Privacy
Policy

SilentSurf LLC ("SilentSurf," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

We believe privacy is a fundamental human right, not a feature. Every decision we make about data is filtered through that lens. If you have questions not answered here, please contact us at privacy@silentsurf.org.

Account Data: When you create an account, we collect your email address and a hashed version of your password. We do not store passwords in plaintext.

Payment Data: Payment processing is handled by Stripe. We store only the last 4 digits of your card, expiration date, and billing country. We never see or store full card numbers.

Device & Technical Data: We collect basic technical information including browser type, operating system, app version, and general geographic region (country-level only) for the purpose of providing and improving the service.

Support Data: If you contact support, we collect the information you provide in that communication.

We do not log, store, or monitor:

• Your VPN traffic or DNS queries • Websites you visit while using our services • Your IP address while connected to our VPN • Connection timestamps or session duration • Bandwidth used per session

This is a core architectural commitment, not just a policy. Our systems are designed so that even if compelled by law enforcement, we have no browsing or connection logs to provide.

We use the data we collect to: provide and maintain the Services; process payments and manage your subscription; send transactional emails (account confirmation, password reset, billing receipts); respond to support requests; detect and prevent fraud or abuse; and improve our products through aggregate, anonymized analytics.

We do not use your data for advertising, profiling, or sell it to third parties — ever.

We do not sell or rent your personal data. We share data only with trusted service providers who help us operate the Services, under strict confidentiality agreements:

• Stripe — Payment processing • AWS — Infrastructure and encrypted storage • Postmark — Transactional email delivery

We may disclose information if required by law, but we will notify you unless legally prohibited from doing so, and we will challenge overly broad requests.

We retain your account data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., billing records required for tax purposes, retained for 7 years).

Aggregate, anonymized analytics data may be retained indefinitely as it cannot be used to identify you.

We implement industry-standard security practices: AES-256 encryption for stored data; TLS 1.3 for data in transit; zero-knowledge architecture for password manager vaults; regular penetration testing by independent security researchers; SOC 2 Type II compliance (in progress); and strict internal access controls — employees cannot access your vault data.

Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@silentsurf.org.

Depending on your jurisdiction, you may have the right to: access your personal data; correct inaccurate data; request deletion of your data; export your data in a portable format; opt out of certain data processing; and lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at privacy@silentsurf.org. We will respond within 30 days. Users in the EU/UK may also contact their local data protection authority.

We use a minimal set of cookies: essential session cookies required for authentication and security; and preference cookies to remember your settings. We do not use advertising cookies or third-party tracking cookies.

You can control cookie behavior through your browser settings. Disabling essential cookies may affect functionality.

Our Services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

If you believe we have inadvertently collected data from a child, please contact us at privacy@silentsurf.org.

SilentSurf is based in the United States. If you access our Services from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses for EU/UK users.

For privacy-related questions, requests, or concerns:

SilentSurf LLC — Privacy Team Email: privacy@silentsurf.org General: support@silentsurf.org Website: silentsurf.io/support

We take privacy inquiries seriously and will respond within 5 business days.