Privacy Policy

Last updated July 24, 2019

You have legitimate concerns about privacy and therefore we expressly describe all processing of personal data done by us. We want you to understand what limited information we collect and what may happen to that information when you use any of the NordVPN Services. This document (hereinafter – the “Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when you access, install or use the NordVPN Services. Our top priority is customer data security. Operating under the jurisdiction of Panama allows us to guarantee our no logs policy. We process only minimal user data – only as much as it is absolutely necessary to maintain our services. All definitions and capitalized words used in this Privacy Policy are defined in our Terms of Service. By visiting NordVPN website, by submitting your personal data to NordVPN, also by accessing, installing and/or using the NordVPN Services you confirm that you have read this Privacy Policy and that you enter into legally binding relationship with NordVPN (hereinafter – „NordVPN“, „we“ or “us”), as well as you agree to be bound by this Privacy Policy. If you disagree with the rules of this Privacy Policy, please do not use the NordVPN Services. If you have any questions about this Privacy Policy or your privacy, please contact us by email privacy@nordvpn.com.

Processing of your data

NordVPN processes user data only to a very limited scope – only as much as it is absolutely required for provision of the NordVPN Services, processing of payments for the NordVPN Services, as well as functioning of the NordVPN website and mobile applications. Personal data is processed by NordVPN automatically and manually. Unless expressly noted otherwise, NordVPN or a designated subsidiary in your country shall act as the responsible personal data controller for any data processed. NordVPN uses third party data processors only for processing of payment data, emailing service and basic website and app analytics. NordVPN guarantees a strict no-logs policy for NordVPN services, meaning that your activities using NordVPN Services are provided by automated technical process, are not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, session information, used bandwidth, traffic logs, IP addresses or other data. From the moment a NordVPN.com user turns on the NordVPN.com software, their Internet data becomes encrypted. Any online traffic coming from user’s device is no longer visible to ISP, third-party snoopers or cyber criminals. Further, NordVPN have a strict no logs policy when it comes to seeing user activity online: NordVPN is based in Panama, which does not require data storage. Anyone may browse our website, install NordVPN application and mobile applications without signing up for the NordVPN Services, however the functionality of the NordVPN Services will be very limited or absent. If you want to engage full functionality of the NordVPN Services, you need to create a user account and provide basic personal data indicated below. If you choose to create a user account, you must provide the following basic information: Email address. We ask for your email address as part of your registration. That ensures that we can communicate with you when we have any exciting announcements to make, service updates to advise or errors to report. Valid email address is also needed to retrieve a lost password and to make a VPN connection. Payment data. In addition to the conventional payment methods, such as credit card, users can buy NordVPN service with cryptocurrency. Our payment processing partners process basic billing information for payment processing and refund requests. You must maintain this information current, truthful, complete and accurate. You warrant that you are authorized to provide such information. You authorize us to verify your information at any time. If it is found to be untrue, inaccurate, not current or incomplete, we retain the right, in our sole discretion, to suspend or terminate your user account and your access to the NordVPN Services. In order to maintain the VPN service, the NordVPN also processes limited technical information, which sometimes may be considered personal data. This information is used for improving the functionality and usability of our website and NordVPN Services. If you decide not to provide this limited information, we may not be able to provide you with the full scope of the NordVPN Services. Said information may also include: Server load information. We monitor the server performance in order to recommend the most suitable servers to our customers. Customer service information. NordVPN.com stores inquiries and communications with users through the Contact Us and Community Area pages. Cookies. NordVPN.com uses a few types of different cookies to improve the user experience on the website, such as: Google Analytics for statistical assessment and website performance improvement; Affiliate cookies to identify the customers referred to the Site by our partners, so that we can grant the referrers with commissions; Cookies for personalizing the content of the Site for users, such as setting the default language. You can set up warnings for every time the Site places a cookie in your browser, or you can choose to disable all cookies. You can do both through your browser settings. Since each browser has a different procedure for managing cookies, look at your browser’s Help Menu to learn the correct way to do it. Alternatively, you can disable all cookies by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add-on. Please note that choosing to disable cookies may negatively affect some of the features that make your Site experience more efficient.

