For ease of reference, in this product privacy notice we use the term “VPN browsing activity” to refer to online activities you conduct via VPN connections initiated with our VPN products. This includes what you are browsing, viewing, or doing online via the VPN connection.
- Pango does not record your VPN browsing activities in any way that can be associated back to you. When you use a VPN connection, we do not store any information that identifies what you browse, view, or do online via that VPN connection. The exception is when you choose to communicate with us (such as via chat or email) over a VPN connection and have chosen to identify yourself to us. While we log what domain names that users visit (but not full URLs), we do not log them in combination with anything that identifies an individual or device.
- Free versions of our VPN products are supported by personalized ads, but these ads are not personalized based on any of your VPN browsing activity, nor do we share any such activity with our advertising partners. Personalization is conducted by our advertising partner Google, who collects personal data such as your user-resettable advertising identifier (e.g. AAID or IDFA) and combines it with information they have to show you ads which they believe are more relevant to you. Google allows you to opt out of personalized ads via your Google account settings. Although the money we make from displaying these ads helps to pay for only part of the costs of making these apps available for free, we provide free apps because we believe it’s important that everyone has the opportunity, regardless of their situation, to have secure and private access to the internet. Paid versions of our VPN products do not contain ads, and therefore do not send information to these advertising partners.
- Data over our VPN connections is encrypted and Pango does not inspect or record the contents of what you are browsing, viewing, or doing through them (unless, of course, you are using the VPN connection to communicate with Pango). For your protection, we may block access to certain resources that are known to be malicious.
What information we do and don’t collect regarding VPN usage
Our VPN products do not log or otherwise record IP addresses, device identifiers, or any other form of identifier in combination with your VPN browsing activity. Simply put, this means that our VPN products do not store any information about what any specific user browsed or accessed through a VPN connection.
When you initiate a VPN connection, we collect your IP address, immediately encrypt it, and delete it at the end of your VPN session. We use this IP address for the purpose of fraud prevention if you submit a payment to us during the VPN session. The IP address is not associated with your VPN browsing activity. This means that we are not able to share your VPN browsing activity with anyone – whether it’s an ad network or government agency – because we simply don’t store that information.
When you access a site through a VPN connection, your IP address appears to that site as the IP address of one of our VPN servers (what we call a “public” IP address). Because those public IP addresses are used by multiple users and we do not record the actual IP addresses of users who use those public IP addresses, we are not able to connect activity originating from a public IP address to activity conducted by any individual user.
Our VPN products log:
- the duration of VPN sessions and the bandwidth consumed. We do this to monitor, support and optimize our VPN services, as well as enforce free app usage limits.
- the domains that have been accessed by our users, but on an anonymized basis such that we do not know which user accessed which domain (we also aggregate this information on an approximately monthly basis). We do this to monitor, support and optimize our VPN services.
- device hashes, which are used to identify devices and associate them with other data we collect (such as for measuring bandwidth use, providing support, understanding how you interact with our VPN, and other analytics and marketing purposes). Device hashes are not linked to VPN browsing activity. We use devices hashes because we do not require users to register an account to use some of our products and need a way to distinguish between different users and carry out the activities above.
How we use IP Addresses
As written above, we do not log or otherwise record IP addresses in connection with your VPN browsing activity. In the interest of transparency, we do collect and use IP addresses in these other contexts:
- protecting against fraud in connection with financial transactions with us
- deriving non-identifiable items of information, such as your approximate geographic location and information about your internet service provider or carrier (we use this information to provide a better user experience, such as by connecting you with VPN servers nearer to you and by analyzing the connection quality with different internet service providers)
- enabling us to attribute our advertisements and service features to actions taken in response to such advertisements and service features
Our VPN servers are hosted with infrastructure providers that do not require us to collect any information about what our users are doing via a VPN connection. If any such provider were to require us to collect such information, we would stop doing business with them and find an alternative provider.
Even if a government agency physically seizes one of our VPN servers and succeeds in breaking disk encryption on those servers, they would not find any logs or information that would reveal what any individual user was browsing, viewing, or doing online via a VPN connection.