Privacy Policy

At AvalonVPN, we believe everyone should be able to use the internet more privately and securely. Our Privacy Policy corresponds to this belief and describes how we handle your data. We want you to understand what information we collect, what we don’t collect, and how we collect, use, and store information.

The data controller of your personal data, as described in this Privacy Policy, is Eden Digital Labs O.Ü. (“AvalonVPN”, “AvalonVPN”, “we”, “our”, or “us”).

This Privacy Policy forms part of our Terms of Service. By visiting our Website, by submitting your personal data to us, and by accessing, installing and/or using our Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. Thus, please read it carefully. Please use our Website and Services if and only if you do agree with the Privacy Policy.

The capitalized words used in this Privacy Policy as definitions are defined here or in our Terms of Service.

Additional information on your personal data may also be indicated in contractual terms, supplemental privacy statements, or notices.

AvalonVPN does not collect your name, email address and personal information. We do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store logs of your IP address. Our guiding principle towards data collection is to only collect the minimal data required to operate a world-class VPN service at scale. We designed our systems to not have sensitive data about our customers; even when compelled we cannot provide data that we do not possess. This privacy policy will help you understand how AvalonVPN collects, uses, and stores information.

General Information

We collect three types of information:

(i) VPN connection summary statistics

AvalonVPN collects minimal information about usage In order to maintain excellent customer support and quality of service. The section below describes in detail what specific information we collect. These statistics never include anything about what the user did with the VPN: no data about the contents or destinations of VPN traffic, no DNS queries, and no IP addresses.

(ii) Apple App Store Purchase Information

We offer in-app purchases for our premium service and we keep the purchase information received from Apple for provision of our world class premium service.

(iii) In-app Analytics Data

We collect data such as which pages the user clicks on the app and the operating system of the user. 

(iv) Other

We collect our customer’s unique id, session id, user type (premium or free), the server ip that the user connects, the input & output data counting (only counting not recording - by 5 minutes interval), timestamp of data counting, connection termination cause, internal ip address of the server that the user connects, the internal ip address of the user’s  connection which is assigned by the server automatically and the user’s purchase information provided by Apple Inc.

What information is collected and why?

We do not log your browsing activity, browsing history, records of IPs assigned, original IP, sites visited, outgoing traffic, content, or data accessed. So, even if compelled, we cannot provide such data as we do not have it in the first place.

We try to minimize the collection of any data. However, we need to collect some information to provide our Service for you, improve and optimize it, deliver you relevant information, create new and better privacy services and comply with our legal obligations.

We may process the following categories of personal data:

Information for creating your account

Email address. As part of registration, we only ask for your email address. It is necessary to create your AvalonVPN account and to use our Service. We use passwordless authentication, which means that you do not need to provide us with a password to sign up and log in — your email address is enough.

Data needed to receive our paid Services

Payment data. Payments and refunds for our Service are processed by our third-party payment processing partners. The type of information processed depends on your chosen payment method (e.g., date of purchase, payer’s IP address, credit card owner’s full name, and credit card information). We may also collect information regarding your country of residence (and your state and ZIP code, if applicable) as it is necessary to calculate the applicable VAT/sales tax. To fully understand what personal data these processors collect, please refer to the respective processor’s terms and privacy policy.

We also process some of the payment data ourselves (e.g., date of purchase, credit card owner’s full name, part of your credit card number, and its expiration date) in case of recurring payments.

Subscription data. When you subscribe to our Services we process certain subscription information (e.g., your email address, the subscription plan you have chosen, subscription term, subscription ID, subscription frequency, amount, currency, status, auto-renewal status, information about enabled/disabled features, such as Shield or others.)

Information for payment fraud prevention. To prevent fraudulent payments for the Services, your personal data (such as email address and device information) is verified by the fraud management tools of our payment processing partners. If a payment transaction is considered high-risk, we may decline it.

Communication data

Email address. We use your email address for communication purposes to i) respond to your requests or inquiries, ii) send you important updates related to your use of our Service, iii) we may also send you tips, offers, and other marketing content (you can unsubscribe to the marketing content by following instructions which are included in our emails).

Customer support inquiries. We may keep the information that you provide to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but not limited to: payment information for customer verification processes, your country name, information of your OS, local application logs, etc.

Communication optimization data. We use various tools to help us optimize our emailing campaigns. These tools track actions you perform with an email, such as open it or unsubscribe from further communication. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) and its version, device ID, model in order to optimize push and email notifications.

