Privacy Policy

Last updated: June 2, 2021

This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when you access, install, or use the Ghostunnel Services.

All definitions and capitalized words used in this Privacy Policy are defined here or in our General Terms.

By visiting our websites, by submitting your personal data to us, and by accessing, installing and/or using the Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. If you disagree with the rules of this Privacy Policy, please do not use our Services.

Information in this Privacy Policy is provided in layers, meaning that all information related to our general personal data processing practices is provided here. Meanwhile, additional Service-specific information applicable to separate Ghostunnel products or websites are accessible via links in this Privacy Policy.

Processing of your data

Ghostunnel processes user data to a limited scope – for provision of the Services, processing payments for the Services, as well as the functioning of our websites and mobile applications. We process the following basic information:

Information for creating your account

  • Email address. We ask for your email address as part of your registration. It is necessary for establishing a Ghostunnel account, retrieving a lost password, and using our Services.

Payment related information

  • Payment data (if using paid Services). This information is necessary to collect payments for our Services. In addition to the traditional payment methods, such as credit cards, users can buy our Service with cryptocurrency. Our payment processing partners process basic billing information for payment processing and refund requests (such as date of purchase, payer’s IP address, zip code, card owner's full name and credit card information). We also process some of the same payment information ourselves (e. g., card owner's full name, last few digits of your credit card) in cases of recurring payments.
  • Country details. When providing your payment details, we ask our users to provide the country where they are registered, have a permanent address or usually live. This information is necessary for VAT calculation purposes.

Communication data

  • Email address. We use your email address to: i) send you important updates and announcements related to your use of our Services; ii) respond to your requests or inquiries; iii) send you offers, surveys and other marketing content (you can opt-out of those at any time).
  • Communication optimization data. We use various tools to help us optimize our emailing campaigns. These tools may track events you perform with an email, such as open and unsubscribe. We may also be able to see the user device’s operating system (e.g., windows, mac, ios, android) in order to optimize push notifications.
  • Chat-bot. If you contact us via our chat-bot on our website, in addition to collecting your contact information, we will be able to see your IP address. This additional information is necessary for our support to determine the user's country and to see if the user is connected to our servers or not.

Information collected on our website

  • Access logs. As most websites on the internet, our website collects access logs (such as IP address, browser type, operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning and similar hacking attempts.
  • Cookies. Cookies, pixels and other similar technologies are usually small text or image files that are placed on your device when you visit our website. Some cookies are essential for our website to operate smoothly; others are used to improve website functionality or analyze aggregated usage statistics to improve website performance (as in the case of Google Analytics cookies). We also use affiliate cookies to identify the customers referred to the website by our partners so that we can grant the referrers their commission.

Additional information collected by Ghostunnel Services

Ghostunnel guarantees a strict no-logs policy for Ghostunnel Services, meaning that your internet activity while using Ghostunnel Services is not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses or browsing data. From the moment a Ghostunnel user connects to one of our VPN servers, their internet data becomes encrypted. Any internet activity becomes no longer visible to ISP, third-party snoopers or cyber criminals.

In addition to the information provided in general Privacy Policy, we process the following data when you use Ghostunnel Services:

Technical information

  • Statistical server load information. We monitor server performance (cpu, ram, servers net usage) to recommend the most suitable servers to our customers.
  • Username and a timestamp of the last session status. This information is used to limit the amount of concurrent active user sessions and is automatically deleted within 15 minutes after a session is terminated.
  • Connectivity information. To prevent abuse and to be able to dispute unfair chargebacks, we register whether the user has used the Service in the last 30 days. No personally identifiable information is collected in this case, apart from the fact that the Service was or was not used during the mentioned period.

Information collected on our applications

  • Application diagnostics. This aggregated and anonymized data helps us to identify problems related to our app performance and updates. The collected information includes crash error reports. You can opt-out of collection of application diagnostics data at any time by navigating Ghostunnel app settings.
  • Anonymized telemetry data. We collect statistical information about the activity on your account: search, item rating and content viewed events, opened push notifications, etc. (in-app events). This analytical information provides knowledge of how our application is being used so we can improve the user experience and the app itself. You can opt-out of collection of anonymized app usage statistics at any time by navigating Ghostunnel app settings.
  • Device information. As in case of when you visit our website, we collect some device information on our application too. Such information is logged automatically and may include the model of your device, operating system version and similar non-identifying information. We may use this information to monitor, develop and analyze the use of our Services.
  • Device identifiers. In some cases, we may record your mobile device’s identifier for marketing or analytics purposes. These identifiers are assigned to your device by the OS manufacturer and can be reset at any time from your device's settings. For instructions, see following policies for different devices: Advertising & Privacy on iOS devices and Managing your Google Settings on Android devices.

Threat Protection feature

Ghostunnel offers a Threat Protection feature to its users. When enabled, this feature blocks ads, trackers, malicious websites and malware. The data processed about users of the Threat Protection feature depends on its use. Generally, we process only the data which helps us provide and improve the service.

In all cases the Threat Protection feature processes statistics about the use of the feature, such as the date of the last update of malicious items’ list, number of blocked entries and similar data. We process this data to gain knowledge of how the Threat Protection feature is used, so we can improve the user experience and the feature itself. You can opt-out of processing of such statistics at any time by navigating Ghostunnel app settings.

