TOTEM VPN LogoTOTEM VPN
Menu

Privacy Policy

PRIVACY POLICY Effective Date: February 1, 2026

1. DATA CONTROLLER Oceanic Consulting VOF Blaakse wetering 109, 3176 XB Poortugaal, Netherlands. Contact: [email protected] (Subject: “Privacy Request”)

2. NO-LOGS POLICY (Data Minimization) TOTEMVPN adheres to a strict No-Logs policy. We do not store or retain:

  • Traffic content (data payloads).
  • DNS queries.
  • Browsing history or websites visited.
  • Your original IP address or the assigned VPN IP address after the session ends.
  • Transient Processing: For the technical operation of the service during an active session, certain data necessary for routing and secure communication is processed transiently in memory and is not permanently retained beyond the active session.

3. OPERATIONAL DATA (Technical Necessity) To ensure service stability and prevent abuse (e.g., enforcing device limits), our systems may temporarily process minimal operational data, such as:

  • Active session counters.
  • Aggregated bandwidth usage.
  • Anonymized technical diagnostics (e.g., crash reports, where enabled). Retention: This data is processed automatically and deleted within a short retention cycle (e.g., upon session termination or within 24 hours). It is not used to track browsing activity and is never linked to traffic content.

4. NO SALE OF PERSONAL DATA We strictly do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes.

5. SECURITY MEASURES We implement appropriate technical and organizational measures to protect your data, including strong encryption in transit (using industry-standard protocols) and strict access controls to our infrastructure.

6. PAYMENT DATA & RETENTION

  • Website: Payments are processed by Stripe. We do not store full credit card numbers. Stripe acts as an independent controller for financial data and fraud prevention.
  • App Stores: Payments via Apple/Google are handled entirely by those platforms.
  • Billing Records: We retain basic transaction metadata (e.g., invoices) for 7 years, as strictly required by Dutch tax laws (fiscale bewaarplicht). This retention period applies solely to financial/accounting records and does not affect the short-term retention cycle of operational data described in Section 3.

7. LEGAL BASIS FOR PROCESSING (GDPR) We process personal data under the following legal bases:

  • Contract: To provide the VPN service and manage subscriptions.
  • Legitimate Interest: To ensure network security, prevent abuse, and improve reliability.
  • Legal Obligation: For tax and accounting compliance (e.g., data retention).

8. INTERNATIONAL TRANSFERS As we operate a global network of servers, your data may be processed outside the European Economic Area (EEA). In such cases, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data remains protected in accordance with GDPR standards.

9. YOUR RIGHTS (GDPR) Under the GDPR, you have the right to access, rectify, erase, restrict processing, object to certain processing (where applicable), and to lodge a complaint with a supervisory authority, in particular the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). To exercise your rights, contact [email protected].