We may occasionally update this Policy. 

We reserve the right to change the Policy (at its own discretion and at any time). If We make significant changes, We will notify you of the changes on Our App or through other means, such as email, before they enter into force. See more in Terms of Use.

The Company may revise this Policy from time to time but no less than once at every 12 months. If the Company makes material changes to this Policy, it will notify the Data Subjects by e-mail or by posting a notice within the App prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, Data Subjects agree with the revised Policy.

 

Last modified: 14 July 2023
Effective date: 15 March 2021

 

This Privacy and Data Protection Policy (“Policy”) is effective as of the date set forth above. VAKU APPS LTD (“Company”, “VAKU APPS  LTD”, “We”, “Us”, “Our”), operating with a Mobile VPN application (“App”) and website https://vaku.app/ (“Website”), is committed to honoring and encouraging the protection of your privacy as a user who uses the App (“you”, “your”, “User”).

You may print a copy of this Policy for your records.

 

We act as a Joint Data Controller

Joint data controller is a legal person that jointly with other data controllers determines the purposes and means of the processing of personal data, with regard to the personal data of Our App Users. We act as a Joint data controller together with Google LLC (“Google Analytics”, “Google”) and YANDEX LLC (“Yandex. Metrica”, “Yandex”). We determine the purposes of the processing of your personal data regarding our business interests. Google and Yandex determine the means of the processing of personal data and purposes of the processing of your personal data regarding their business interests.

This Policy applies to every individual whose personal data is collected by Google Analytics and Yandex.Metrica (“Partners”) through the App and other persons whose personal data is lawfully disclosed to and processed by our Partners (“Data Subjects”). This Policy describes how our Partners collect and how We and our Partners process the personal information our Partners collect.

 

What types of information do we collect?

We collect the following types of data from you when you use the Services: 

  • Personal Information: we may collect and retain your IP address, name and email address, screen name, payment, and billing information, or other information we may ask from time to time, but only information which will be required for the onboarding process and services provisioning. Any Anonymous Information that is specifically connected or linked to any Personal Information, is treated by us as Personal Information, as long as such connection or linkage exists.
  • Device information: general location of your mobile device (not precise geolocation data), your mobile device’s brand, model, first open time timestamp, system language, number of users and sessions, session duration, etc. in order to analyse usage statistics of our app.
  • Log Data: Log data may include the following information — IP address, operating system, browser type, web pages you visit, time spent on those pages, access times, and dates, the name of the VPN server through which you entered, local IP of the user on the VPN, the domain visited by the user, login time, the name of the VPN server through which you entered, the user id that was assigned by the application, local IP of the user on the VPN, the user’s remote port for connecting to vpn, real remote IP address of the user, the user’s local port on the VPN, port used to connect to the service, connection protocol. This information may be collected and retained to operate our Services and also for legal compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations, or requested by any judicial process or governmental agency.

 

We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including providing our Services, resolving disputes, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and complying with applicable laws. Once your Personal Data is no longer needed, we will securely erase or destroy the records in a manner that ensures your continued privacy.

Remember, We do run automated decision-making software based on all the data we receive. We do use personal information We receive from our Partners, namely the data regarding the time of the User’s actions within the App/Website, the ID of the User’s device, name of version of the app, and the country from which the User has accessed the App/Website for profiling to analyze the Users’ experience within the App, how Users use the Services and App and to enhance the App.

 

Cookies and Third-Party Technologies

We do not use cookies. Our Partners use cookies and other identification technologies on the App/Website.

Cookies are small text files that are stores on devices by apps. Cookie may contain your unique identifier and typically serve to improve your experience of Internet surfing: for instance, due to cookies, you are able to browse pages you have once visited quickly, to set your unique options in “settings” menus, as well as monitor your way through the webpages in order to aggregate precise information about your navigation and preferences, so the app owners may analyze the information and offer you a better service and relevant ads in the future.

Full list of our Partners you can find in a “Cross-border Transfer of Data” block.

