Privacy Policy

Last updated: 6/17/2026

Secure Paid VPN is operated by E-Tech LLC ("we", "us", "our"), a limited liability company registered in the State of New York, United States, with registered office at 99 Wall Street #112, New York, NY 10005, USA.

Keeping your information private is our core mission. This Privacy Policy describes what data Secure Paid VPN collects, why we collect it, and how you can control it. By using our website, apps, or services, you agree to the practices described here.

Strict No-Logs Policy

Secure Paid VPN operates a strict no-logs policy on every exit node we run — VPN tunnels (WireGuard, OpenVPN UDP/TCP, IKEv2) and the browser-extension HTTPS proxy alike. Our servers are configured to never write any of the following to disk, neither during a session nor after one ends:

• The websites or IP addresses you visit
• DNS queries you issue
• Connection timestamps, session durations, or session counts
• Bandwidth used per session, per destination, or in aggregate per user
• Your originating (real) IP address

The proxy and VPN daemons are configured with per-request logging disabled at the daemon level (e.g. access_log none in squid, no verb 3 debug logging in OpenVPN, no charon.syslog verbose level in strongSwan). Only daemon-level error logs (process startup, configuration parse errors) are kept, and those contain no user-identifying information.

Because we do not collect this information, we cannot produce it in response to subpoenas, civil discovery requests, or any other legal process. We are also not subject to mandatory data-retention laws in any jurisdiction where our exit nodes are hosted.

What we do collect

Only what's required to run the service:

• Your email address and a salted hash of your password, to authenticate the account
• Subscription receipts from Apple, Google, or our payment processor
• Anonymous device identifiers and OS version, so we know what apps to ship
• Aggregate, non-identifying server-load metrics

Use of Information

We may use your information when analyzing user data with third-party platform tools. We use your contact details to send you notifications about the service and to respond to customer support requests. You may access and change your personal information by signing in to your Secure Paid VPN account.

Secure Paid VPN uses your email address for the following reasons:

• To provide links to our site, including password-reset links.
• To communicate with you about your VPN services or respond to your communications.
• To send marketing information. You may choose not to receive marketing emails by following the opt-out procedure described in those emails.

Secure Paid VPN uses your personal information only for the purposes listed in this Privacy Policy, and we will not sell your personal information to third parties.

Information Security

We urge you to protect your own privacy. We recommend that you do not share or disclose your Secure Paid VPN password with anyone in any way (phone calls and email included).

When necessary, we use strong cryptographic algorithms to protect public and private keys and passwords. All appropriate security measures are taken to protect information against unauthorized access, alteration, destruction, or leakage. Secure Paid VPN's employees, contractors, and agents are restricted from accessing personal information. Officials whose work requires access for operation, development, or service improvement are bound by confidentiality obligations and may be subjected to disciplinary action — including termination and criminal prosecution — upon failing to meet these obligations.

Cookies

Secure Paid VPN uses a few different types of cookies on its website to improve the user experience, such as:

• Google Analytics for statistical assessment and website performance improvement.
• Affiliate cookies to identify customers referred to the site by our partners, so that we can grant referrers their commissions.
• Cookies for personalizing site content, such as setting the default language.

You can set up warnings every time the site places a cookie in your browser, or you can choose to disable all cookies. You can do both through your browser settings. Since each browser has a different procedure for managing cookies, look at your browser's Help menu to learn the correct way to do it. Alternatively, you can disable cookies by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser add-on. Disabling cookies may negatively affect some features that make your experience more efficient.

Third-Party Analytics and Marketing

To understand how our apps and website are used and to measure marketing effectiveness, Secure Paid VPN integrates a small number of third-party SDKs. These services may collect a device-level advertising identifier, app-event data (installs, opens, subscriptions), and basic device information (model, OS version, language, country). They never receive your VPN traffic, browsing activity, or the contents of your tunneled sessions.

• Google Analytics — aggregate usage analytics and crash reporting to help us improve the apps' stability and performance.
• Meta (Facebook) SDK — install attribution and ad-conversion measurement for our marketing campaigns. App-event data is shared with Meta in line with their Business Tools Terms.
• Affiliate networks — referral attribution so partners who refer new customers can be credited their commissions.

On iOS, we will request your permission via the App Tracking Transparency prompt before any cross-app advertising identifier is shared. You can withdraw consent at any time from your device's system privacy settings.

Third-Party Websites

The site may contain links to external websites that do not fall under Secure Paid VPN's domain. Secure Paid VPN is not responsible for the privacy practices or content of such external websites.