Live chat widget. If you contact us via live chat widget, in addition to processing your contact information, we will also process your device information (such as type of the operating system and browser) and IP address. This information is necessary for our support to determine the user's country, prevent abuse, see if the user is connected to our servers, and help our support to process queries faster.

Social networks data

Account data. For the purpose of managing and administering our profiles on social networks (e.g., Facebook, Twitter, Reddit, LinkedIn, YouTube, Instagram, TikTok), we may collect and process your personal data (e.g., full name, social network profile name, pictures, and/or public comments) you provided voluntarily.

Referrals data

Information for participating in referral programs. Participation in referral programs maintained by AvalonVPN requires referrers to submit personal data (e-mail address) so that AvalonVPN could i) reach out to the referred party; ii) contact referrers with regards to their participation in referral programs and/or provision of rewards. It is the referrer's responsibility to abide by applicable privacy laws when disclosing third parties’ personal data to AvalonVPN, including informing third parties that they are providing referred parties’ personal data to 2 and how it will be used and processed. Referred parties may unsubscribe from any future communication at any time. If you believe that one of your contacts has provided us with your personal data and you would like it to be removed from our database, please contact us. 

Information collected on our Website

Access logs. For security reasons, on our Website, we collect access logs (e.g., IP address, browser type, operating system). We use them to ensure information security since they help protect us from cyber threats (such as DDoS attacks, scanning, and others).

Cookies. As standard on the internet, we use different types of cookies, pixels, and other similar technologies (collectively referred to as “cookies”), including third-party cookies on our Website. Cookies are small blocks of data placed on your device when you visit our Website. They help us collect non-personally identifiable information about the use of our Website and provide you with basic functionality.

Data collected when using our applications

In-app event information. We collect basic application usage data to help ensure the smooth functioning of our Service and improve the applications. 

The in-app events contain the following information:

General event information: event, which application sent the event, event time, and limited routing information.

Application information: name, version, and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).

Account information: active/inactive AvalonVPN subscriptions, current and past active/inactive plans, trial information.

Device information. We collect some device information on our application. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of our Services.

Device identifiers. Sometimes we may record a mobile device’s identifiers for sales attribution purposes. Identifiers are assigned to your device by the OS manufacturer. They can be reset at any time from your device’s settings. For manufacturer’s instructions, see the following policies: Apple Advertising & Privacy for iOS devices and Manage your Google Settings for Android devices.

Technical information

Statistical server load information. We monitor server performance (CPU, RAM, server net usage) to recommend the most suitable servers to our users.

Choices related to your personal data

We respect different privacy laws across jurisdictions, such as GDPR, California Consumer Privacy Act, and others. Under the applicable laws, you may have the following rights:

Access your personal information;

Ask to receive a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);

Rectify, correct, update, or complement inaccurate or incomplete personal information;

Object to the processing of your personal data which is done on the basis of our legitimate interests (e.g., for marketing purposes); or restrict the processing (when there is a legal basis for that);

Withdraw your consent for the processing of your personal information, where processing is based on a consent you have previously provided;

Request us to delete your personal data (see section Data retention and deletion);

Opt out. If you receive our communication and wish to unsubscribe from our communication, you can opt out at any time by clicking the “unsubscribe” link at the bottom of each email.

Rectification. If you would like to edit your profile information (e.g., change your email address), please contact our support team at support@avalonvpn.com.

Access/Deletion. If you wish to delete your Account, or your personal data that we process, you may do so right in the app, or request to provide you with a copy of your personal data, please contact us at support@avalonvpn.com.

Please note that you will need to pass through the Account verification process so that we can verify that you are the owner of the Account before taking further action on your request.

You can control the use of cookies at the individual browser level on your device. To disable cookies, follow your browser’s instructions on how to block or clear cookies.

If you do not agree with the processing of your personal data by AvalonVPN, please do not use our Services and Website. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data based on your email address), or finalizing other AvalonVPN legal relationship with you (e.g. record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.

To raise any other questions, concerns, or complaints about our privacy practices or about our processing of your personal data, please contact us at support@avalonvpn.com.

Country-specific provisions

Information for users from the European Economic Area (EEA) 

We are based in the EEA, though we may have third-party service providers that are based outside the EEA as well. These locations may have different data protection rules than your residence. Nonetheless, we use suitable safeguards to make sure that your personal data remains protected according to our Privacy Policy.