Purposes to use cookies
Our Partners collect Your cookies for a few reasons: 

  • To ensure your good experience while using Our App/Website, for instance: 
    • remembering user preferences and settings;
    • determining the popularity of content;
    • analyzing App/Website traffic and trends, and generally understanding the online behaviors and interests of users who use the App/Website;
  • To analyze the way the App/Website is used and accessed (your clicks, time you spend for tasks completion), etc.

 

Third-party websites

Third parties may display their advertisements within the App. When you click on a third-party advertisement, it may redirect you to the website of such a third party outside the App. Such a website may collect your personal data according to its own rules and policies. We are not responsible and hold no liability regarding your personal data by the third-party websites.

We advise you to access the third-party websites carefully and always check their of policies and rules regarding the collection of your personal data.

 

How We Use Personal Data

Our Purposes
Our mobile VPN app is designed to provide a secure and private internet browsing experience on your mobile device. With our app, you can protect your online activities and browse the internet with peace of mind.

Likewise, We will use your personal data for the following purposes: 

  • to make the functionality of Our App available to you;
  • to enhance the App;
  • for marketing purposes, e.g. to determine the Users’ traffic regarding the App/Website, the Users’ locations and geography, the statistics of User’s actions within the App/Website;
  • for compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

Processing personal data for marketing purposes
Our Partners process your personal data and allow Us to process your personal data for marketing purposes on the basis of your consent. Our Partners warrant they have received your consent for receiving of marketing communications from us. Marketing communication may include the right of the Company to notify the User about App updates, new services, marketing proposals, and related notifications. 

You are not under any obligation to provide our Partners with your personal data for marketing purposes. You can withdraw your consent to your personal data being processed for the purposes of marketing communications at any time by contacting Us at the email address help@vaku.app or directly via the App. 

If you do choose to withdraw your consent, this will not mean that Our processing of your personal data before you withdraw your consent was unlawful.

 

How We Share Personal Data

 

We may share the information we collect for the following purposes: 

  • to make the functionality of Our App available to you and for marketing purposes we can share information with third-party parties and partners who assist us in providing our Services, including promotional and marketing activities;
  • to enhance the App and for analytics purposes;
  • to comply with applicable laws, regulations, legal processes, or governmental requests. This includes enforcing our Privacy Policy and Terms of Service, investigating potential violations, addressing fraud, security, or technical issues, responding to your requests, and protecting our rights, property, safety, users, and the public. This may involve sharing information with other companies and organizations for fraud protection and spam/malware prevention.

 

Please note that we prioritize protecting your privacy and only share information as necessary and in accordance with applicable laws and regulations.

 

Disclosure of Your Personal Data

We ensure We always include the controls and warranties embodied in this Policy to the contracts and agreements. We work under the respective contracts and agreements with our Partners and contractors whom We grant access to your personal data. 

We may further collect and possibly share your Personal Data to enforce the Terms of Service. This may be done to prevent a crime or violation of our Terms of Service or to help solve a transgression that has been committed.

We also reserve the right to disclose your Personal Data as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our App/Website.

 

Your Age
Before using Our Services, you have to reach the age recommended/established under the Terms of Use and Privacy Policy of Google and Yandex. Google and Yandex ensure and warrant that you have reached the age at which applicable laws permit you to use the App and to collect your personal data. We fully rely on such warranties of Google and Yandex and promptly react to any reports regarding the inappropriate age of Users of the App. We do not normally provide services to subjects of an inappropriate age. Subsequently, We do not process their personal data. We reserve the right to implement any tools and techniques to reveal the human trafficking and exploitation of children and report them immediately to the appropriate state authorities and enforcement agencies, including the personal data associated with the activities which, at Our own discretion, are suspicious and may raise concerns about their association with the violation of applicable laws.

By using or accessing Our App/Website, We believe that such Data Subjects have reached the age recommended/established under the Terms of Use and Privacy Policy of Google and Yandex and have all rights to enter into an agreement with Us as to the receipt of Services and use of App, as well as process personal data under Data Subjects’ consent for the purposes We mention in this Policy.

If you know that our Partners process the personal data of Users of inappropriate age, please inform Us by sending an email to help@vaku.app.

