Privacy Policy

1) Who We Are (Data Controller)

If you have privacy questions or requests, contact: ( privacy@maxvp.net).

2) Scope

This Privacy Policy explains how we collect, use, share, and protect personal data when you:

  • visit our website (maxvp.net),
  • purchase or manage a subscription,
  • use our applications and VPN-related services,
  • contact support.

3) Our “No-Logs” Position (Plain English)

We built MaxVP to minimize data collection. Specifically:

We do NOT log or store:

  • websites you visit, browsing history, or the content of your traffic,
  • DNS queries of your browsing activity (except where you explicitly use a DNS feature that requires processing),
  • the contents of communications (messages, files, app payloads),
  • VPN traffic payload inspection (“deep packet inspection”) for user profiling.

What we MAY process (limited operational data):

To operate the service, prevent fraud, and keep systems stable, we may process limited technical/operational data (see Section 4). We keep it minimal, purpose-limited, and time-limited.

4) What Data We Collect

We collect data in a few categories:

A) Account & Subscription Data

  • Email address (used as your account identifier and for service communications)
  • Subscription status, plan type, and internal order identifiers

B) Payment & Billing Data

Payments are processed via third-party payment providers. Depending on the provider and payment method, they may process:

  • transaction amount, time, currency,
  • billing country and tax-related details,
  • payment method metadata (not the full card data accessible to us in most cases),
  • fraud-prevention signals (e.g., IP address at time of purchase).

Important: MaxVP does not intentionally store full payment card numbers or CVV. Payment processing is handled by the payment provider under its own security standards.

C) Support & Communications

If you contact support (email/chat), we may collect:

  • your contact details (email),
  • message content and attachments you provide,
  • basic technical info you choose to share (device type, app version, error codes).

D) Technical & Operational Data (Minimal)

To run the service and prevent abuse, we may process:

  • device/app metadata (app version, OS, device type),
  • active session state (e.g., whether a session is active, last successful connection time),
  • limited anti-abuse/fraud signals (e.g., unsuccessful login attempts count, rate-limiting indicators).

Credential safety: We do not intentionally write plaintext passwords to logs. We implement controls to avoid recording sensitive secrets (passwords, API keys, tokens). If you believe a secret was logged, contact us immediately at .

E) Smart DNS (If you enable it)

If you enable Smart DNS or any feature requiring IP authorization:

  • we may store the IP address you register for that feature,
  • only for the duration needed to keep the feature working (see retention below).

5) How We Use Data (Purposes)

We use personal data to:

  • create and maintain your account and deliver the service,
  • process payments, renewals, refunds, and prevent fraud,
  • provide customer support and troubleshoot issues,
  • protect infrastructure and enforce security (anti-abuse, rate limiting, bot protection),
  • comply with legal obligations (tax/accounting, lawful requests where applicable).

6) Legal Bases (GDPR)

Where GDPR applies, we rely on:

  • Contract (to provide the service you purchased),
  • Legitimate interests (security, fraud prevention, service reliability),
  • Legal obligation (tax/accounting compliance),
  • Consent (where required, e.g., optional marketing communications).

7) Data Sharing (Processors)

We share personal data only as needed, with vetted service providers (“processors”), such as:

These providers process data under contractual obligations to protect it and use it only for providing services to us.

We do not sell personal data.

8) International Data Transfers

Our service and providers may process data in countries where our infrastructure or vendors operate (which may include the EEA and other jurisdictions).

When personal data is transferred internationally (including outside the EEA), we use appropriate safeguards such as:

  • adequacy decisions (where applicable),
  • Standard Contractual Clauses (SCCs) or equivalent lawful mechanisms,
  • vendor due diligence and security commitments.

9) Data Retention (Clear, Defensible)

We retain data only as long as necessary for the purposes described:

  • Account data (email, subscription identifiers): while your account is active, and up to 24 months after closure (unless legal obligations require longer).
  • Payment and billing records: retained as required by applicable tax/accounting laws (often 5–10 years, depending on jurisdiction).
  • Support communications (tickets/chats): typically 6–12 months, unless needed longer for dispute resolution.
  • Operational/security logs (if any): retained for a short period (typically 7–30 days) to diagnose incidents and prevent abuse.
  • Smart DNS authorized IP (if enabled): kept only while the feature is enabled and removed upon disabling or service termination (with short grace periods for operational continuity).

After retention expires, we delete or irreversibly anonymize data.

10) Security Measures

We use reasonable technical and organizational measures to protect data, including:

  • TLS encryption for data in transit,
  • access controls and least-privilege permissions,
  • monitoring and abuse prevention controls,
  • secure password handling (hashed and salted where applicable),
  • incident response processes.

No internet service can guarantee absolute security. We continuously improve safeguards as threats evolve.

11) Cookies and Tracking

We may use essential cookies for site functionality and security. If we use analytics or non-essential cookies in the future, we will:

  • disclose what is used,
  • provide choices where required by law.

12) Your Rights

Depending on your location, you may have rights to:

  • access your data,
  • correct inaccurate data,
  • delete data (subject to legal limits),
  • restrict or object to processing,
  • data portability,
  • withdraw consent (where processing is based on consent),
  • lodge a complaint with a data protection authority.

To exercise rights, contact: . We may request verification to protect your account.

13) Children’s Privacy

MaxVP is not intended for children. We do not knowingly collect data from minors. If you believe a minor provided data, contact us to delete it.

14) Changes to This Policy

We may update this policy to reflect service or legal changes. We will update the Effective Date and, for material changes, provide notice via the website or email where appropriate.