scandisecureVPN Privacy Policy

We want you to understand what information (including Personal Data) we collect in connection with your use of our Services and/or access to our Site; for what purpose such information is collected; how we collect, use, and store such information; to whom it may be disclosed; and how you can exercise your rights and access your information, verify its accuracy, correct it, and/or have it erased. Equally, we want you to know what information we do not collect under any circumstances.

In addition, this Privacy Policy outlines what security measures we take to safeguard your information and who you can contact if you have any queries or complaints about the contents of this Privacy Policy.

Our guiding principle toward data collection is to collect only the minimal data required to operate world-class Services at scale. We designed our systems (and strive to constantly improve them) to not have sensitive data about our customers. We cannot disclose, misuse, or abuse, even when compelled, data that we do not possess. We do not collect logs of your online activity while you are connected to our Services, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.

This Privacy Policy must be read in conjunction with the scandisecureVPN Terms of Service (the “Terms”). Together, they form a legally binding agreement between you and Scandisecure, so please read them carefully. Unless otherwise stated, the capitalized terms in this Privacy Policy shall have the same meaning given to them in the Terms.

ScandisecureVPN’s core mission is to keep your information private. In service of this mission, Scandisecure’s headquarters and registered place of business is in Copenhagen, Denmark.

 

Table of Contents

General Information

Personal Data

How We Protect and Retain Your Personal Data

How We Safeguard Your Personal Data With Relation to Service Providers

Usage Statistics Data and App Diagnostic Data

How We Protect and Retain Information Related to Emails

Cookies and Third-Party Analytics

Interactions With Third-Party Products

Users in the European Union

Your Privacy Rights

Use by Children

Changes to This Privacy Policy

How to Contact Scandisecure

General Information

scandisecureVPN may collect three (3) types of data depending on your use of the Services, as follows. You can find detailed information about each of them in the specific sections below. If you are just visiting our Site, please refer to Section 7.

(i) Personal data submitted in association with your Account (“Personal Data”)

Personal Data means any information that can be used, alone or combined with other data, to uniquely identify an individual. Personal Data is collected for the purpose of providing you with our Services, including preventing fraudulent signups or account hijacking, and may include the name, email address, and payment information that you submit to us when you create or update your Account.

(ii) Aggregate Apps and VPN connection summary statistics (“Usage Statistics Data”)

A minimal amount of Usage Statistics Data is collected in order to maintain excellent customer support and quality of service. This type of data does not include information about users’ browsing and internet activity, including while connected to the VPN—we do not collect (and therefore do not use, disclose, or store) data about the content or destinations of VPN traffic, DNS queries, or user IP addresses.

(iii) Anonymous App diagnostics, including crash reports (“App Diagnostic Data”) (optional)

App Diagnostic Data, which includes crash reports, usability diagnostics, and VPN connection diagnostics, is anonymized data that cannot be tied back to individual users. This feature is similar to a “send bug report” option. App Diagnostic Data is not shared by default. You must opt in, such as through the settings menu of your Apps, to send App Diagnostic Data to us.

 

Personal Data

scandisecureVPN collects limited Personal Data that you provide by creating or updating an Account. We require Personal Data, such as an email address and payment information, so that we can provide you with our Services, email you, collect payments and corresponding taxes, prevent fraud, respond to support queries, and share relevant information about your Account and/or the Services.

Specific Personal Data collected will depend on the payment method you choose and may include information such as name, billing country, billing address, and/or credit card number. For some forms of payment, you may be redirected to external websites operated by third-party payment processors (e.g., PayPal, Stripe, or other specific payment processors, depending on your location) to complete the transaction. To understand what personal data these processors collect and store, please refer to the respective processor’s terms and privacy policy. In addition, we engage with trusted partners for the purposes of simplifying the login process, detecting fraudulent signups, and preventing account hijacking. These partners may obtain user IP addresses, but these addresses are always stored separately from systems unrelated to these purposes; can never be connected to the online behavior of any user, because no record of any such behavior is collected; and are always permanently deleted after 30 days.

scandisecureVPN uses your email address for the following reasons:

To provide you with access to our Services, including through password reset or verification emails.

To send emails related to your payment transactions.

