Privacy Policy for Bebra VPN Site & Services
We believe everyone has the right to digital privacy. Along with digital privacy, consumers also have the right to transparency. Because you are entrusting us with your data, we believe it is even more important that we are transparent with you regarding the information we collect and why it is necessary to collect. We wrote this privacy policy with you in mind, attempting our best to provide a comprehensive yet easy to understand document.
The short version:
• Bebra VPN does not collect, monitor, or log your browsing activity, such as what websites you went on, when connected to the VPN Service.
• We collect aggregated and anonymous performance data to improve functionality and product performance, diagnose crashes, identify bugs, and optimize server performance. This aggregated and anonymous data does not include IP address, connection time stamps, or DNS inquiries.
• Our goal is to collect and retain the least amount of data. However we have to collect and retain some data, such as email address and billing information, which allows for you to continue using the VPN service.
• We do not sell or rent your personal information to third parties.
• You have the right to request, review, and request deletion of your personal data.
If you have any questions regarding this privacy policy or the information that is collected you may reach out to our support team.
A. This Policy
This Policy explains how we collect and store (“Process”) Personal Data. The Policy applies to the information we collect about visitors (the “you”) to www.bebra.cc (the “Site“) and subscribers (the “you” and "customer") to the Bebra VPN service (the “Services” and “App”), which are owned and operated by KONDAKOV&GORIN LLC (“Company”, “we”, “us” and “our”). For the purposes of this Policy, Company is the Controller. Terms used in this Policy are explained in Section I below.
From time to time, we may change or update this Policy, without prior notice to you. Your continued use of the Site or Services constitutes your acceptance of the then-effective Policy.
Our Terms of Service, including their limitation on liability, apply to this Policy. You can read them here.
If you have any questions regarding this Policy, the information that is collected, or GDPR request, contact details are provided in Section N below.

B. Collection and Creation of Personal Data
We collect Personal Data: directly from you, through the use of the Site, and through the use of the Apps.
How we obtain personal data:
• You: This data is collected when you fill out a form on our website; subscribe to the VPN Service; when you contact us via email, chat, telephone, social media platforms, or by any other means; when you publicly submit reviews on forums, review platforms, or any other means.
• Our Sites: This data is collected when you visit any of our Sites, our partner and affiliate sites, or interact with our advertisements.
• Our App: This data is collected when you download, install, or use our Apps.
Why we obtain personal data:
Provisioning of Services. To create your account, collect payment for our Services, verify your identity when you log into the Site, and administer accounts.
Operating and Improving the Site. To better understand how our Site is found, how visitors engage with our Site, provide visitors with relevant content or advertisements, identify issues with our Site, plan improvements to our Site or to create new Sites.
Operating and Improving the App. To identify Service performance issues, improve App performance, fix bugs, plan improvements to our App or to create new Apps.
Communications. To send you information about industry news, product updates, changes to any of our Sites or Apps, to send you offers made available by us, our affiliates, or our marketing partners and to respond to your requests for help and technical assistance.
We may also create Personal Data about you, such as records of your interactions with our customer service department or details of your payments to us.

