Privacy Policy

Keeping Your Data Safe

This Privacy Policy explains how TidalVPN (“we”, “us”, “our”) collects and uses your information when you use our websites, apps, and VPN services (the “Services”). We aim to comply with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

Who we are & contact details

Data Controller: TidalVPN

Contact: [email protected]

Our privacy & no-logs principles

No activity or connection logs that identify you. We do not log your browsing history, DNS queries, traffic contents, destination IPs, or the originating IP address assigned by your ISP while connected to the VPN.

Minimal data for account & payments. We collect only what is needed to create and maintain your account, process payments, provide support, prevent abuse, and comply with the law.

Choice & transparency. Where we rely on consent (e.g., optional analytics/cookies), you can manage your preferences.

Security by design. We implement technical and organisational measures to protect your information.

Information we collect

Account & Subscription Data (you provide): Account identifiers (e.g., email address or anonymous token), password (hashed), plan, renewal dates. Payment status and receipts via our payment processor. We do not store full card details.

Support Communications: Messages you send to support, including any diagnostics you choose to share.

Service & Device Information (minimal operational telemetry): App version, device type, and basic performance/diagnostic events (e.g., crash reports). Aggregate service metrics (e.g., total bandwidth per server) that are not attributable to individuals.

Website Data: Essential cookies for site functionality. Optional analytics/marketing cookies only with your consent.

How we use information & our legal bases

Provide the Services and manage your account (Legal basis: performance of a contract).

Process payments and prevent fraud/abuse (Legal basis: legitimate interests; legal obligation). Payments are processed by Stripe.

Support & communications (Legal basis: performance of a contract; legitimate interests).

Improve Services using de-identified/aggregated data (Legal basis: legitimate interests).

Optional analytics/marketing with your consent (Legal basis: consent; you can withdraw at any time).

Compliance with applicable laws and requests properly served on us (Legal basis: legal obligation). Because we do not keep activity or connection logs, we generally have no data to provide about your VPN traffic.

Cookies & similar technologies

We use essential cookies to operate our website (e.g., keeping you signed in, payment checkout). We may also use optional analytics or marketing cookies with your consent. You can manage preferences via our cookie banner or your browser settings. If we introduce a separate Cookie Policy page, we will link it here.

Sharing & international transfers

We do not sell your personal data. We may share limited information with service providers such as hosting, customer support tools, email delivery, payment processors (e.g., Stripe), and analytics (if enabled). They act under our instructions.

We may share information with professional advisers (e.g., accountants, auditors) and authorities where required by law.

We may share data in connection with a merger, acquisition, or reorganisation, subject to appropriate safeguards.

Where data is transferred outside the UK/EEA, we rely on lawful transfer mechanisms such as adequacy decisions, the UK International Data Transfer Agreement (IDTA) / EU Standard Contractual Clauses, and additional safeguards as needed.

Data retention

Account & billing records: kept while your account is active and up to 6 years after closure to meet tax/accounting obligations.

Support communications: retained for up to 24 months after your subscription has ended, unless you request earlier deletion (where feasible).

Diagnostics/telemetry: retained only as long as necessary for troubleshooting and service improvement, then deleted or anonymised.

Security

We use technical and organisational measures to protect information, including encryption in transit, restricted access, and regular security reviews. No method of transmission or storage is completely secure; we encourage you to use strong, unique passwords and keep your devices up to date.

Your rights

Subject to legal limits, you have the right to request access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests. Where we rely on consent, you may withdraw it at any time (this does not affect processing before withdrawal).

To exercise your rights, contact us at [email protected]. We may need to verify your identity.

Children

Our Services are not directed to children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

Changes to this policy

We may update this policy from time to time. We will post any changes on this page and update the “Last updated” date above. Material changes may be notified via email or in-app notice.

How to contact us & complaints

Questions or requests: [email protected]

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or with your local supervisory authority.

© TidalVPN. All rights reserved.