Zippa VPN
Privacy Policy
Zippa is a privacy product, so this page is the most important one on our site. In plain English: we keep a strict no-logs policy and collect only the minimal data needed to run your account.
Last updated: July 16, 2026
Template notice. This document is a professionally drafted starting point and must be reviewed and adapted by qualified legal counsel before you rely on it. It is not legal advice.
1. Our privacy promise, up front
Zippa VPN (“Zippa,” “we,” “us”) exists to protect your privacy, not to profit from it. We operate a strict no-logs policy. We do not record, store, or sell:
- the websites, pages, or services you visit;
- your real (originating) IP address;
- your DNS queries or the content of your traffic;
- connection timestamps tied to your browsing activity.
Our free tier is funded by customers who upgrade to Premium — never by selling or profiling your data. There is nothing to sell because we do not keep it in the first place.
2. Information we do process
To provide the service and bill Premium subscriptions, we process a minimal set of data:
Account data
- Email address — used to create your account, send essential service and billing notices, and provide support.
- Authentication credentials — your password is stored only as a salted hash. A separate randomly-generated proxy credential authorizes your connection to our network and is never your login password.
Billing data (via Stripe)
- Payments are processed by Stripe, Inc. We never see or store your full card number. We retain a Stripe customer identifier, your plan, subscription status, and renewal date so we can grant or revoke Premium access.
- Stripe processes your payment details under its own privacy policy. See stripe.com/privacy.
Operational data
- Aggregate, non-identifying metrics — for example, total bandwidth per server or a live count of active sessions, used purely to keep the network healthy and enforce plan limits (such as the number of simultaneous devices). This data is not tied to your browsing activity.
- Diagnostic logs — limited, short-lived error logs that help us fix crashes. We work to keep these free of personal data and rotate them regularly.
3. How we use your data
- To create and maintain your account and authenticate your connections.
- To process payments, manage subscriptions, and prevent fraud (through Stripe).
- To provide customer support when you contact us.
- To keep the network reliable, secure, and within plan limits.
- To send essential service messages (we do not send marketing email without consent).
We rely on the following legal bases under the GDPR: performance of a contract (running your account), legitimate interests (security and network health), and consent (any optional communications), which you may withdraw at any time.
4. Cookies and local storage
Our marketing website uses only essential, first-party storage — for example, remembering your light/dark theme preference. We do not use third-party advertising or cross-site tracking cookies on this site. The Zippa extension stores your settings and session locally in your browser. If we ever introduce privacy-respecting analytics, we will update this section and, where required, request your consent.
5. Sharing and disclosure
We do not sell your personal data. We share data only with:
- Service providers (processors) who help us operate, such as Stripe (payments) and our infrastructure/hosting providers. They may process data only on our instructions.
- Legal authorities, only where we are legally compelled to do so. Because we keep no activity logs, we cannot produce browsing history, DNS records, or an activity trail that does not exist.
6. Data retention
We keep account and billing records for as long as your account is active and for a limited period afterward to meet legal, tax, and accounting obligations. When you delete your account, we remove or anonymize your personal data except where retention is legally required. No-logs browsing data is never retained because it is never collected.
7. International transfers
Zippa operates servers in multiple countries so you can choose your location. Where personal data is transferred across borders, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
8. Your rights (GDPR & CCPA)
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your data (“right to be forgotten”);
- port your data to another service;
- object to or restrict certain processing;
- under the CCPA, know what personal information we collect and confirm that we do not sell it, without being discriminated against for exercising your rights.
To exercise any right, email team@zippavpn.com. We respond within the timeframes required by law.
9. Security
We protect your connection with TLS-encrypted proxy hops, store passwords only as salted hashes, and follow least-privilege access controls internally. No system is perfectly secure, but we design Zippa to minimize the data that could ever be exposed.
10. Children
Zippa is not directed to children under 16 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data.
11. Changes to this policy
We may update this policy as our service evolves. We will change the “last updated” date above and, for material changes, provide additional notice.
12. Contact us
Questions about privacy or a data request? Email team@zippavpn.com or use our contact page. Company address and Data Protection Officer details: [Company legal name and registered address to be completed].