as we have another legitimate ground to do so, but not longer than permitted or required by law.
Should you wish to have your personal data deleted, please email us at [email protected], and we will, as far as legally possible, comply with your request.
8. Other terms
Summary: Some important final notes.
Limitation of Liability. To ensure the security of personal data, Atlas VPN employs various technical, physical, and organizational security measures; however, it is your responsibility to exercise caution and reason when using the Services and Website. You will be personally liable if your use of the Services and Website violates any third party privacy or any other rights or any applicable laws. Under no circumstances is Atlas VPN liable for the consequences of your unlawful, willful and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Terms of Service for more information).
Children’s data. Atlas VPN does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Atlas VPN. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.