C. Categories of Personal Data
You are not required to provide any personal data to browse our Site. If you wish to subscribe to our Services, you will need to provide an active email address and billing information.
We may Process the following categories of Personal Data about you:
The Site: We process aggregated anonymous personal data from Site visitors using cookies, pixels, and similar technologies, such as Google Analytics. See our Cookie policy for the complete list of cookies. Depending on your browser privacy settings the aggregated anonymous data may include: browser type, device type, operating system, average time spent on our site, pages visited on the site, interactions with our content or advertising, gender, age, language preference, and country. The focus of this data collection is to improve our Site performance and provide you with the best browsing experience. Our Cookie policy explains how to disable cookies to browse our Site without submitting any personal information.
The Service: In order to subscribe to our Services you must first create an account. This will result in us creating a purchase history for the purpose of maintaining an active subscription to the Service. Depending on your purchase origin (website, Google Play Store, Apple App Store) and chosen payment method (credit card, PayPal, etc) the data collected may include: email address, name, billing address, credit card information, IP address, and affiliate tracking data. We will only use this information to process payments, and detect and prevent fraudulent transactions. We do keep a historical record of credit card charges for accounting purposes. Once you have created an account, this personal information can be modified by you at any time through your account.
The App: We process aggregated anonymous data to improve the quality of our Apps and Services. The data collected may include: User’s language preference, device brand, device model, OS version, country, crash reports, session lengths, server usage, protocol, build version, UI interactions, API requests and response codes, and app build version. Our VPN applications utilize analytics tools, such as FireBase and App Center, to gather and report performance data anonymously. We respect the privacy of our customers and only use this aggregated anonymous data to diagnose crashes, identify bugs, optimize server performance, and provide you with the best App experience.
The client apps themselves do maintain connection logs which are stored as diagnostic files on your device. Diagnostic connection files are made available solely for the purpose to assist with troubleshooting. The macOS and iOS app diagnostic logs are disabled by default, so if you require assistance where diagnostic logs are necessary, the support team may ask you to enable the setting. We do NOT have access to the connection logs unless provided by you, the user, to our support team through a diagnostic file. If for any reason you need to submit a diagnostic file to our support team you may modify the file and remove any personal data and/or request for the file to be redacted from the support interaction.

D. Email Communications
As a service provider we send transactional and promotional emails. Transactional emails are necessary to ensure continuation of services and include account activation, billing, password, and support related communications. You may also receive promotional emails about privacy & security industry news, service updates, product updates, feature releases, and other information we think may interest you.
Transactional emails include the following:
• Account activation – After a successful completion of purchase you will receive an email address verification email which is necessary to activate your VPN Service subscription. Upon confirming your email you will receive an additional email with your subscription details.
• Payment warning and failure – These emails inform you when there is a problem with your payment method and advise on how to prevent service interruption.
• Account cancellation – This email confirms your cancellation request and explains how to reactivate your account, if you wish to.
• Account termination – This email confirms that your Bebra VPN account has completed termination and explains how to reactivate your account, if you wish to.
• Password reset – This email provides a unique password-reset link and instructs how to complete your password reset.
• New password – This email confirms your password reset and explains how to change your password in the future, if you wish to.
• Customer Support – If, for any reason, you reach out to customer support, we may use emails to communicate with you, follow up from a call-in support inquiry and send chat transcripts. This will result in us creating a support history for the purpose of improving our Services.
Promotional emails include the following:
• Product – All new subscribers to Bebra VPN receive product awareness emails. These emails offer application tips and helpful hints to Bebra VPN account holders who may be unfamiliar with the benefits and inner-workings of a VPN.
• Other – Additional promotional emails you may receive from us include industry related news, special offers, surveys, feedback requests, new feature releases, and service updates.
Unsubscribing From Promotional Emails
You may unsubscribe from our promotional email list at any time by following the unsubscribe instructions included in every promotional email we send. We will not send you promotional emails from a list you have unsubscribed from, but we may continue to contact you, if necessary, for the purposes of continuation of the Service or from additional lists you have signed up under.

E. Sensitive Personal Data
We respect your privacy and do not seek to collect or otherwise Process your Sensitive Personal Data. If we ever need to Process your Sensitive Personal Data for a legitimate purpose, we would do so in accordance with applicable law.

F. Purposes of Processing Data
We may Process your Personal Data for the following purposes:
• Provision of services: providing our Sites, Apps and services to you, as well as operating, managing and improving our Sites and our Apps, providing content through them to you, maintaining and improving them, and notifying you of changes to them.
• Communications: communicating with you by any means you have provided to us.
• Administrative matters: processing to support sales, finance, corporate audits, vendor management, legal compliance, and preventing and investigating breaches of policy or law.
• Security: helping secure your Personal Data.
• Legal proceedings: establishing, exercising or defending legal rights.

