Your IP: 0.0.0.0
ISP: ISP
Your Status: Unprotected
FeaturesServersWhat is VPN?BlogPricing
VPN Apps
FeaturesServersWhat is VPN?BlogPricing
VPN Apps
VPN AppsAndroidWindowsMacOSChromeFirefoxEdge
Get BlufVPN
Log in

PRIVACY POLICY

Last Updated 08/12/2021
Page Contents
1. SCOPE OF THIS PRIVACY POLICY
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
3. HOW WE USE PERSONAL DATA
4. WHEN AND WHY WE SHARE PERSONAL DATA
5. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
6. WHERE AND HOW WE STORE AND TRANSFER PERSONAL DATA
7. HOW LONG WE STORE PERSONAL DATA
8. COPPA
9. CHANGES TO THIS PRIVACY POLICY
10. BLUFPASS

1. SCOPE OF THIS PRIVACY POLICY

This privacy policy statement (“Privacy Policy”) describes how BlufVPN OÜ. and our affiliates (“BlufVPN,” “we,” “us,” or “our”) obtain, use, store, change, disclose, and delete our users’ (“you,” or “your”) personal data as it relates to BlufVPN’s Services and BlufVPN’s marketing practices. This Privacy Policy is a part of and is incorporated into the BlufVPN OÜ. End User Agreement between BlufVPN and you. We ask that you read this Privacy Policy carefully as it contains important information on how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us in the event you have a privacy concern or complaint.

For the purposes of this Privacy Policy, the term “personal data” means any information relating to an identified or identifiable natural person. The term “personal data” does not include any information that has been anonymized, such that the natural person to which such information relates is not identifiable.

For the purposes of this Privacy Policy, the term “Services” means all of BlufVPN’s websites, mobile and other applications, products, services, software, and accompanying documentation, including VPN Services. The term “VPN Services” means all of BlufVPN’s Virtual Private Network (VPN) Services.

BlufVPN does not monitor, store, or log your online activity, including your browsing history, connection times, metadata, downloads, server usage, or data content during your session in the VPN Services. For a list of categories of personal data that BlufVPN collects, see Section 2 (D) of this Privacy Policy. BlufVPN also never stores or logs your IP address after the end of your session in the VPN Services – BlufVPN always removes your IP address after your session ends. See Sections 2 (D) and 7 of this Privacy Policy.

If you have any privacy or personal data concern related to any of BlufVPN’s products, services, or practices, please contact us at privacy@blufvpn.com.

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

IMPORTANT:YOUR FAILURE TO PROVIDE CERTAIN PERSONAL DATA MAY MAKE OUR SERVICES OPERATE NOT AS INTENDED OR NOT OPERATE AT ALL FOR YOU. YOUR FAILURE TO PROVIDE CERTAIN PERSONAL DATA MAY ALSO MAKE IT IMPOSSIBLE FOR US TO PROVIDE SOME OF OUR SERVICES TO YOU, BECAUSE OUR SERVICES REQUIRE CERTAIN MINIMUM PERSONAL DATA IN ORDER TO OPERATE AS WE INTEND.

In Section 2(A-C) of this Privacy Policy, we provide categories of personal data that BlufVPN collects and how BlufVPN collects such personal data when you use the Services.

In Section 2(D) of this Privacy Policy, we provide a description of BlufVPN’s “no logging” policy that applies when you use the VPN Services.

  1. PERSONAL DATA THAT YOU PROVIDE

Upon your registration for and use of the Services, we collect certain personal data directly from you, in each case only if applicable, including the following:

First and last name (either through the registration field or through your social media login);

Company name;

Email address;

Username and password (in a “hashed” format);

(Certain products only) Public and private keys (in a “hashed” format);

(Certain products only) User uploaded document content and preview;

Team members and their contact information;

Other profile information that you choose to provide to us; and

Any other information that you choose to provide to us by completing a web form, sending to us an email, online chat, forum postings, and any other similar means.

  1. PERSONAL DATA THAT WE COLLECT AUTOMATICALLY

Upon your use of the Services, we collect certain personal data from you, in each case only if applicable, including the following:

IP address;

Browser type and operating system;

Device name, code, manufacturer, and language;

Time zone, connection type, WiFi network name;

Country;

(Certain products only) Total amount of web traffic for each session and session dates;

Number of your devices using the Services;

Other data collected in accordance with our Cookies Policy; and

BlufVPN website/app usage, including version used, activation date, and updates installed.

  1. PERSONAL DATA THAT WE COLLECT FROM OTHER SOURCES

We may also collect personal data, such as names and contact information, from third parties, such as marketing, research, sales lead generator companies, social networks, as well as from any publicly-accessible sources. We also collect your payment history regarding our Services (but not your payment information) from third-party payment processors, such as Google, Apple, PayPal, Amazon, Stripe, Paymentwall, Symplify, Hotjar, Appsflyer, Voluum, Funnel.

