Last updated: February 2026

Privacy Policy

1. Introduction

SecureWave ("we," "us," or "our") operates the SecureWave VPN service, including our website, desktop applications, and mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and maintaining the security of any personal information we receive from you. Our core mission is to provide a private, secure internet experience, and that commitment is reflected in every aspect of how we handle your data.

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

We collect only the minimum information necessary to operate and improve the Service. The categories of information we collect include:

2.1 Account Information

When you create a SecureWave account, we collect:

  • Email address -- used for account identification, communication, and password recovery.
  • Password -- stored using industry-standard bcrypt hashing. We never store your password in plaintext.
  • Payment information -- processed securely by our third-party payment providers. See Section 5 for details.

2.2 Connection Metadata

To maintain service quality, prevent abuse, and enforce subscription limits, we collect limited connection metadata:

  • Connection timestamps -- the date and time you connect to and disconnect from the Service.
  • Bandwidth consumed -- the total amount of data transferred during each session, used for capacity planning and plan enforcement.
  • Server location selected -- which VPN server region you connected to, used for load balancing and infrastructure optimization.

2.3 Device Information

We may collect basic device information to provide platform-appropriate support and troubleshoot issues:

  • Operating system type and version.
  • SecureWave application version.
  • Device type (desktop, mobile, tablet).
  • Language and locale settings.

2.4 Communication Data

If you contact our support team, we retain the content of your correspondence (including email address and any attachments) to resolve your inquiry and improve our support processes.

3. Information We Do NOT Collect

SecureWave operates under a strict no-logs policy. We do not monitor, record, log, store, or share any of the following:

  • Browsing history -- we never track which websites, pages, or services you visit while connected to our VPN.
  • DNS queries -- all DNS requests made through our Service are resolved by our own encrypted DNS servers and are not logged.
  • Your IP address when connected -- once your VPN session is established, we do not associate your originating IP address with your activity. Connection logs that include your IP are automatically purged after authentication is complete.
  • Traffic content -- we never inspect, log, or store the content of your internet traffic, including emails, messages, downloads, or streaming activity.
  • Connection activity logs -- we do not keep records of which services you access, what protocols you use, or what data you transmit.

This no-logs policy has been designed so that even if compelled by legal process, we are unable to provide information about your online activities because such information simply does not exist on our systems.

4. How We Use Information

The limited information we collect is used exclusively for the following purposes:

  • Account management -- to create, maintain, and authenticate your account.
  • Service delivery -- to provide, operate, and maintain the VPN service, including server allocation and capacity planning.
  • Billing and payments -- to process subscription payments, manage billing cycles, issue refunds, and prevent fraudulent transactions.
  • Customer support -- to respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Service improvement -- to analyze aggregate, anonymized usage patterns for the purpose of improving performance, reliability, and user experience.
  • Security -- to detect and prevent abuse, unauthorized access, and service disruption.
  • Legal compliance -- to comply with applicable laws, regulations, and legal processes.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We will never monetize your data.

5. Payment Information

All payment transactions are processed through our trusted third-party payment provider, Stripe. When you subscribe to our Service:

  • Your credit card number, debit card number, or bank account details are collected and processed directly by the payment provider.
  • We do not store, process, or have access to your full payment card numbers.
  • We receive only a transaction reference, the last four digits of your card (for display purposes), the card type, and the billing country.
  • Our payment providers are PCI DSS Level 1 compliant and adhere to the highest industry standards for payment security.

For details on how Stripe handles your data, please refer to the Stripe Privacy Policy.

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption in transit -- all communications between your device and our servers are encrypted using TLS 1.3. VPN tunnels use WireGuard with ChaCha20-Poly1305 or AES-256-GCM encryption.
  • Encryption at rest -- all stored data, including account information and connection metadata, is encrypted at rest using AES-256 encryption.
  • Infrastructure security -- our servers operate in hardened environments with strict access controls, network segmentation, and full-disk encryption.
  • Regular security audits -- we conduct periodic internal and third-party security assessments to identify and remediate vulnerabilities.
  • Anomaly detection -- our network infrastructure employs monitoring and anomaly detection to identify and mitigate potential threats, DDoS attacks, and unusual traffic patterns.
  • Access controls -- employee access to user data is restricted on a need-to-know basis, logged, and regularly audited.
  • Incident response -- we maintain a documented incident response plan and will notify affected users promptly in the event of a data breach.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy:

  • Account data -- retained for the duration of your active account. Upon account closure or cancellation, your personal data is permanently deleted from our systems within 30 days.
  • Connection metadata -- aggregated and anonymized within 24 hours. Individual session data is purged automatically.
  • Billing records -- retained for the minimum period required by applicable tax and financial regulations (typically 7 years for transaction records).
  • Support correspondence -- retained for up to 2 years after resolution to facilitate follow-up support and quality assurance, then deleted.

You may request early deletion of your data at any time by contacting us (see Section 12). We will process such requests within 30 days, subject to any legal obligations to retain certain records.

8. Third-Party Services

We use a limited number of third-party services to operate the Service. These providers are carefully selected and contractually bound to protect your data:

  • Payment processors (Stripe, PayPal) -- for subscription billing and payment processing.
  • Email delivery services -- for transactional emails such as account verification, password resets, and billing notifications. We do not send unsolicited marketing emails.
  • Infrastructure providers -- for hosting our servers and network infrastructure. These providers do not have access to decrypted user data.

We do not share your information with any third party for advertising, analytics, or marketing purposes. We do not integrate third-party trackers, advertising pixels, or social media widgets into our applications.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access -- you may request a copy of the personal data we hold about you.
  • Right to rectification -- you may request correction of inaccurate or incomplete personal data.
  • Right to deletion -- you may request that we delete your personal data, subject to legal retention requirements.
  • Right to data portability -- you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing -- you may request that we limit how we use your data in certain circumstances.
  • Right to object -- you may object to certain types of data processing.
  • Right to withdraw consent -- where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us using the information in Section 12. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

Our Service is not intended for individuals under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under the age of 13 without parental consent, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last updated" date at the top of this page.
  • We will notify you via email at least 14 days before the changes take effect.
  • We will display a prominent notice within the application.
  • For significant changes, we may require you to re-acknowledge the updated policy before continuing to use the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

We take all privacy inquiries seriously and will respond to your request within 30 days.