To send you updates and announcements.

To communicate with you about your Account or respond to your communications.

To send marketing information, such as offers, surveys, invitations, and content about other matters in connection with Scandisecure VPN that we believe may be of interest to you (“Marketing Emails”). You may choose to not receive Marketing Emails by following the unsubscribe procedure described in these emails.

scandisecureVPN uses your Personal Data only for the purposes listed in this Privacy Policy, and we do not sell or lease your Personal Data to third parties. We collect and process your Personal Data for legitimate interest under the applicable law, more specifically to fulfill our contractual obligations to you (i.e., according to the Agreement between you and scandisecureVPN).

Any personal information associated with scandisecureVPN accounts is controlled only by scandisecureVPN, including being stored on systems, servers, and services owned or leased by scandisecureVPN and its subsidiaries. In the limited circumstances where this data may need to be processed by other related entities, it may be shared only when required, and for the duration required, for processing solely related to the purposes and legitimate interests outlined in this Privacy Policy, while ensuring at all times the same data protection standards. For avoidance of doubt, these circumstances do not include any situations where control of personal information of scandisecureVPN users will be transferred to any other related entities, including but not limited to our ultimate company, ScandiSecurity Systems ApS for any duration of time.

How We Protect and Retain Your Personal Data

Security. We have implemented best-in-class physical, procedural, and technical security measures with respect to our offices and information storage facilities so as to prevent any loss, misuse, or unauthorized access, disclosure, or modification of your Personal Data. Although we believe these systems are robust, it is important to understand that no data security measures in the world can offer completely infallible protection. For this reason, our guiding principle is to collect minimal data.

Servers and data centers. Servers are housed in data centers with strong security practices. None of these data centers require us to collect or store any traffic data or Personal Data related to your use of the Services. If any data center were to ask us to log such data, we would immediately cease operations with said service provider and find alternative options. Even if a government were to physically seize one of our service providers VPN servers, there would be no logs or information that would tie any individual user to a particular event, website, or behavior.

Retention of your Personal Data. Your Personal Data—which, to reiterate, never includes any sensitive data such as browsing history, DNS queries, or IP addresses linked to that information or any other online behavior—is retained for a limited period in accordance with applicable data protection law (for as long as we have your consent or a legitimate reason for holding such data). You may request to have your data deleted by sending a valid deletion request (please see Section 11). Please note that if you request the deletion of your Personal Data, you will as a result no longer be able to use the Services.

Legal. Your Personal Data is controlled by and stored under Scandisecure, and not by its ultimate owner, ScandiSecurity Systems ApS or other related entities. ScandiSecurity Systems ApS operates under Danish jurisdiction, in accordance with Danish laws. Consequently, any demand via legal means for Personal Data (or other types of data) is subject to Danish jurisdiction and laws. We fight vigorously to defend our rights (and those of our users) if an attempt is made to bypass the privacy protections provided for by the Danish laws. A parent, subsidiary, or related entity cannot be compelled to, nor would it voluntarily, provide Personal Data stored by ScandiSecurity Systems ApS.

To learn more about how we protect your privacy and security, visit the Scandisecure VPN Trust Center.

How We Safeguard Your Personal Data With Relation to Service Providers

Agents, contractors, and third-party service providers of scandisecureVPN (“Service Providers”) may have controlled access to relevant data to help us process payments, administer the Services, and otherwise assist us in operating our business. All Service Providers who may gain access to such data have confidentiality and data processing obligations to keep the data confidential and not use them for any other purpose than to carry out the services they are performing on behalf of Scandisecure. These obligations include contractual commitments to protect data as required by applicable laws, including those covering the transfer of Personal Data from the European Union / European Economic Area to a third country.

Service Providers only have access to the data necessary for the services they are performing on behalf of scandisecureVPN, which in any case will never include VPN activity or connection data as we do not collect such data.

In addition to Service Providers, we may share your Personal Data where you have provided your consent to us for sharing or transferring your Personal Data (e.g., marketing consents or opt-in to optional additional services or functionality).

Service Providers only have access to the data necessary for the services they are performing on behalf of Scandisecure, which in any case will never include VPN activity or connection data as we do not collect such data.