  1. BlufVPN’S VPN SERVICES – NO LOGGING POLICY

As explained in this Section 2(D), BlufVPN does NOT monitor, store, or log your internet activities (including the internet sites that you visit) while using any of our VPN Services, except the total amount of internet traffic for each session and session dates (this data is collected only if you use personal servers or personal IP address). BlufVPN also stores the number of connected devices for each account – this data is monitored to enforce the maximum device limits. This data can be assessed in the User Office, where you may remove devices from your account.

Certain personal data collected by us automatically (i.e. IP address, connection type, browser type and operating system) is stored only for the duration of your session in the VPN Services. This means that BlufVPN never stores or logs these categories of personal data after the end of your session in our VPN Services – we delete such personal data after your session ends. This also means that your personal data, including your email address, first and last name, username, and IP address, is never connected to any of your internet activities during your VPN Services sessions.

3. HOW WE USE PERSONAL DATA

We use your personal data on the following legal bases, and for the following purposes:

Based on your consent, including:

Contacting you by any means with offers and other marketing regarding the Services;

Accessing your device information relating to your use of the Services, except when we use this personal data based on other legal bases; 

and Analyzing, personalizing, and improving our Services and marketing practices. 

For the performance of a contract, or in order to take steps prior to entering into a contract, including:

To process an order you have made and to provide you with the Services for which you paid or which you receive in a free trial; Carry out or exercise our rights and obligations arising from any orders;

Accepting, crediting, and tracking payments and any failure to pay related to your use of the Services; 

And Communicating with you and providing you with support and troubleshooting services related to the Services.

For compliance with our legal obligations, including:

Carry out or exercise our rights and obligations arising from any orders; 

And In the process of litigation and regulatory investigations, when appropriate or necessary.

For the purposes of our legitimate interests, or the legitimate interests of our other users and other third parties, including:

To process an order you have made and to provide you with the Services for which you paid or which you receive in a free trial;

Analyzing, personalizing, and improving our Services and marketing practices, unless our actions in this regard require our specific consent;

Discovering issues in our Services;

Detecting and preventing fraud, illegal activity, and any other activity that infringes upon the legal rights of BlufVPN, our other users, or other third parties;

Carry out or exercise our rights and obligations arising from any orders; and

In the process of litigation and regulatory investigations, when appropriate or necessary.

4. WHEN AND WHY WE SHARE PERSONAL DATA

  1. VPN Services personal data:

BlufVPN does not share, transfer, sell, rent, or disclose in any way to third parties ANY personal data about the users of the VPN Services for ANY purpose. Moreover, as explained in Section 2(D) of this Privacy Policy, BlufVPN does not store or log certain categories of personal data (i.e. IP address, connection type, browser type and operating system) after your VPN session ends; therefore it is impossible for BlufVPN to share such personal data with any third parties. Also as explained in Section 2(D) of this Privacy Policy, BlufVPN does NOT monitor, store, or log your internet activities (including the internet sites that you visit) while using any of our VPN Services, except the total amount of internet traffic for each session and session dates (this data is collected only if you use personal servers or personal IP address). Therefore, it is impossible for BlufVPN to share, transfer, sell, rent, or disclose in any way to third parties your internet activities.

  1. Services personal data:

BlufVPN does not sell or rent your personal data to any third parties without your consent. We will request and obtain your consent prior to selling or renting your personal data to any third parties. We do, however, need to share your personal data to run our everyday business. We share your personal data with our affiliates and third-party service providers for everyday business purposes, including to:

Store, transfer, and manage your personal data;

Process your purchases of the Services;

Manage and service your BlufVPN account;

Detect and prevent fraud, illegal activity, and any other activity that infringes upon the legal rights of BlufVPN, our other users, or other third parties; and

Sell and market the Services.

  1. We may share your personal data when appropriate or necessary to respond to legal process, including lawful:

subpoenas from government authorities and/or private entities;

court orders; and

interrogatories, depositions, and other discovery processes in the context of litigation and regulatory investigations.

We may share your personal data if we are, or propose to be, acquired by or merge with another entity or entities, or if we sell, or propose to sell, all or substantially all of our assets to another entity or entities, in which case we would share your personal data with such entity or entities.

5. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You can limit your sharing and our use of your personal data when it is based on your consent. For example, you can control our use of cookies by using the settings of your internet browser. Please be aware that your limit on our use of personal data may cause our websites and applications to appear and function not as intended. You can also limit our use of your personal data for our marketing purposes. 

