Turbo VPN - Privacy Policy

This Privacy Policy outlines how your data is collected, used, shared, and transferred in connection with your use of the Turbo VPN websites (turbovpn.com and turbovpn.co) (the “Websites” or “Sites”), the Turbo VPN or Turbo VPN Lite applications (the “Apps”) and related services (collectively, the “Services”).

The Services are operated by Innovative Connecting Pte. Limited (the “Company”, “Turbo”, “Turbo VPN”, “we”, “our”, “us”), domiciled at 8 Marina View #43-052A Asia Square Tower 1, Singapore 018960. It is therefore governed by and construed in accordance with the laws of the Republic of Singapore, excluding its conflicts of law principles.

Together with our affiliates, we are committed to protecting your privacy by strictly minimizing the scope of data collection. Only data required to maintain our Services is collected. Based on this principle, we do not sell, use, or disclose any data to third parties for any unrelated purposes.

By accessing or using our Websites, Apps, and/or Services, you acknowledge that you have read, understood, and agreed to be bound by this Privacy Policy. This Privacy Policy does not apply to data that you transmit to or receive from third-party websites through our Services.

Please note that this Privacy Policy and the Terms of Service (together, the “Agreement”) constitute a binding legal agreement between you ("user" or "you") and us. If you do not agree with this Agreement or any provisions hereof, please do not install the Apps or use any of our Services.

1. Data We Collect

We limit the data collection to what is maintain the quality and functionality of our Services.

Anonymous Usage Data

All such data is irreversibly anonymized at the point of collection, precluding both the service operator and any third party from reconstructing, inferring, or cross-referencing this data to any individual user, device, or VPN session.

Account Registration Data

If you choose to create or update an account (the “Account”), we may ask for an email address. The amount of data that you provide us depends on your privacy settings. We may use your email address for the following purposes:

• To enable access to certain Services, including password recovery, verification emails, and payment-related processes.
• To respond to your communication inquiries.
• To send you updates, announcements and marketing information, such as our offers, surveys, invitations, and other relevant content.

You may withdraw your consent to our use of your email address for the above purposes.

Subscription Data

If you choose to purchase the paid Services (the “Subscription”), we may collect certain subscription-related information (including your email address, the subscription plan you have chosen, subscription term, amount, currency, status, auto-renewal status, transaction ID etc.) to complete your payment request and provide troubleshooting report. Please note that we do not collect or store any credit card information, any other sensitive payment information, or any personally identifiable financial data.

Cookies Data

Cookies are small text files that are stored on your device when you visit our websites. They allow the website to remember your actions and preferences over a period of time. This helps enhance your user experience by reducing the need to re-enter such information each time you return to the website or move between pages. For detailed information about the types of cookies we use and how they function, please refer to our Cookie Policy.

Communication Data

If you contact us directly through any communication channels we supported, we may receive data such as your name, email address, phone number, content of the message and/or attachments, and any other personal data you may choose to provide to us voluntarily. We may use this information you provide to us voluntarily to respond to your communication inquiries, and you may withdraw your consent to our use.

2.What We Use Data For

We use, combine, and process your data for the following purposes:

For Security

We authenticate your use of our Services by assigning a unique identifier to your device when you sign up for the Services via your email address. This unique identifier, without reference to other data, identifies you through your device identification code. The purpose of the unique identifier is for us to determine the level of service you have signed up for before we establish your VPN connection. We do not use any other forms of your data to verify your identity.

For System Diagnostics and Analytics

We use the data related to your usage or our Services to perform internal operations necessary to maintain our Services quality. This includes, but is not limited to operational troubleshooting, conducting data analysis, activity trend analysis and other.

For Customer Support

We use your data to investigate and resolve support requests. For example, we may investigate and address concerns, monitor and improve our customer support, respond to your questions and feedback, and inform you of suggest steps to resolve certain regular customer issues. We may communicate with you to provide updates relating to our Services, and for marketing and promotional purposes.

For Research and Development

We use your data to understand and analyze your use of our Services to develop new products, features, functionalities and other services for you.

Ensure legality

We nay use your data to prevent fraud, illegal activity, or misuses of our Services, and to comply with legal obligations.

3. How We Share and Transfer Data

We share and transfer your data in various ways, including the following:

Aggregated or Anonymous Data Form

We use and share your data with our partners in aggregated or anonymized form that cannot be used to identify individual users.

Service Providers

We work with third-party service providers to help us support various operations, such as payment processing, diagnostics, analytics, and other. As a result, some of these service providers may process your data.