In addition to Service Providers, we may share your Personal Data where you have provided your consent to us for sharing or transferring your Personal Data (e.g., marketing consents or opt-in to optional additional services or functionality).

 

Usage Statistics Data and App Diagnostic Data

In order to maintain excellent customer support and quality of service, Scandisecure VPN collects certain information related to your VPN usage, as described below. The data we collect for this purpose is visible to our staff strictly on a need-to-know basis, and may be shared with Service Providers for the purposes above, but is kept confidential at all times.

We ensure that Usage Statistics Data and App Diagnostic Data never include any sensitive information, in line with our overall commitment to never logging browsing history, traffic destination, data content, IP addresses, or DNS queries.

With regard to VPN Usage Statistics, our principle of minimal data collection means that:

We do not know which user ever accessed a particular website or service.

We do not know which user was connected to the VPN at a specific time or which VPN server IP addresses they used.

We do not know the set of original IP addresses of any given user’s computer.

Should anyone try to compel Scandisecure VPN to release user information based on any of the above, we cannot supply this information because the data does not exist.

Apps and Apps versions

We collect information related to which Apps and Apps version(s) you have activated in order to use our Services. Knowing your current version of the Apps allows our Support Team to troubleshoot technical issues you may encounter.

Successful connection

As you use the App, we collect information about whether you have successfully established a VPN connection on a particular day (but not a specific time of the day), to which VPN location (but not your assigned outgoing IP address), and from which country/ISP (but not your source IP address). This minimal information assists us in providing technical support, such as identifying connection problems, providing country-specific advice about how to best use our Services, and enabling Scandisecure VPN engineers to identify and fix network issues.

Aggregate sum of data transferred (in MB)

We collect information regarding the total sum of data transferred by a given user. Although we provide unlimited data transfer, if we notice that a single user pushes more traffic than thousands of others combined, thereby affecting the quality of Services for other scandisecureVPN users, we may contact that user for an explanation.

Usage Statistics Data summary

In summary, we collect minimal usage statistics to maintain our quality of service. We may know, for example, that our customer Peter had connected to our Stockholm VPN location on Tuesday and transferred an aggregate of 745 MB of data across a 36-hour period. Petercan’t be uniquely identified as responsible for any specific online behavior because his usage pattern overlaps with thousands of other Scandisecure VPN customers who also connected to the same location on the same day.

We’ve engineered our systems to categorically eliminate storage of sensitive data. We may know THAT a user has used Scandisecure, but we are unable to single out the user and we never know HOW they have utilized our Service. We stand by our firm commitment to our users’ privacy by not possessing any data related to a user’s online activities.

App Diagnostic Data

With your opt-in permission, we collect anonymized App Diagnostic Data, which includes crash reports, usability diagnostics, and VPN connection diagnostics. We use this data in our network operations tools to help optimize network speeds and to let us identify problems and areas for improvement related to specific apps, VPN servers, or internet service providers (ISPs). This App Diagnostic Data we receive is fully anonymized and cannot be tied back to individual users (i.e., we do not store which user sent which data, and we do not store user IP addresses).

If you opt in to share this information with Scandisecure VPN(in the settings menu of your Account), we will collect the following anonymized App Diagnostics Data:

Diagnostic information about if and how a VPN connection attempt failed.

Speed test data.

App diagnostics, including crash reports and usability diagnostics, without any personally identifiable information. These are handled in an anonymized form by the following Service Providers bound by non-disclosure and other contractual obligations, dependent on the platform you are using Scandisecure VPN on:

Windows: Sentry, owned by Functional Software, Inc. See Sentry’s Privacy Policy.

Mac: Firebase Crashlytics, owned by Google, and Sentry, owned by Functional Software, Inc. See Firebase’s Privacy and Security documentation and Sentry’s

Privacy Policy.

Linux: Sentry, owned by Functional Software, Inc. See Sentry’s Privacy Policy.

iOS: Firebase Crashlytics, owned by Google, and Apple. See Apple’s Privacy Policy and Firebase’s Privacy and Security documentation. You can disable Apple’s crash reporting in iOS settings as described here.

Android: Firebase Crashlytics, owned by Google. See Firebase’s Privacy and Security documentation.