If the laws of some countries apply to you, you may have the right to do the following:

Request access to your personal data;

Request correction of your personal data or supplementation of your personal data for completeness;

Request erasure of your personal data under certain circumstances, such as when the personal data is processed based on your consent;

Request restriction of processing of your personal data under certain circumstances;

Request transfer of your personal data to another entity under certain circumstances, such as when the personal data is processed based on your consent and the processing of your personal data is carried out by automated means;

Withdraw consent to the processing of your personal data where the processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal; and

File a complaint with your local supervisory authority.

RIGHT TO OBJECT

If the laws of some countries apply to you, you may have the “right to object” to our processing of your personal data when such processing is based on our, or a third party’s, legitimate interests. We will stop processing your personal data, unless:

We demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms; or

Such processing is necessary for the establishment, exercise or defense of legal claims.

If you object, we will stop processing your personal data for direct marketing purposes.

In order to request to exercise any of your rights, we may require you to provide us with detailed information about your request. Your rights are also subject to certain other limitations contained in the applicable law.

6. WHERE AND HOW WE STORE AND TRANSFER PERSONAL DATA

We use appropriate physical, electronic, technical, and organizational measures to secure and protect your personal data to ensure a level of security appropriate to the risk. You should understand, however, that no safeguards are guaranteed to prevent unauthorized disclosure and/or use of personal data. Because of that, we cannot guarantee or warrant that your personal data will never be exposed. We use third-party service providers globally to store and transfer personal data. We work with our third-party service providers to put in place adequate protections to ensure the security of personal data when it is stored and transferred.

7. HOW LONG WE STORE PERSONAL DATA

We do not store certain personal data (i.e. IP address, connection type, browser type and operating system) that we collect automatically. See Section 2 (D) of this Privacy Policy for an explanation of our “no-logging” policy. We store some of your personal data that we collect from you and from other sources as long as you remain a user of the Services. We retain personal data necessary for compliance with our legal obligations and contractual performance for the longer of: (i) the required time period under applicable law; (ii) or seven years.

8. COPPA

The Children’s Online Privacy Protection Act (“COPPA”) is a United States federal law enacted to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. The Services are not directed to children under the age of 13, nor do we knowingly collect information from children under the age of 13. If you are under the age of 13, please do not provide personal information of any kind whatsoever to BlufVPN. If a child provides us with personal information, a parent or legal guardian of that child may contact us to obtain that information and/or delete it from our records by sending an email to privacy@blufvpn.com.

9. CHANGES TO THIS PRIVACY POLICY

We may make changes to this Privacy Policy (and/or other applicable policies and Addenda) as the applicable laws, relevant technologies, and our data processing practices change. We will notify you of changes to this Privacy Policy (and/or other applicable policies and Addenda) by posting the updated policy on our website and in our applications and other Services. The changes to this Privacy Policy (and/or other applicable policies and Addenda) shall become effective upon such posting (as indicated by the date following “Last Updated:” at the top of this Privacy Policy and/or other applicable policies and Addenda), or as otherwise required by applicable law. We encourage you to review this Privacy Policy (and other applicable policies and Addenda) on a periodic basis.

10. BLUFPASS

BlufPass Privacy Policy describes the general privacy practice of Bluf websites and services, including BlufPass.This Privacy Policy explains what personal data we collect, as well as how and why we use it. If you disagree with the terms stated below, please do not visit our site, or use our content and services. For additional details regarding BlufPass privacy-related information, scroll down. 

Apart from the data provided in general Privacy Policy, BlufPass processes the following data when you use BlufPass Services:

Information Collected through BlufPass

BlufPass collects two kinds of user information to deliver the service: Secure Data, the information stored within BlufPass accounts, and Service Data which includes but is not limited to server logs, IP address, billing information, number of accounts, and number of items in accounts, company or family name, email addresses and etc. 

We acquire Service Data about your use of BlufPass, your account, and your payments. We only retain the data necessary to operate and maintain the services. The data is not used for any other purpose. 

BlufPass can’t access your encrypted passwords or other documents stored through our service, since this data is encrypted using secure cryptographic keys that are only known to the user. This also includes your Master Password. 

We also collect customer data regarding their activities on our and other websites, as a part of log entries or through cookies with the aim of improving our site and ensuring the best possible perforce and security practices. 

Terms For Storing User Data

BlufPass stores clients’ Secure data and Service data indefinitely unless specifically asked to delete it. This is done to preserve the encrypted data in your account. 

We use customer data with the sole purpose of providing you with BlufPass services. We have no interest or desire in using or transferring the limited data we collect, for other purposes. While processing and storing customer data, we implement all the necessary measures to guarantee that your personal data is fully protected against accidental or intentional unlawful threats, disclosure, or any other unlawful processing.