To facilitate payments and issue receipts or invoices, we may share your email address with third-party payment companies. Receipts and invoices are essential for after-sales support or refunds, so please retain them for your records.

To operate diagnostics and analytics, we may share anonymized data, such as network diagnostics and analytics, with third-party analytics providers to help us improve the Services quality. Please note that you cannot be identified from these anonymized statistics and analytical data.

To provide and market our Services, we may use the data provided by the service providers and the third-party vendors.

Importantly, data collected for analytics, diagnostics, or advertising is handled in a logically segregated manner, such that no persistent identifier or analytical data can ever be cross-referenced with VPN account information, subscription status, user activity logs, or traffic content.

Business Transfers

Your data may be disclosed and otherwise transferred to potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership.

Cross-border Data Transfers

We may process your data to any countries in which we engage service providers. You hereby acknowledge the transfer of your data outside of the country where you reside. We will ensure appropriate safeguards are in place to protect your data during such transfers.

With Your Consent

We may share your data when we have your explicit consent or when you instruct us to do so.

4. How We Protect Data

Security Measures

We implement robust security measures to safeguard your data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. We ensure the security of our computer networks and sound adoption of control measures. Access to your data by our staff is strictly limited to those with a legitimate need to know. We do not collect or store any traffic data or personal data in our data centers.

Breach Notifications

In the event of a serious data breach, we will promptly notify supervisory authority to ensure the effective protection of your data. We will also take the necessary actions to mitigate any potential harms.

5. Data Retention and Deletion

Retention

We will only retain your information for as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable laws provides for longer storage and retention period — for the storage and retention period required by applicable laws. After that your personal data will be deleted, blocked, or anonymized, as required by applicable laws. If deletion or anonymization is not immediately feasible, for instance, if the data is stored in backup archives, we will securely store it and isolate it from further processing until deletion is possible.

Deletion

We will delete your data under the following circumstances:

• When it is no longer necessary for the original purpose for which it was collected or processed.
• When you withdraw your consent for holding your data, and we rely solely on this consent as the lawful basis for processing.
• When you object to our processing of your data, and we have no overriding legitimate interest to continue processing.
• When you object to our use of your data for direct marketing purposes.

6. Interactions With Third-Party Services

While using our Services, you may interact with third-party services—for example, by clicking on links within our Apps, Websites, or other platforms that direct you to external sites or services. Please be aware that we shall not be held responsible for the privacy policies and/or practices of these third-party services. We strongly encourage you to review their privacy policies carefully before engaging with them.

To help analyze and improve the performance of our Services, including crash reporting and diagnostics, we have integrated Firebase by Google.

To help us measure advertising performance and optimize user acquisition, we have integrated Adjust.

To offer customer support via Live Chat services, we have integrated Zendesk.

To offset the cost of providing the free version of our Services, we work with trusted third-party advertising partners and display ads. These third-party advertising partners, such as Admob by Google, Liftoff, InMobi, Unity, Bigo Ads and TradPlus, may set and access their own cookies, pixel tags, and similar technologies on our Services, and may otherwise collect or have access to data about you which they may collect over time and across different online services. Please note that we do not target advertisements based on your personal data, and neither do we share or use your personal data in connection with third-party advertisers without your prior consent.

To support global payment options on our websites for providing the paid Services, we work with several third-party payment companies, including Stripe, Airwallex, Payssion and v5pay.

Additionally, to optimize the payment performance on our websites, ensure transactional security, and protect your privacy, we work with fraud prevention and risk management services such as Forter and Rebilly.

7. Country-Specific Provisions

7.1 Users in the European Economic Area (EEA)/UK

The EU General Data Protection Regulation (GDPR) of UK GDPR requires us to outline those practices in a specific manner for users in the EEA and UK. If you are a resident of the EEA/UK, we ask that you keep the information that you provide to us updated. You can correct any information you have provided by contacting us through this form.

You represent and warrant that all information you provide us is true and correct, and that the info relates to you and not to any other person.

You can exercise your rights at any time and ask us for access to, or rectification or erasure of, your information.

Please note that other third parties (our data partners) may be controllers of your information. You can obtain more details and opt out of the sharing of your personal information to third parties for any purpose by contacting us.

If you have previously consented to any direct marketing communication from us or subscribed to our newsletters, you can unsubscribe by clicking on a link available in each communication and newsletter we send you.

Please note that the Services can be affected by your actions. Some of your information and processing thereof is mandatory for us to provide the services.