Consent and Age Restrictions

By using the site, content, apps, software, or services, you agree to have your information handled as described in our Terms of Service and this Privacy Policy.

The services are intended for adults aged 18 and above. If you believe a child has provided information to us, please let us know immediately.

Jurisdiction and Applicable Law

Secure Paid VPN complies with the laws and the requirements of law enforcement agencies of the server's region. Secure Paid VPN does not collect users' IP addresses, browsing histories, or traffic data. Where permitted, we will notify affected users about any requests for their account information, unless prohibited from doing so by law or court order.

Users in the European Union

Secure Paid VPN is committed to user privacy globally, and our practices reflect that through minimal data collection and ensuring users have control over their personal information. The General Data Protection Regulation (GDPR) of the European Union (EU) requires us to outline those practices in a specific manner for users in the EU.

In line with the GDPR, we collect and process data on one of the following bases, depending on the circumstances:

• For the purposes of fulfilling our contractual obligations to users — including providing the services and apps users have requested, and managing user subscriptions and processing payments.
• To comply with our legal obligations.
• For our legitimate interests, including improving our services and protecting against fraud or abuse.

International Data Transfers

Our service is spread globally, and as such, your data travels through our global servers, which might or might not be outside of your country of residence. We rely on some third-party service providers to enable us to provide our services. Whenever we transfer your information, we take steps to protect it. You acknowledge and understand that your information will be transmitted as necessary to provide our services and live up to our Terms of Service.

Browser Extension

The Secure Paid VPN browser extension for Chrome and Firefox is a thin client for the same paid VPN service the mobile apps use. When you click Connect, the extension routes your browser's traffic through a TLS-encrypted HTTP CONNECT proxy on the exit node you select. Your operating-system network settings and other applications are not affected.

What the extension stores on your device

• Your authentication token (JWT) — kept in browser-local storage scoped to the extension, scrubbed when you sign out or remove the extension.
• Your email address and display name — fetched from /api/auth/me after sign-in and cached locally so the popup can show who's signed in. Removed on sign-out.
• A randomly generated per-install device identifier (e.g. ext-<uuid>) — used by the backend to enforce the standard concurrent-device limit. It is not linked to your hardware, IP, or any browser fingerprinting signal.
• Your selected server, last connection state, and a settings object (notifications on/off, etc.) — local-only.

What the extension does not read or transmit

• The URLs you visit — the extension never sees them. The browser routes proxy traffic internally.
• Page content, form data, or browsing history.
• Tabs, bookmarks, downloads, or any other browser surface beyond the extension popup itself.

What the proxy servers log

The HTTPS proxy daemons on our exit nodes (Poland · Warsaw, USA · Miami, and any future locations) run with per-request logging disabled. We do not record connection timestamps, source IPs, destination hosts, or bandwidth per session. The only data the proxy process writes to disk is its own startup / shutdown / error log, which contains no user-identifying information.

Authentication against the proxy uses the same per-account credentials the mobile app's IKEv2 / OpenVPN / WireGuard tunnels use, sourced from your Secure Paid VPN account. Auth credentials never leave the encrypted browser-to-proxy channel (TLS) on the wire.

Permissions the extension requests

• proxy — to redirect browser traffic through the user's chosen exit node.
• webRequest + webRequestAuthProvider (Chrome) / webRequestBlocking (Firefox) — to answer the proxy's authentication challenge with the user's credentials, with no UI prompt.
• storage — for the JWT, settings, and the items listed above.
• alarms — to re-check subscription status every 15 minutes; the proxy is torn down automatically if a subscription expires mid-session.
• notifications — optional connect / disconnect toasts (a user-facing toggle in Settings turns them off).
• <all_urls> host permission — required because the proxy applies to every site the user chooses to visit.

The extension contains no analytics SDKs, no remote-code-loading mechanisms, and no telemetry beyond the heartbeat to /api/auth/me needed to confirm an active subscription.

Account Deletion

You can delete your account at any time:

• From the mobile apps — open Settings and tap "Delete Account". The deletion request is processed immediately.
• From the website — sign in and visit your Profile page to remove your account.
• By email — send a request from the email address registered to your account to privacy@securepaidvpn.com.

On deletion we cancel any active web subscription, mark all subscription records inactive, remove your devices, and scrub personal information (name, email, password) from your account record. Aggregated subscription history may be retained for legal and financial-audit purposes for up to seven years, in accordance with applicable law. All other associated records are purged within 30 days.

Contact

Privacy questions: privacy@securepaidvpn.com.