G. Lawful Bases for Processing Personal Data
We may rely on the following legal bases for Processing your Personal Data:
• Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
• Contractual necessity: We Process your Personal Data where the Processing is necessary in connection with providing contracted-for VPN services to you;
• Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law;

H. Tools and Disclosure of Personal Data to Third Parties
We use third-party services to assist us with processing payments, fraud detection, improving website performance, app crash information, and email communications. These service providers receive only the information needed to perform their designated functions, and are not permitted to use the information for their own marketing, advertising or research purposes. We do not sell personal information to third parties.
However, in case you purchesed our App or Services via retailer, your Consumption data may be disclosed to such retailer when you claim a refund for our subscription under iTunes/App Store/Amazon/Google refund policies in accordance with our Terms of Service.
We closely review any third party requests we receive for customer information. Since we do not collect, monitor or log your browsing activity, we do not have logs of your browsing activity to provide in response to third party requests. We cannot provide information that we do not have, and we otherwise provide information only when we are legally required to.

I. Definitions
• “App” means any application made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).
• “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
• “Consumption data“ means information that includes age of the customer's account; the extent to which the customer consumed the in-app purchase; data on proper delivery of an in-app purchase, data in the dollar amount of in-app purchases the customer has made in App, since purchasing the App, across all platforms; data in the dollar amount of refunds the customer has received in App, since purchasing the App, across all platforms; the platform on which the customer consumed the in-app purchase; data on a free sample or trial of the content provided prior purchase, or information about its functionality; the status of a customer’s account within your app.
• “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
• “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
• “EEA” means the European Economic Area.
• “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
• “Sensitive Personal Data” includes data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
• “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
• “Site” means any website operated, or maintained, by us or on our behalf.
J. Data Security
We implement appropriate technical and organizational security measures to protect your Personal Data.
In the workplace: We use appropriate security measures to protect your personal information from loss, theft, misuse, or unauthorized access. All of our employees are kept up-to-date on these best practices. In addition, we restrict employee access to service administrative panels to only those who require such access in order to perform their job functions.
On the internet:: We seek to safeguard your data. Where appropriate, we use encryption, access controls, passwords, and physical security measures to protect the information we collect and maintain about you against unauthorized access and disclosure. However, because the internet is an open system, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted using the internet.

K. Data Minimization and Retention
We take every reasonable step to limit the volume and minimize the retention period of the Personal Data that we Process.

L. Data Accuracy
We take every reasonable step to ensure that your Personal Data is kept accurate, up-to-date, and erased or rectified if we become aware of inaccuracies.

M. Your Legal Rights
Under and subject to applicable law, you may have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. We may require proof of your identity before we can give effect to these rights.

N. Contact Details
Please contact us using the web form at https://bebra.cc to submit a Data Subject Access Request; to submit a Data Subject Erasure Request; to exercise other rights regarding your data; to provide any comments, questions or concerns about any of the information in this Policy; or to raise any other issues regarding the Processing of Personal Data carried out by us. Your request will be routed to our privacy team.

O. International transfer of Personal Data
To provide you with the Services under your contract, it is necessary for us to store, process and transmit your personal data in the United States and other locations around the world. These countries may have data protection laws that are different to the laws of your country.
When we process the data within our group, regardless of where we are, we have implemented appropriate safeguards to ensure your personal data will remain protected in accordance with European Union data protection laws. These safeguards include the Standard Contractual Clauses for transfers to our non-EEA entities. Where we use third parties which process your personal data internationally, we have implemented similar appropriate safeguards to ensure your personal data will remain protected in accordance with this privacy policy.

P. California Consumer Privacy Act Addendum
In accordance with the California Consumer Privacy Act, if you are a consumer residing in California these additional terms, found here, apply to you.