Your actions may force us to cease providing services. When the conditions below apply, services will be reset:

• If you ask for the modification of this mandatory information, we may be unable to continue providing the Services for you.
• If you request limitations to processing that are mandatory for the Services, or you object to such processing (in which case, we may not be able to provide you our Services).
• If you withdraw your consent or ask for the deletion of your information, we will not use or process your information any more, but we will store it to meet regulatory or police requests. We also reserve the right to retain an archive of such information for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such information.

If you are the parent of a child who is under 13 years of age (or under another age specified by applicable regulations) and believe your child has provided us with improper information, please contact us and we will delete the information from our systems.

To preserve the confidentiality of your information, we must be able to correctly identify you. For this reason, please provide us with a copy of an official document to prove your identity. This copy will be safely destroyed within two months of your request being received and closed.

Please specify your request and contact us at:

Email: turbovpn@inconnecting.com

Our team will look into your request and answer you within one month, unless your request requires further investigation, in which case you will be specifically informed.

7.2 Users in California

The California Consumer Privacy Act of 2018 (CCPA) permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has collected, shared with, and/or sold to third parties for a business or commercial purpose during the immediately preceding calendar year.

As a Californian consumer, you also have the right, at any time, to opt out of any type of selling or share of your personal information.

Please note that we do not sell your personal information provided to us or described in this Privacy Policy. Our partners and providers who work with us may have access to your personal information in order to provide you with the services within the limits and throughout the duration of our agreement, but they cannot reuse your personal information for any other purposes. Our contracts are strictly drafted to protect your personal information and your privacy rights.

8. Use by Children

We encourage parents and guardians to teach their children about privacy and how their information may be used on the Internet. Children should never disclose their names, address or phone numbers, or any personal information, without their parents’ or guardian's prior permission.

We consider a user to be a child if they are under the age of 13, unless more stringent regulation applies in their state of residence.

If we consider that any of our Services are directed at users under the minimum legal age required in their country of residence, we can block such users from using the services or from providing information and/or limit the collection of information from such users as described below in more details.

No personal information should be submitted to us by users under the minimum legal age required in their state of residence. We apply the following limitations to personal information collection for a user that does not meet the minimum legal age required in their state of residence.

Such a user cannot: (1) display their real name or any information in our applications, our websites or our other services; (2) Access the chat, leader board, forums, SNS (Facebook, Game Center, etc.); (3) subscribe to newsletters; (4) use any other feature where users’ real names might appear.

With respect to such users, we will prevent the collection and use of their precise geolocation data and display to them contextual advertising only (excluding any behavioral advertising).

Children can be invited to take part in testing our Services with their parents' or guardians’ authorization and/or their parents' or guardians’ physical presence being required depending on the state where testing is conducted.

Parents must exercise their privacy rights for their children provided in this Privacy Policy.

9. Your Privacy Rights

While using our Services, you have the following rights (subject to certain exceptions or exemptions):

Access

You have the right to request access to your data that is associated only with you. To protect your privacy and security, we may take reasonable steps to verify your identity before acceding to your request. Upon our approval of your access request, we will provide you with your data that is in our possession or under our control. Where applicable, we will provide you with information about the ways in which your data has been or may have been used or disclosed by us within a year of your request. We may charge you a fee for fulfilling the access request.

Correction

You have the right to request a correction of any error or omission in the data we possess or control. We will consider whether the correction should be made. If such correction is to be made, we shall correct your data as soon as practicable and send the corrected data to every other organization to which your data was disclosed by us within a year after the date the correction request was made, unless that other organization does not need the corrected data for any legal or business purpose. To protect your privacy and security, we may take reasonable steps to verify your identity before correcting your data. Your data may be archived or stored periodically by us according to backup processes conducted in ordinary course of business for disaster recovery purposes.

Deletion

If you have registered a user account, you have the right to request and delete your user account and associated data. Please be aware that once deleted, this action is irreversible, and your account and data cannot be recovered.

10. Changes to Privacy Policy

This Privacy Policy may be updated periodically to comply with applicable laws and principles, with or without prior notice. Your continued use of our Services constitutes your acceptance of the updated Privacy Policy, which will be posted on our websites. If there are significant changes to how we use or share your data previously collected, we will notify you through our applications, our websites, emails, or other communication channels.

11. How to Contact Us

If you have any questions, concerns, or complaints about our Privacy Policy, our compliance with applicable laws, how we handle your information, or if you wish to exercise your privacy rights, please contact us at:

Email: turbovpn@inconnecting.com

Our Data Protection Officer (the “DPO”), David Lau, is also available for privacy-related inquiries. You can reach him by writing to:

Email: dataprivacyofficer@inconnecting.com