Notwithstanding, if you are a resident of EEA countries, you can exercise your rights as provided in the European Union’s General Data Protection Regulation (“GDPR”) and described under section Choices related to your personal data of this Privacy Policy by contacting us at support@avalonvpn.com.

Information for users from California

If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at support@avalonvpn.com. As per definitions in the CCPA, please note that AvalonVPN does not sell, share, lease, or rent your personal information. According to that, you have an additional right to once per 12 months ask us to provide you with a copy of your data handled by us. That being said, we may have third-party service providers that are based outside California as well. These locations may have different data protection rules than your residence. Nonetheless, we use suitable safeguards to make sure that your personal data remains protected according to our Privacy Policy.

For users in the Republic of Korea

As set out in Section Summary, Subsection Anonymous VPN Connection Diagnostics and Crash Reports of this Privacy Policy, we share personal data with service providers and other third parties that may be located outside the Republic of Korea. The third parties who may receive personal data which may relate to people in the Republic of Korea include those set out in the table below:

Company name	Contact details	Country	Purpose of use	Transferred personal data	Transfer date and method	Period of retention and use
AMAZON.COM SERVICES LLC, Amazon.com Sales, Inc., Amazon Europe Core S.a.r.l.	aws-EU-privacy@amazon.com	United States	Provide measurement, analytics, and other business services	User data	From time to time as contemplated in the contract	For as long as necessary to provide the services or as otherwise agreed in the service contract
RevenueCat, Inc.	compliance@revenuecat.com	United States	Provide payment processing and other business services	Financial information; User data	From time to time as contemplated in the contract	For as long as necessary to provide the services or as otherwise agreed in the service contract
GOOGLE LLC	https://support.google.com/policies/contact/general_privacy_form	United States	Provide measurement, analytics, and other business services	User data	From time to time as contemplated in the contract	For as long as necessary to provide the services or as otherwise agreed in the service contract
Apple Payments Inc.	https://www.apple.com/legal/privacy/contact/	United States	Provide payment processing and other business services	Financial information; User data	From time to time as contemplated in the contract	For as long as necessary to provide the services or as otherwise agreed in the service contract
Stripe, Inc.	privacy@stripe.com	United States	Provide payment processing and other business services	Financial information; User data	From time to time as contemplated in the contract	For as long as necessary to provide the services or as otherwise agreed in the service contract

Do Not Track (DNT)

DNT is the concept that has been promoted by regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. Currently, we do not respond to DNT signals because no DNT standard has been adopted yet.

Data retention and deletion

AvalonVPN will keep your personal data for the duration of your use of AvalonVPN and for no more than 1 year following the termination of your use, unless we are legally obligated to maintain certain personal information. Such legal obligations may arise in scenarios including, but not limited to, the following:

If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute, we will retain the necessary personal information about you until the issue is resolved;

Where we are required to retain the personal information about you for our legal, tax, audit, and accounting obligations, we will retain only the necessary personal information for the period required by applicable law; and/or,

Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

You are entitled to delete your account whenever you choose by contacting our customer support or by navigating to the Support Center in the iOS app and selecting “Delete my account”. However, please be aware that we do not provide refunds for any unused portion of the ongoing service period for deleted accounts. It is important to note that in order to proceed with your account deletion request, you may need to undergo the Account verification process to confirm that you are the account owner.

VPN Connection Summary Statistics

We ensure that we never log browsing history, traffic destination, data content, IP addresses, or DNS queries. Therefore: We do not know which user ever accessed a particular website or service. We do not know the set of original IP addresses of a user’s computer. Should anyone try to compel AvalonVPN to release user information based on any of the above, we cannot supply this information because the data don’t exist. In order to maintain excellent customer support and quality of service, AvalonVPN collects the following information related to your VPN usage:

Username and Session ID

We store a unique computer generated user id and generate session ids under this user id. This user id allows for complete anonymity while ensuring a successful connection.

User Type & Connection

We store the user type for provision of a premium service for our users. We collect information about whether you have successfully established a VPN, to which VPN location and server IP (but not your assigned outgoing IP address). This minimal information assists us in providing technical support, such as identifying connection problems and to enable AvalonVPN engineers to identify and fix network issues. Input and output of data transferred (in MB) is recorded in 5 minute intervals with timestamps. We collect information regarding the total sum of data transfer you consume. Although we provide unlimited data transfer, if we notice that a single user pushes more traffic than thousands of users combined, thereby affecting the quality of service for other AvalonVPN users, we may terminate membership. Also, internal IP address of the VPN server that you connect is logged for technical support purposes.