Upon activation of any of our Apps, you will be asked if you would like to share App Diagnostics Data with Scandisecure. You can start or stop sharing this data at any time in your App’s settings menu. On iOS, Apple’s crash reporting can be turned off in iOS settings.

How We Protect and Retain Information Related to Email

scandisecureVPN keeps records of any correspondence, questions, complaints, or compliments you submit to us through our Site or Services, along with our response. Depending on how you contact  , we may collect your email address and any additional information you provide to us. Having full correspondence records enables our staff to provide the best possible customer support experience.

Cookies and Third-Party Analytics

For user experience and analytics purposes, Scandisecure VPN uses several analytics services, including from third-party Service Providers. These services may use cookies, mobile identifiers, and other data to generate reports and statistics, but have no access to information that directly identifies individuals nor any Personal Data that users provide to Scandisecure.

What is a Cookie?

Cookies and other similar technologies are small text files used to store information about your visit to the Site on your computer or mobile device (“Cookies”). Cookies allow websites to “remember” your actions or preferences over time, which allows us to optimize and improve the user experience of the Site by helping us deliver certain functionalities, such as website login and language settings. The Cookies we use may vary over time as we continuously update and improve our Site.

Disabling Cookies

When you visit the Site for the first time, you will be invited to set your Cookie preferences. You can also change these preferences at any time by selecting Cookie Preferences from the menu at the bottom of most pages on the Site. Alternatively, you may be able to change your Cookie preferences from the settings panel of your browser. Note that our Site may not work as intended if you choose to disable Cookies.

scandisecureVPN’s Cookies

The Cookies set by Scandisecure VPN enable us to set your language preference, attribute visitors to a marketing channel, and, once you log in, securely show you information that is specific to your Account. The Cookies contain a user identifier, but no directly personally identifying information such as your name or email address and do not track any activity outside of Scandisecure’s domains.

Third-Party Cookies

scandisecureVPN uses Cookies from third-party services for Essential, Functional, and Marketing purposes.

Cookies that are necessary for the proper functioning and optimization of the Site are known as Essential Cookies. For example, we use PayPal to allow users to make payments via that service. Other Essential Cookies in use include those that allow payments via Stripe; those that allow us to analyze and improve page performance, including Google Analytics, Google Optimize, Visual Website Optimizer, and Google Tag Manager; those that allow us to manage traffic, deliver content, and combat malicious bots, including Cloudflare, Cloudfront, and Gstatic; and one that allows you to specify your Cookie preferences, Usercentrics Consent Management Platform. Essential Cookies cannot be disabled, and by using the Site, you are consenting to them.

Cookies that enable us to properly display or manage elements on the Site are known as Functional Cookies. For example, we use Google Fonts to properly display text. Other Functional Cookies in use include those for displaying video, including YouTube Video and Vzaar; those that produce maps, including OpenStreetMap and Google Maps; those used in managing Cookies, including Google Ajax and jQuery; one for tracking and reporting errors, Sentry. Functional Cookies can be disabled.

Cookies that are used by advertisers to serve ads that are relevant to your interests are known as Marketing Cookies. For example, we use Google Ads remarketing to show advertisements on third-party websites (including Google) to users who have visited our Site. We may show such users advertisements on a Google search results page or on a site in the Google Display Network. Other Marketing Cookies in use include those from Facebook Pixel, Facebook Social Plugins, Google AdServices, Google Syndication, Microsoft Advertising Remarketing, and PayPal Marketing Solutions. Marketing Cookies can be disabled.

Service Providers, including Google, use Cookies to serve ads based on someone’s past visits to the Site. Any data collected will be used in accordance with our Privacy Policy and Google’s privacy policy. In addition to setting Cookie preferences via your browser or the menu at the bottom of our Site, users also may opt out of Google’s use of Cookies by visiting the Google Advertising Opt-out Page. Users may opt out of Google Analytics by visiting the Google Analytics Opt-out Page.

Device information

scandisecureVPN uses device information (including device type, operating system/language, or user agent, as well as mobile identifiers provided by Android or iOS devices) to generate statistics related to the marketing channels and advertising partners through which users learned about and signed up for scandisecureVPN Apps. This device information does not contain your name, email address, or other Personal Data.