Personal data of underage persons

Persons younger than 18 shall not use the NordVPN Services and provide any personal data to us without the supervision of the parents or guardians. Based on the above, it is presumed that any person using the NordVPN Services and supplying personal data to us is at least 18 years of age. If a person younger than 18 years old or a person, supplying wrongful data, become known to NordVPN, such person and all their data may be immediately and without any notice withdrawn by suspending their access to NordVPN Services.

Grounds for data processing

Your personal data is processed for the purpose of providing you the best NordVPN services under the legal basis of performance of the contract between you and NordVPN, as provided in our Terms of Service. NordVPN may process your personal data (email address) for direct marketing purposes in the following cases: when we obtain your consent to such processing (the legal basis for processing, in this case, is your consent) or when applicable law permits us to contact you without a separate consent (under the legal basis of a legitimate interest).

Your personal data protection rights

You may request us to inform you about the personal data that we have collected about you, to request any changes or correction of inaccurate information, to object to certain processing of personal data (e.g. for marketing purposes), to provide you with a copy of your personal data in a structured, commonly used and machine-readable format, to transmit (if technically feasible) your personal data to another controller, or to erase your personal data. You also may request to restrict the processing of your personal data (when there is a legal basis for that). In cases where your personal data is processed on a separate consent basis, you have the right at any time to withdraw your consent to the processing of your personal data. If you disagree with your data processing by NordVPN, you are free not to use the NordVPN Service, and to discontinue using it at any time. You may request us to discontinue processing of your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the NordVPN Services (e.g., final settlement, or deleting all personal data based on your email address), or finalizing other NordVPN’s legal relationship with you (e.g. accounting, invoicing, processing refunds). Due to technical reasons (such as backup copies of the databases) your personal data may be finally deleted only within 60 days or longer, if it is mandated by the statutory requirements. If you wish to use the NordVPN Services again, you will have to accept and agree to this Privacy Policy anew.

Other Terms

Your data is processed under the jurisdiction of the Republic of Panama. If the data is processed by a designated subsidiary in your country, then the domestic law of your country may be applicable at our discretion. NordVPN would like to remind you that you are yourself responsible for the security of your data. We ask you to be careful when using and storing personal data containing files on your devices, as well as the devices itself. Please ensure that nobody accesses and uses your devices without your consent. You shall be extra careful and not disclose your personal information to unrelated third parties, since such information may be used in different ways and against your interests, including activities such as fraud, invasion of privacy, identity theft, etc. In order to ensure security of the personal data, NordVPN employs various administrative, technical and physical security measures, however it is your responsibility to exercise caution and reason when using the NordVPN Services. You will be personally responsible if such action violates any third party’s privacy or any other rights, or any applicable law. Under no circumstances, NordVPN is liable for the consequences of your unlawful activities, your willful and negligent activities violating applicable laws or third party rights, as well as any circumstances, which may not have been reasonably controlled or foreseen. This Privacy Policy may be modified and updated at any time, at our sole discretion, for any or no reason, and without liability, as indicated below. The date of the most current wording of the Privacy Policy is indicated at the top of the text. We ask all users to ensure that they are familiar with the most current wording of the Privacy Policy. The amendment of the Privacy Policy may be communicated to you by sending an email and/or by publishing the updated Privacy Policy on the NordVPN website. Please consider reviewing the Privacy Policy each time you use the NordVPN Services. Updates of the Privacy Policy come into force as of the moment when they are published. You may not assign or transfer your rights or obligations under this Privacy Policy to any third party. Please contact us by email at privacy@nordvpn.com if you have any questions on our Privacy Policy or you want to enforce any of your rights related to your privacy.