Summary

We collect minimal usage statistics to maintain our quality of service. We may know, for example, that our customer had connected to our London VPN location on Tuesday and had transferred an aggregate of 823 MB of data across a 24-hour period. Our customer can’t be uniquely identified as responsible for any specific behavior because his usage pattern overlaps with thousands of other AvalonVPN customers who also connected to the same location on the same day. We’ve engineered our systems to categorically eliminate storage of sensitive data. We may know THAT a customer has used AvalonVPN, but we never know HOW they have utilized our service. We stand by our firm commitment to our customers’ privacy by not possessing any data related to a user’s online activities.

Anonymous VPN Connection Diagnostics and Crash Reports

We collect anonymized analytics data used for network diagnostics upon installation of the app. We use these data in our network operations tools to help optimize network speeds and to let us identify problems related to specific apps, VPN servers, or ISPs. The information we receive is fully anonymized and cannot be tied back to individual AvalonVPN users (i.e. we don’t store which user sent which data, and do not store IP addresses). If you opt in to share this information with AvalonVPN, we will collect the following information: Diagnostic information about how a VPN connection attempt failed. Speed test data Crash reports, also without any personally identifiable information. Depending on your platform, these are sent to these third parties: iOS: Crashlytics (owned by Google). See Crashlytics’s Privacy Policy. iOS: Apple. See Apple’s Privacy Policy. iOS shares these data by default. You can disable that in iOS settings. iOS: Firebase. See Firebase’s Terms of Service. iOS: RevenueCat (provided by RevenueCat, Inc.). See RevenueCat’s Privacy Policy.

Jurisdiction and Applicable Law

AvalonVPN’s core mission is to keep your information private. In service of this mission, AvalonVPN’s headquarters and registered place of business is in the The Republic of Estonia (Estonia), which has stricter laws concerning information disclosure than most countries. Should we receive a valid legal order from the Estonia High Court, it is important to note that AvalonVPN does not collect any IP addresses, browsing history, traffic data, or DNS queries that could be used to identify any specific user.

Storing of Information Related to Email, Live Chat, and Feedback Forms

AvalonVPN keeps records of any correspondence, questions, complaints, or compliments you submit to us through our Site or Services, along with our response. Depending on how you contact AvalonVPN, we may collect your email address and any additional information you provide to us. Having full correspondence records enables our staff to provide the best possible customer support experience. We use a third-party platform for support correspondence: Intercom for emails, support tickets and live chat. When you correspond with us using these platforms, your correspondence records, including your name and email address, are stored in their systems. Both platforms utilize modern security practices and HTTPS encryption.

Security

Measures to Protect Your Information

AvalonVPN uses best-in-class physical, procedural, and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of information. Access to user information is restricted to staff who require such access to perform their job functions. While we believe these systems are robust, it is important to understand that no data security measures in the world can offer 100% protection. Servers are housed in data centers with strong security practices. None of these data centers require us to collect or store any traffic data or personal information related to your use of VPN Services.

Cookies

As standard on the internet, we may use different types of cookies, pixels, and other similar technologies (collectively referred to as “cookies”), including third-party cookies on our Website. Cookies are small blocks of data placed on your device when you visit our Website. They help us collect non-personally identifiable information about the use of our Website and provide you with basic functionality.

Consent and Age Restrictions

By using the Site, Content, Apps, Software, or Services, you agree to have your information handled as described in our Terms of Service and Privacy Policy. The Services are intended for adults aged 18 and above. If you believe your child has provided information to us, please let us know immediately. Changes to the Privacy Policy We may change our Privacy Policy from time to time, without prior notice to you, consistent with applicable privacy laws and principles. Your continued use of the Site or Services constitutes your acceptance of our Privacy Policy.

You will be personally liable if your use of the Services and Website violates any third-party privacy or any other rights or any applicable laws. Under no circumstances is AvalonVPN liable for the consequences of your unlawful, willful and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen

How to Contact AvalonVPN

If you have any questions regarding our Privacy Policy and how we handle your information, please feel free to contact AvalonVPN via the live support section in the app.