Ironlink is committed to safeguarding your privacy and does not collect logs of your online activities while connected to our Services. This includes no logging of browsing history, traffic destination, data content, or DNS queries, connection timestamp or session duration.

This Privacy Policy should be read in conjunction with the Ironlink Terms of Service (the “Terms”). Together, they form a legally binding agreement between you and Ironlink, so it is important to read them thoroughly. Unless specified otherwise, capitalised terms in this Privacy Policy have the same meanings as defined in the Terms.

Ironlink’s primary mission is to provide you with reliable internet connectivity free of censorship & surveillance as well as protect your information privacy.

General Information
Ironlink may collect 4 types of data based on your use of the Services, as detailed in the sections below. If you are visiting our Site, please refer to Section 7.

• Personal Data Linked to Your Account (“Personal Data”) - Personal Data refers to information that, either alone or combined with other data, can uniquely identify an individual. This data is collected to provide our Services, including to prevent fraudulent signups and account hijacking. It may include your email address, and payment information submitted when creating or updating your Account.
• Aggregate Apps and VPN Connection Summary Statistics (“Usage Statistics Data”) - A minimal amount of Usage Statistics Data is collected to maintain excellent customer support and service quality. This data does not include details about users’ browsing and internet activities, including VPN connections—we do not collect, use, disclose, or store data about VPN traffic content, DNS queries, or user IP addresses.
• Optionally, Anonymous App Diagnostics, Including Crash Reports (“App Diagnostic Data”) App Diagnostic Data, comprising crash reports, usability diagnostics, and VPN connection diagnostics, is anonymized and cannot be traced back to individual users. This feature is akin to a “send bug report” option. App Diagnostic Data is not automatically shared. You must opt-in, such as via your Apps' settings menu, to send App Diagnostic Data to us.
• IP Addresses Authorised for Connection - This data is used mainly to prevent connection hijacks and traffic monitoring by malicious 3rd parties.

Personal Data
Ironlink collects Personal Data that you provide when creating or updating an Account. This data is essential for us to deliver our Services, communicate with you, process payments and taxes, prevent fraud, respond to support queries, and share relevant information about your Account and/or the Services.

The specific Personal Data collected depends on your chosen payment method and may include your name, billing country, billing address, and credit card number. For certain payment methods, you may be redirected to third-party payment processors' websites (e.g., PayPal, Cryptomus, Adyen and others) to complete transactions. The personal data collected and stored by these processors is governed by their own terms and privacy policies. We offer crypto payment methods to minimise the Personal Data you share with us. Our trusted partners help simplify the login process and detect fraudulent signups and account hijackings. These partners may obtain user IP addresses, stored separately and deleted permanently after 30 days, and never linked to user behaviour, as we do not collect such data.

Ironlink uses your email address to:

• Provide access to our Services, including password reset or verification emails.
• Communicate about payment transactions.
• Send updates, announcements, and marketing information, such as offers, surveys, and content related to Ironlink that may interest you (“Marketing Emails”). You can opt out of Marketing Emails using the unsubscribe option in these emails.
• Ironlink uses your Personal Data solely as listed in this Privacy Policy and does not sell or lease it to third parties. We collect and process your Personal Data for legitimate interests under applicable law, specifically to fulfil our contractual obligations to you.

Personal information associated with Ironlink accounts is controlled solely by Ironlink, stored on systems and servers owned or leased by us. In limited circumstances requiring processing by related entities, the data may be shared only as necessary, maintaining the same data protection standards, and never transferred to any other entities, including our ultimate holding company, for any duration.

How We Protect and Retain Your Personal Data
We implement top-tier physical, procedural, and technical security measures to protect your Personal Data from loss, misuse, unauthorised access, disclosure, or alteration. While these systems are robust, it's important to acknowledge that no security measures are entirely infallible. Our policy is to collect minimal data.

Our servers are located in secure data centres that don’t require us to collect or store Personal Data related to your use of the Services. Should a data centre request such data, we would cease operations with them and seek alternatives. In the unlikely event of government seizure of one of our VPN servers, there would be no logs to tie any user to specific activities.

Your Personal Data, which never includes sensitive data like browsing history or IP addresses, is retained in accordance with data protection law for as long as necessary. You can request data deletion (see Section 11), but this will terminate your ability to use the Services.

Your Personal Data is controlled by and stored under Ironlink. Ironlink operates under German jurisdiction and laws. Therefore, any legal demand for Personal Data is subject to German jurisdiction and laws. We robustly defend our and our users’ rights against attempts to bypass privacy protections. A parent, subsidiary, or related entity cannot and will not voluntarily provide Personal Data stored by Ironlink.

How We Safeguard Your Personal Data With Relation to Service Providers
Ironlink’s agents, contractors, and third-party service providers (“Service Providers”) may have controlled access to relevant data to assist in processing payments, administering the Services, and other business operations. All Service Providers with access to such data are bound by confidentiality and data processing obligations to keep the data secure and not use it for any purpose other than performing services on behalf of Ironlink. These obligations include contractual commitments to protect data as required by applicable laws, including the transfer of Personal Data from the European Union/European Economic Area to a third country.

Service Providers only access data necessary for the services they provide for Ironlink, which never includes VPN activity or connection data, as we do not collect such information.

Additionally, we may share your Personal Data where you have consented to us sharing or transferring it (e.g., marketing consents or opting into additional services or functionalities).