Disabling or resetting mobile identifiers

Users may disable or reset the mobile identifiers associated with their devices at any time. For instructions, see Apple’s page on Advertising & Privacy on iOS devices and Google’s page on Managing your Google Settings on your Android device.

Email/communication analytics

To assess and improve the emails and other communications we send, scandisecureVPN or its Service Providers may collect data for statistical reports. For example, we may generate reports assessing whether emails were successfully sent, whether there were any delivery delays, or the number of times an email was opened.

Interactions With Third-Party Products

The Site may contain links to external websites, mobile software applications, products, or services that are not owned or controlled by Scandisecure and may be subject to specific terms and conditions. Please be aware that such third parties may collect personal information from you. scandisecureVPN is not responsible for the privacy practices or the content of such external websites. We encourage you to read the terms and conditions and privacy policies of each third-party service provider you engage in connection with the Site or the Services.

Users in the European Union

scandisecureVPN is committed to user privacy globally, and our existing practices reflect that through minimal collection of data and ensuring users have control over their Personal Data. The General Data Protection Regulation (“GDPR”) of the European Union (“EU”) requires us to outline those practices in a specific manner for users in the EU.

In line with the GDPR, we collect and process the Personal Data outlined in this Privacy Policy on one of the following bases, depending on the circumstances:

For the purposes of fulfilling our contractual obligations, including:

Providing Subscribers with the Services they have requested.

Managing subscriptions and processing payments in connection with our Services.

Providing customer support.

For a legitimate interest associated with the operation of our business, including:

Enhancing the quality, reliability, and effectiveness of our Services.

Communicating with customers to provide information and seek feedback related to our Services.

With the consent of users, which users can withdraw at any time.

Your Privacy Rights

Rights: In using our Services, you have the following rights (subject to certain exceptions or exemptions).

You have a right to access personal data held about you.

You have the right to request that we rectify any personal data we hold that is inaccurate or incomplete.

You have the right to request the deletion of your personal data. Please note that such deletion may result in us no longer being able to provide you with our Services.

You have the right to request restriction of or object to the processing of your personal data.

You have the right to request and receive your personal data in a commonly used format (data portability).

You have the right to withdraw your consent on which processing is based at any time.

You have a right to complain to your local data protection supervisory authority.

You can exercise your rights above by contacting us as described in Section 16.

You may have a third party submit a request on your behalf as an authorized agent. To confirm that the authorized agent is entitled to submit a request on your behalf, they must have written authorization signed by you, and you must provide us with a copy of the signed authorization. To ensure your privacy and security, we may take further steps to verify your identity.

We will address any requests in accordance with applicable laws and to the best of our ability in a timely manner.

 

You have the right to know what personal data is being collected about you and how it is used and shared.

You have the right to request the deletion of your personal data. Please note that such deletion may result in us no longer being able to provide you with our Services.

You have the right to opt out of the sale of your personal data. However, there is no need to exercise this right as ScandisecureVPN does not sell any data to third parties.

You have the right not to be discriminated against for exercising any of these rights or other rights under the CCPA.

You have the right to withdraw your consent on which processing is based at any time.

Use by Children

We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Data from, and/or about individuals under the age of eighteen (18) or under the age of majority in the jurisdiction of residency / from which the Services are used. If you are under the age of eighteen (18), or under the age of majority in the jurisdiction where you reside or from which you use the Services, do not provide any Personal Data to us without the involvement of a parent or a legal guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide Personal Data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us as described in Section 16.

Changes to This Privacy Policy

We may change our Privacy Policy from time to time, with or without notice to you, consistent with applicable privacy laws and principles. Your continued use of the Services and/or access to the Site constitutes your acceptance of our Privacy Policy.

How to Contact scandisecureVPN

If you have any questions, concerns, or complaints regarding our Privacy Policy, our compliance with the applicable laws, or how we handle your information or if you wish to exercise your privacy rights, please feel free to contact us at the following email address:

support@scandisceure.com

Postal address is Flæsketorvet 68, 1711 København V.

You may also refer any questions regarding this Privacy Policy to our Group Data Protection Officer (DPO) by writing to dpo@scandisecure.com.