We are built to protect privacy. Internally, we know exactly what that means; we use privacy as a filter for decision-making. If a choice needs to be made between a practice that deepens user privacy and another that reduces but accelerates our growth, then we will always take the slower, more private option.
We recognise how important it is for our customers to fully understand the implications of our privacy. This policy provides you with an overview.
What we call "no logs"
What information we collect, how we store it and how we use it
What happens if we are subpoenaed, receive a court order or a DMCA copyright infringement notice.
How we handle information relating to accounts that have been cancelled or are dormant
How we handle subject access requests
We have tried to make this policy easy to understand so that you can get the facts you need quickly.
As a privacy service, we consider it essential to collect the minimum amount of information necessary to operate our services. We need at least one email address so that we can notify you in case of an emergency.
This means that we can contact you in the event of any account problems, network downtime, etc.
We do not log any data relating to a user's VPN activity (when connecting or connecting to a VPN).
No traffic log
No connection timestamps or connection durations
No DNS request logging
No logging of user bandwidth
No logging of client IP addresses
No logging of any account activity other than active total concurrent connections (described below)
| ID | Created at | Max devices |
|---|---|---|
| xxx | 2020-09-21 05:03:13 | 5 |
When you add time to your account, the following information is stored.
| Payment ID | Account ID | Amount | Currency | Timestamp | Transaction ID |
|---|---|---|---|---|---|
| xxx | xxx | 100 | USD | 2020-1-2 14:01:00 | xxx |
Some payment information may be related to your account, for example, if PayPal is used a PayPal transaction ID will be associated with your account, as well as a subscription ID to set up a PayPal subscription. If payment is made using our BTCPay server, then the BTCPay transaction ID will be associated with your account (note that we operate our own BTCPay server). For credit card payments, we use Braintree as our payment processor, and store a Braintree transaction ID against your account. If you elect to enable auto-renew for card payments, a subscription ID will also be stored.
This is the data we store for a credit card payment:
| Payment ID | Account ID | Amount | Currency | Timestamp |
|---|---|---|---|---|
| xxx | xxx | 100 | USD | 2020-1-2 14:01:00 |
In order to process your payment, Braintree and PayPal will request additional information. Braintree requires collection of your card details to process your payment, and PayPal will require name, email and address information to create a new PayPal account as well as agreement to their terms of service. These additional data points are not stored by Hotspot VPN, though Braintree and PayPal are required to retain them for many years. No third-party payment provider has access to your Hotspot VPN account ID.
In short, where we can offer anonymous payment methods we will, and we collect as little information as possible to process them. However, centralised or third-party payment systems and their data processing and storage are out of our control.
Please select cash or cryptocurrency payments should this be of concern.
To be able to process refunds for our 7-day money-back guarantee and resolve other payment issues, as well as to enable auto-renewal of subscription.
If you have been referred to the site by someone else, we will record the referrer's ID.
We do not record any information other than this.
Hotspot VPN is registered in USA, and as such the GDPR regulatory body is the USA Regulatory Authority.
The company is incorporated in USA. If a court order is received from a recognised legal authority with jurisdiction over Hotspot VPN, then the company will comply with that order. However, the company cannot be compelled to hand over information which it does not have. When a customer signs up, we request no personal information. If it ever becomes required by law for us to keep a persistent log of our customers connections or any personal data relating to their network activity, we will immediately notify our customers and do everything in our power to move jurisdictions or close the service to protect those who entrust their privacy to us.
Hotspot VPN is committed to keeping its customers informed of any serious legislative threats to our service. If the laws in our jurisdiction change in way that prevents us from upholding our privacy policy, we will always inform our customers before those laws are enacted. We will also allow customers to cancel their subscription and will refund any fees that cover the remainder of their subscription period.
By default, if one of our mobile apps crashes while you’re using it, anonymized data about the crash will be collected on the device to help us identify the cause of the crash and hopefully fix it in a future update. These “crash logs” contain information such as the state of the app, operating system, and device at the time of the crash, but no personally identifiable information.
Crash logs for our desktop apps are only sent when the user manually confirms the action. For our mobile apps, you can opt-out of crash log reporting by disabling it in user preferences.
Crash logs are sent to a server hosted and managed by Hotspot VPN and no third-party vendors or cloud services.
Hotspot VPN Android and iOS apps may request certain permissions that allow it to access the user’s device data as described below.
These permissions must be granted by the user before the respective information can be accessed. Once the permission has been given, it can be revoked by the user at any time in device settings.
Please note that revoking of such permissions might impact the proper functioning of the app.
Android App
Permission to save VPN profile
Connect VPN function
Device ID Credentials to use the app, login and basic functionality requirements
Email Registered account use, used as login credentials only
Crash information Used as firebase crash analysis
App list This information is not stored and is only used when using the sub-app proxy function
iOS App
Permission to save VPN profile
Connect VPN function
Device ID Credentials to use the app, login and basic functionality requirements
Email Registered account use, used as login credentials only
Crash information Used as firebase crash analysis
Hotspot VPN reserves the right to change this privacy policy at any time. In such cases, we will take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the Hotspot VPN website for a reasonable period of time, before the new policy becomes effective as well as emailing our existing customers.
If you have any questions or comments regarding this policy, please do not hesitate to contact us.