Usage Statistics Data and App Diagnostic Data
To maintain customer support and service quality, Ironlink collects certain information related to your VPN usage. The data collected is visible to our staff on a need-to-know basis and may be shared with Service Providers but is always kept confidential.

We ensure that Usage Statistics Data and App Diagnostic Data never include sensitive information in line with our commitment to not logging browsing history, traffic destination, data content, or DNS queries.

Regarding VPN Usage Statistics, our principle of minimal data collection means, we don’t know which user accessed a specific website or service, as such, we cannot provide user information related to these aspects as the data doesn’t exist.

• Apps and App Versions - We collect information on which Apps and App version(s) you use for our Services. This helps our Support Team troubleshoot technical issues.
• Successful Connection - We gather information about successful VPN connections (day, VPN location, country/ISP). This minimal data assists in technical support and network issue resolution.
• Aggregate Data Transferred - We monitor the total data transferred by users in order to enforce the terms of the plan and infrastructure performance.
• App Diagnostic Data - With your permission, we collect anonymized App Diagnostic Data, including crash reports and VPN connection diagnostics. This data, fully anonymized, helps optimise network speeds and identify improvement areas. It’s not tied to individual users. If you share App Diagnostic Data with Ironlink, we collect anonymized data on VPN connection failures, speed test data, and app diagnostics, handled by Service Providers under strict confidentiality obligations, varying by platform.

How We Protect and Retain Information Related to Email, Live Chat, and Feedback Forms
Ironlink maintains records of correspondence, questions, complaints, or compliments submitted to us via our Site or Services, including our responses. The data we collect when you contact Ironlink may include your email address and any additional information you provide. Keeping full correspondence records aids our staff in delivering exceptional customer support.

For support correspondence, we might use third-party platforms such as Telegram for live chat or ticketing systems for emails and support tickets. When you interact with us through these platforms, they store your correspondence records, including your email address and user and device attributes helpful in troubleshooting, like the country you're contacting us from and your device’s operating system. The used platforms employ contemporary security practices and SSL encryption. Their respective privacy notices can be accessed on their websites.

Ironlink uses analytics services, including those from third-party Service Providers, for user experience and analytical purposes. These services may use cookies and other data to generate reports and statistics, but they do not access directly identifying information or any Personal Data provided to Ironlink.

Ironlink uses device information (such as device type, operating system/language, and mobile identifiers) for statistical purposes related to our marketing channels and advertising partners. This information does not include your name, email address, or other Personal Data.

To improve our communications, Ironlink or our Service Providers may collect data for statistical reports, assessing email delivery success, delays, or the frequency of email openings.

Interactions With Third-Party Products
The Ironlink Site may include links to external websites, mobile applications, products, or services that are not owned or controlled by Ironlink. These third parties may collect personal information from you, and their terms and conditions apply. Ironlink is not responsible for the privacy practices or content of these external websites. We encourage you to read the terms and conditions and privacy policies of each third-party service provider you engage with in connection with the Site or the Services.

Users in the European Union
Ironlink is dedicated to user privacy globally, and our practices reflect this through minimal data collection and ensuring users have control over their Personal Data. The General Data Protection Regulation (“GDPR”) of the European Union (“EU”) requires specific outlining of these practices for EU users.

Under the GDPR, we collect and process Personal Data as outlined in this Privacy Policy based on one of the following grounds:

• Fulfilling our contractual obligations, including providing Services, managing subscriptions and payments, and offering customer support.
• Legitimate business interests, such as improving our Services and communicating with customers about our Services.
• User consent, which can be withdrawn at any time.

Your Privacy Rights
Under our Services, you have certain rights regarding your Personal Data, subject to exceptions:

• Access to personal data we hold about you.
• Rectification of inaccurate or incomplete personal data.
• Deletion of your personal data, which may affect our ability to provide you with our Services.
• Restriction of or objection to the processing of your personal data.
• Data portability in a commonly used format.
• Withdrawal of consent for data processing.
• Filing a complaint with your local data protection authority.
• You can exercise these rights by contacting us as specified in Section 16. Authorised agents may submit requests on your behalf with written authorization and verification steps to ensure your privacy and security.

Users in California
Under the “Shine the Light Act” (California Civil Code Section 1798.83), California residents may request information about any disclosure of personal data to third parties for direct marketing purposes. Ironlink does not disclose such data for direct marketing. California residents may make such a request as outlined in Section 16.

The California Consumer Privacy Act (“CCPA”) grants the following rights:

• The right to know what personal data is being collected and how it is used and shared.
• The right to request the deletion of personal data, which may impact our ability to provide you with Services.
• The right to opt out of the sale of personal data, which is not applicable as Ironlink does not sell data.
• The right not to be discriminated against for exercising CCPA rights.
• The right to withdraw consent for data processing.

Use by Minors
Ironlink does not knowingly collect Personal Data from individuals under eighteen (18) or the age of majority in their jurisdiction. If you are under the age of majority, do not provide any Personal Data without parental or guardian involvement. We will delete any Personal Data collected in violation of privacy laws upon becoming aware of it. Contact us if you believe we might have such information.

Changes to This Privacy Policy
We may update our Privacy Policy, consistent with applicable privacy laws and principles. Continued use of our Services or access to our Site signifies acceptance of the updated Privacy Policy.

Contacting Ironlink
For questions, concerns, or complaints regarding our Privacy Policy, compliance with laws, handling of your information, or to exercise your privacy rights, please contact us at: support@ironlink.app

We hope none of the legalese will ever be needed. The world would be a great place if so.