 

State authorities, enforcement agencies, and courts

We may be legally obliged to disclose your personal data to the competent state authority, enforcement agency, or a court in case We receive a mandatory request for such disclosure from them. 

We may be proactive and address the competent authority in case We suspect a violation of law to be committed in association with your use of Our App/Website.

 

Your consent

We will notify you of the purposes and scope of the disclosure and ask for your permission in case your personal data is to be shared with a third party not mentioned in this Policy.

 

Right to Withdrawal of Consent
You have a right to withdraw consent to the processing of your personal data. You may enjoy this right at any time you wish. Please remember, that the withdrawal of consent does not mean that the processing before the withdrawal is considered thus illegal. 

If you want to withdraw your consent to the processing of your personal data, you should contact our Partners, namely Google or Yandex, in this regard, Subject to your withdrawal of consent to the processing of your personal data, our Partners have to inform us about this. Once our Partners will inform Us in this regard, we will stop processing your personal data. We fully rely on our Partners regarding your withdrawal of consent to the processing of your personal data.

Before withdrawing your consent, take into attention the outcome such withdrawal may entail. 

 

Cross-border Transfer of Data
Our headquarters is in Cyprus. We make every possible effort to protect entrusted data against unauthorized access, including two-factor authentication procedures, regular password changes, due diligence of privacy procedures, and other appropriate and reliable measures provided by Our Partners. 

Some data may be accessed and processed by the following companies:

Yandex LLC (Yandex Appmetrica)

Purpose: Analysis of the Users’ experience within the App and how Users use the Services and App

Country: Russia

Policy link: https://metrica.yandex.com/about/info/privacy-policy 

 

Google LLC (Google Ads, Google Admob, Google Firebase)

Purpose: Analysis of the Users’ experience within the App and how Users use the Services and App

Country: Ireland, USA

Policy link: https://policies.google.com/privacy?hl=en 

 

Unity Technologies

Purpose: Monetization partner

Country: USA

Policy link: https://unity3d.com/legal/privacy-policy 

 

Facebook Inc.

Purpose: Monetization partner

Country: Ireland, USA

Policy link: https://www.facebook.com/privacy/explanation 

 

AdinPlay BV

Purpose: Monetization partner

Country: The Netherlands

Policy link: https://adinplay.com/privacy-and-cookies-policy/ 

 

AppLovin Inc.

Purpose: Monetization partner

Country: USA

Policy link: https://www.applovin.com/privacy/ 

 

Pollfish Inc.

Purpose: Monetization partner

Country: USA

Policy link: https://www.pollfish.com/terms/

https://www.pollfish.com/gdpr/ 

 

Startapp

Purpose: Monetization partner

Country: USA

Policy link: https://www.start.io/policy/

 

Inmoby

Purpose: Monetization partner

Country: India

Policy link: https://www.inmobi.com/website-privacy-policy

 

Ironsourse

Purpose: Monetization partner

Country: Israel

Policy link: https://www.is.com/privacy-policy/

 

Amazon ads

Purpose: Monetization partner

Country: USA

Policy link: https://advertising.amazon.com/legal/privacy-notice?ref_=a20m_us_fnav_l_prvcy

 

Chartboost

Purpose: Monetization partner

Country: USA

Policy link: https://answers.chartboost.com/en-us/articles/200780269

 

Mintegral

Purpose: Monetization partner

Country: Hong Kong

Policy link: https://www.mintegral.com/en/privacy

 

Verizon

Purpose: Monetization partner

Country: USA

Policy link: https://www.verizon.com/privacy/your-privacy-choices#/

 

Kidoz

Purpose: Monetization partner

Country: Israel

Policy link: https://kidoz.net/privacy-policies

 

Monetag

Country: Cyprus

Purpose: Monetization partner

Policy link: https://monetag.com/privacy/

 

Adcolony

Purpose: Monetization partner

Country: USA

Policy link: https://www.adcolony.com/privacy-policy/

 

Csjplatform

Purpose: Monetization partner

Country: Beijing

Policy link: https://www.csjplatform.com/en/privacy

 

