Data Privacy Policy

Last updated: March 29, 2026

1. Data We Collect

Account Data (Permanent)

  • Email address – For account access, support, and service updates
  • Payment information – Processed securely by Stripe (we don't store credit card details)
  • Subscription status – To manage your service access and billing

Connection Metadata (Temporary - 24-48 hours)

To prevent fraud and enforce our 3-device limit, we temporarily collect:

  • Your IP address – To identify devices and detect unauthorized sharing
  • Connection timestamps – To enforce simultaneous connection limits
  • Approximate location (city/country) – To detect password theft
  • Anonymous session identifier – A random code like "NAUIZ_1" (not your real identity)

⏱️ Automatically deleted after 24-48 hours via log rotation.

What We DO NOT Collect

  • ❌ Websites you visit or browsing history
  • ❌ Traffic content (downloads, uploads, messages)
  • ❌ DNS queries or search history
  • ❌ Long-term connection records

Your browsing activity is completely private and never logged.

2. How We Use Your Data

Service Provision

  • Authenticate your account and manage subscriptions
  • Process payments securely through Stripe
  • Provide customer support

Security & Fraud Prevention

  • Enforce the 3-device simultaneous connection limit
  • Detect and prevent password theft (e.g., account used in France and China at the same time)
  • Identify unauthorized account sharing

Legal Basis (GDPR)

  • Contract performance (Article 6(1)(b)) – To provide the VPN service you paid for
  • Legitimate interest (Article 6(1)(f)) – To prevent fraud and abuse

We do not sell, rent, or share your data with third parties for marketing purposes.

3. Data Retention

  • Connection logs: Automatically deleted after 24-48 hours
  • Account data: Retained while your account is active
  • Payment records: Retained for 7 years (legal/tax requirement)
  • Deleted accounts: All data permanently deleted within 30 days of account deletion

4. Your Rights (GDPR)

Under EU data protection law, you have the right to:

  • Access – Request a copy of your personal data
  • Rectification – Correct inaccurate information
  • Deletion – Request deletion of your account and data ("right to be forgotten")
  • Data portability – Receive your data in a machine-readable format
  • Object – Object to data processing (may limit service functionality)
  • Withdraw consent – Cancel your account at any time

To exercise these rights, contact us at support@vulcainvpn.com

We will respond within 30 days as required by GDPR.

5. Data Security

  • All VPN connections are encrypted using industry-standard protocols
  • Connection logs stored on secure servers with restricted access
  • Automatic log deletion prevents long-term data accumulation
  • Payment processing handled by PCI-DSS compliant Stripe

6. International Data Transfers

Our VPN servers are located in France. If you're connecting from outside the EU, your connection metadata may be processed on EU servers under GDPR protection.

We do not transfer your data to countries with inadequate data protection laws.

7. Changes to This Policy

We may update this policy to reflect service improvements or legal requirements. Material changes will be communicated via email at least 30 days in advance.

Continued use of the service after policy updates constitutes acceptance.

Last updated: March 29, 2026

8. Contact & Complaints

Privacy inquiries: support@vulcainvpn.com

General support: support@vulcainvpn.com

If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France).

9. Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete it immediately.