URL scanning. The Threat Protection feature matches the URLs against the databases of already known items and, if found there, it blocks ads, trackers, phishing attempts and malicious websites. We are not able to tell which particular user interacted with the exact URL or website. The data that we process is the URL and its status (e.g., if it is blocked). This is necessary to perform and improve the service.

Initial file scanning. When the Threat Protection feature initially scans newly downloaded files, it is using a lightweight engine to determine if the file is malicious or not. At this point, the data is processed as follows:

  • Scan status. In order for us to be able to block harmful files, we process information if the file is malicious or not, and if the scanning was technically properly performed.
  • Connection information. The network connection is essential for the Threat Protection feature to perform smoothly, therefore we process limited data that helps us to determine the quality of the connection. Such data may include your country, time zone and the name of your internet service provider.

Deep file scanning. This option is only available for users that have enabled it. When the initial file scan cannot tell if a file is malicious, we upload a file to the cloud where we run a deep scan for malware detection. The deep file scanning applies only to executable files, meaning that we do not upload other types of files (such as .doc, .pdf, .jpg) to the cloud. When the file is uploaded to the cloud, we are not able to tell which particular user the file belongs to. After deep file scanning the scanned files are stored and used to improve our services.

Sharing your personal data

We do not share your personal information with third parties except as described in this Privacy Policy.

Service providers. We use third-party service providers to help us with various operations, such as payment processing, email automation, website and app diagnostics, analytics and other. As a result, some of these providers may process personal information.

Some of our main long-term service providers:

  • Live chat and support service platform – Zendesk (provided by Zendesk Inc.);
  • Emailing service providers – Iterable (by Iterable Inc.), Sendgrid (by Twilio Inc.);
  • Application analytics and diagnostics – Google Analytics, Firebase Analytics (provided by Google);
  • AppsFlyer (by AppsFlyer Ltd.), Bugsnag (by Bugsnag Inc.);
  • Conversion attribution system – Hasoffers (provided by Tune Inc.);
  • WireGuard (provided by Jason A. Donenfeld);

Sometimes our service providers, for example, distributors, resellers, and app store partners, will be independent controllers of your data. Their terms and conditions and privacy policies will apply to such relationships.

Your personal information may be processed in any country in which we engage service providers. When you use our Services, you acknowledge the transfer of your personal information outside of the country where you reside.

Requests for data. Any request for user data should follow an appropriate official legal process to be recognized by the laws of the Republic of Panama (e.g., mutual legal assistance treaty, letters rogatory). We carefully review each request to make sure it satisfies laws applicable to our company, laws of requesting country, international norms and our internal policies. Being based in Panama allows us to keep no logs of users’ online activity (no IP addresses, browsing data, traffic information, etc.). This means that we are unable to link an individual user to a specific IP address, connection timestamp or other information that we do not collect. Therefore, even in cases we receive a rightfully served request, it might be impossible for us to identify a specific person or provide any identifying information related to that person. In cases where, following an appropriate legal process, we are able to identify a specific person, we will provide the limited data we process as per our Privacy Policy.

Choices related to your data

If you’d like to edit your profile information, delete your account or data, or request to provide you with a copy of your personal information, please contact our support team. Please note that you may need to pass through a couple of account verification steps so that we can verify you are the owner of the account.

If you wish to unsubscribe from our communication, you can opt out at any time by clicking the unsubscribe link at the bottom of each message or contacting us at privacy@ghostunnel.com.

You can control the use of cookies at the individual browser level. To disable cookies, follow your browser’s instructions on how to block or clear cookies.

Some browsers have incorporated a “do-not-track” feature that can send a signal to the websites you visit, indicating you do not wish to be tracked. Currently, our systems do not recognize browser “do-not-track” requests.

If you disagree with the processing of your data by Ghostunnel, please do not use our Services. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement, or deleting all personal data based on your email address), or finalizing other Ghostunnel’s legal relationship with you (e.g., record keeping, accounting, processing refunds).

If you wish to use the Services again, you will have to accept and agree to this Privacy Policy anew.

Data security

We take data security very seriously and take all steps reasonably necessary to secure your data (whether technical, physical, or administrative). However, no company can guarantee the absolute security of internet communications. By using the Services, you expressly acknowledge that we cannot guarantee the security of any data provided to or received by us through the Services and that any information received from you through the website or our Services is provided at your own responsibility.

Other Terms

The Privacy Policy is governed by and shall be construed in accordance with the laws provided in our General Terms.

To ensure the security of personal data, Ghostunnel employs various administrative, technical and physical security measures; however, it is your responsibility to exercise caution and reason when using the Services. You will be personally responsible if such action violates any third party’s privacy or any other rights, or any applicable law. Under no circumstances is Ghostunnel liable for the consequences of your unlawful activities, your willful and negligent activities that violate applicable laws or third-party rights, and any circumstances that may not have been reasonably controlled or foreseen.

Our website may include links to other websites whose privacy practices may be different from ours. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

This Privacy Policy may be modified and updated at any time, at our sole discretion, for any or no reason, and without liability, as indicated below. The date of the most current wording of the Privacy Policy is indicated at the top of the text. We ask all users to ensure that they are familiar with the most current wording of the Privacy Policy. The amendment of the Privacy Policy may be communicated to you by sending an email and/or by publishing the updated Privacy Policy on this website. Updates of the Privacy Policy come into force as of the moment when they are published.

You may not assign or transfer your rights or obligations under this Privacy Policy to any third party.