Hyprmx

Purpose: Monetization partner

Country: USA

Policy link: https://jungroup.com/pp/

 

Smaato

Purpose: Monetization partner

Country: USA

Policy link: https://www.smaato.com/cookie-policy/

 

Tapjoy

Purpose: Monetization partner

Country: USA

Policy link: https://www.is.com/privacy-policy/

 

Tencent

Purpose: Monetization partner

Country: Shenzhen

Policy link: https://www.tencent.com/en-us/privacy-policy.html

 

Pangle

Purpose: Monetization partner

Country: Beijing

Policy link: https://www.pangleglobal.com/privacy/partner-en

 

Liftoff

Purpose: Monetization partner

Country: USA

Policy link: https://liftoff.io/privacy-policy/

 

Acp-edge.fyber

Purpose: Monetization partner

Country: USA

Policy link: Digital Turbine’s Data Protection Addendum

 

Cleveradssolutions

Purpose: Monetization partner

Country: Cyprus

Policy link: https://cleveradssolutions.com/PrivacyPolicyCAS.html

 

Appodeal

Purpose: Monetization partner

Country: USA

Policy link: Privacy Policy

 

Mopub

Purpose: Monetization partner

Country: USA

Policy link: https://www.applovin.com/privacy/

 

MobFox

Purpose: Monetization partner

Country: Austria

Policy link: https://www.mobfox.com/cookies-policy

 

Adjust

Purpose: Analysis of the Users’ experience within the App and how Users use the Services and App

Country: Germany

Policy link: https://www.adjust.com/terms/privacy-policy/

 

We also may use support from the specialists skilled in performing tasks to enhance our Services as well as other independent contractors, e.g. IT specialists, accountants, auditors, lawyers, etc, provided that all adequate safeguards are put in place. 

In order to secure the adequate level of protection, We implemented the Standard Contractual Clauses as well as signed Data Processing Agreements in the relationships with the engaged contractors, so they are bound to preserve at least the same level of personal data protection as it is granted by the law applicable to us.

 

Data Breaches
We take all reasonable steps to minimize the risk of personal data breach while processing personal data. The risk assessment We have to carry out has to determine whether the risk to the rights and freedoms of the Data Subjects affected is judged to be sufficiently high to justify notification to them.

In the case of a personal data breach, We will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the Data Subjects. Also, in the case of a personal data breach, which is likely to result in a high risk to the rights and freedoms of the Data Subjects, We will without undue delay notify the appropriate Data Subject the personal data of which were breached. If measures have subsequently been taken to mitigate the high risk to the Data Subjects, so that it is no longer likely to happen, then communication with the Data Subject is not required.

We will document all personal data breaches, comprising the facts relating to the personal data breach, its effects, and the remedial action taken. That documentation shall enable the competent authority to verify compliance with the GDPR if necessary.

 

Your Rights

There is a scope of rights you may enjoy as to personal data protection with regard to GDPR and CCPA.

The list of rights protected under GDPR is as follows:

  • right of access (i.e. you may ask Us to send you a copy of the data about you that our Partners collected); 
  • right to rectification (i.e. you may ask Us to correct the outdated or false data or complete the data which is missing or incomplete)
  • right to erasure (i.e. you may ask us to delete the personal data Our partners retain, provided that you are allowed to do so);
  • right to restriction of processing (if processing may be restricted)
  • right to object to processing (if you have a right to object as to certain kinds of processing or in certain circumstances)
  • right to data portability (i.e. you may ask Us to transfer a copy of your data to another organization or to you provided that the circumstances comply with the data protection law).

 

The list of rights protected under CCPA is as follows:

  • the right to request that a business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of personal information the business has collected;
  • the right to request that a business delete any personal information about the consumer which the business has collected from the consumer;
  • the right to request that a business that sells the consumer’s personal information;
  • the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information (“Right to opt-out”).

We pay your attention to the fact that depending on your request regarding the exercising any of your rights provided hereinabove you may need to contact our Partners to exercise such right. 

