Privacy Policy

Effective date: 22 January 2026

Last updated: 27 January 2026

1. Controller and contact

Controller: Iconic ProTech LTD (NI699904)
Contact: [email protected]
Registered office: Unit 9 Twin Spires Centre, 155 Northumberland Street, Belfast, Northern Ireland, BT13 2JF

2. What we do

We provide consumer VPN apps that encrypt your internet connection. We design our systems to avoid logging activity data.

3. The data we do not collect when connected

We do not collect or log: originating IP address, DNS queries while connected, browsing history, or traffic content.

4. Data we process (and why)

  • Account data (email, hashed credentials, plan tier, country selected at checkout): to create and maintain your account, provide service, billing, and support.
  • Payment data: processed by Mollie, Squareup, NOWPayments, and Paddle. These payment providers may act as independent controllers of payment and fraud‑prevention data; we retain transaction references to reconcile payments and manage refunds/chargebacks.
  • Service data (minimal, aggregated or de‑identified): e.g., total bandwidth per period, general connection telemetry (success/failure, app version, crash reports), to operate the service, detect abuse, and plan capacity.
  • Support data: information you provide via email ([email protected]) or support tickets to troubleshoot issues.

5. Legal bases (UK GDPR)

We rely on contract (to provide the Services), legitimate interests (network security, capacity planning, fraud prevention), consent where required (e.g., non‑essential cookies/marketing), and legal obligation (e.g., tax records).

6. Cookies & similar technologies

See our Cookie Policy for details and consent controls under PECR.

7. Sharing and international transfers

We use vetted providers (e.g., hosting, analytics with IP truncation, payments). Some providers operate outside the UK/EEA; where so, we rely on adequacy decisions or the UK International Data Transfer Addendum/appropriate safeguards.

8. Retention

Account and transactional records are kept for as long as you have an account and as required for tax/accounting and dispute resolution. Minimal service telemetry is aggregated or deleted on a rolling basis [e.g., within 30–90 days] unless extended for security or legal reasons.

9. Your rights

You can access, rectify, erase, restrict, port, and object (including to direct marketing). You can withdraw consent at any time. Complaints may be raised with the ICO (ico.org.uk).

10. Children

Our Services are not directed to children under [AGE – typically 16]. Do not use the Services if under the minimum age.

11. Changes

We may update this policy; we will note the revision date above and highlight material changes.

Back to Legal Hub