 

We do not charge any fees in relation to exercising your rights (unless We receive repetitive requests without a clear justification behind the need to request the information within such short periods of time; in this case, We may charge you a small fee to compensate the expenses that incur due to the repetitive and excessive character of requests). We typically do Our best to answer you as soon as possible or within a reasonable period taking into account the complexity of the request, but in case We are processing a large amount of requests the answer may took Us longer than you might expect. 

You can send Us the request via email help@vaku.app or directly via the App. Please verify that your request comprises the details: 

  • your name;
  • contact information;оо
  • right you want to exercise, and, where applicable;
  • your personal data in Our processing;
  • reason/justification behind the such request.

We may ask you to provide Us with some information We already have to verify that it is you or the holder of parental responsibility on your behalf.

 

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell your personal data or disclose your personal data for business purposes.

You might provide us with affirmative authorization to sell your data (the “right to opt-in”). If you are between 13 and 16 years of age, you can provide such services personally. If you are less than 13 years of age, such affirmative authorization has to be provided by your parent or guardian. If you opt in to personal information sales you may opt out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to Us by sending Us a message via email help@vaku.app or directly via the App.

After you make an opt-out request, you may change your mind and opt back into personal information sales at any time by visiting Our App/Website and sending Us a message. We will only use personal information provided in an opt-out request to review and comply with the request.

 

Complaint Lodgement

In case you are convinced We are somehow infringing your personal data rights granted by the GDPR, you may lodge a complaint with the supervisory authority. Our lead authority is:

 

Name: Office of the Commissioner for Personal Data Protection

Address: Iasonos 1, 1082 Nicosia, Cyprus

Telephone:+357 95 552576

E-mail: help@vaku.app.

 

We kindly invite you to share your concerns with Us first regarding any issue related to the processing of your personal data. You may use the following channels to address your inquiries:

Email address: help@vaku.app. 

 

Updates to the Policy

We may occasionally update this Policy. 

We reserve the right to change the Policy (at its own discretion and at any time). If We make significant changes, We will notify you of the changes on Our App or through other means, such as email, before they enter into force. See more in Terms of Use.

The Company may revise this Policy from time to time but no less than once at every 12 months. If the Company makes material changes to this Policy, it will notify the Data Subjects by e-mail or by posting a notice within the App prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, Data Subjects agree with the revised Policy.

 

Disclaimer of Liability:

  1. The use of our website\app  is at your own risk. We shall not be held liable for any direct, indirect, incidental, consequential, or punitive damages arising out of or relating to the use of the app, including but not limited to:
  • Loss of data, privacy, or security breaches;
  • Incompatibility with your device or operating system;
  • Interruptions or unavailability of the app’s services;
  • Errors or inaccuracies in the app’s functionality or content;
  • Unauthorized access to or use of your personal information.
  1. We do not warrant or guarantee the reliability, suitability, or performance of the app. The app is provided on an «as is» and «as available» basis, without any warranties, expressed or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.
  2. We make no guarantees regarding the effectiveness, security, or privacy of the VPN services provided by the app. While we strive to protect your data and ensure a secure browsing experience, you acknowledge that no method of transmission over the internet or electronic storage is completely secure.
  3. We do not assume any responsibility for the actions, content, or policies of third-party websites or services that may be accessed through the website\app. Any interaction or transaction with third parties is solely between you and the third party, and we shall not be liable for any loss or damage arising from such interactions.
  4. The information provided through the app is for general informational purposes only and should not be considered legal, financial, or professional advice. We do not guarantee the accuracy, completeness, or timeliness of the information and recommend consulting with qualified professionals for specific advice.
  5. Our liability, if any, shall be limited to the maximum extent permitted by applicable law.
  6. You agree to indemnify, defend, and hold us harmless from any claims, damages, losses, liabilities, and expenses (including legal fees) arising out of or related to your use or misuse of the app, violation of any laws or regulations, or infringement of any third-party rights.
  7. This disclaimer shall be governed by and construed in accordance with the laws of Cyprus. Any legal actions or proceedings arising out of or relating to this disclaimer shall be exclusively held in the courts of Cyprus.