The Privacy Policy describes the privacy practices of Malloc’s websites, applications, and Services which also apply to the MallocVPN product. Nevertheless, provision of Services related to MallocVPN (“MallocVPN Services”) involves also the processing of additional personal data. Please read more information below.


Malloc guarantees a strict no-logs policy for MallocVPN Services, meaning that your internet activity while using MallocVPN Services is not monitored, recorded, logged, stored, or passed to any third party. We do not store used bandwidth, traffic logs, IP addresses, or browsing data. From the moment a MallocVPN user connects to one of our VPN servers, their internet data becomes encrypted.


In addition to the information provided in the Privacy Policy, we process the following data when you use MallocVPN Services:

Technical information

  • Statistical server load information. We monitor server performance (CPU, RAM, servers net usage) to recommend the most suitable servers to our users.
  • Username and a timestamp of the last session status. This information is used to limit the amount of concurrent active user sessions and is automatically deleted within 15 minutes after a session is terminated.
  • Connectivity information. To prevent abuse and to be able to dispute unfair chargebacks, we register whether the user has used the MallocVPN Service in the last 30 days. No personally identifiable information is collected in this case, apart from the fact that the MallocVPN Service was or was not used during the mentioned period.

Information collected on MallocVPN Website

Social media platforms and widgets. Our website may include social media features, such as the Facebook, Twitter, LinkedIn like and/or share buttons, to help you share our content more easily. These features may collect information about your IP address and which pages you visit and they may also set cookies to make sure the feature functions properly.

Information collected on our applications

  • In-app event information. Our application collects anonymized information about the activity on your Account. The processed data only relates to a specific device, meaning that we cannot tell which particular user sent us event information. The in-app event information is necessary for us: (i) to know if application is working properly (e.g., if the user was able to register or login successfully, if the user was able to connect to a server from his/her location); (ii) to know how users interact with our application (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.); and (iii) to identify problems related to our app performance and updates (e.g., crash error reports). You can opt-out of collection of in-app information at any time by navigating MallocVPN app settings. In-app event contains the following information:
    1. General event information: which application sent the event, event time, categorization, and limited routing information.
    2. Device information: device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.
    3. Application information: name, version and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).
    4. Account information: active/inactive Subscriptions of Malloc products, current and past active/inactive plans, trial information.
  • Note that a unique device identifier is randomly generated on the customer’s side and it’s impossible to link it to the customer’s email or user ID.Device information. We may collect some device information on our application too. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of the MallocVPN Services. Also, to help users connect to the most convenient server when using a Quick connect feature, our application detects the device’s city (detection is done locally, this data is not logged in our systems).
  • Device identifiers. In some cases, we may record your device’s identifier for marketing or analytics purposes. These identifiers are assigned to your device by the OS manufacturer and can be reset at any time from your device’s settings. For instructions, see following policies for different devices: Advertising & Privacy on iOS devices and Managing your Google Settings on Android devices.
  • Enabled features. Knowing which product features are enabled on your application helps us to provide you with more relevant information. For example, this means that you will not receive in-app notifications about MallocVPN features that are already enabled.


MallocVPN offers a Threat Protection feature to its users. When enabled, this feature blocks ads, trackers, malicious websites, and malware. The data processed about users of the Threat Protection feature depends on its use. Generally, we process only the data which helps us provide and improve this service.

In all cases, the Threat Protection feature processes statistics about the use of the feature, such as the date of the last update of malicious items’ list, number of blocked entries, and similar data. We process this data to gain knowledge on how the Threat Protection feature is used, so we can improve user experience and the feature itself. You can opt-out of processing of such statistics at any time by navigating MallocVPN app settings.

URL scanning. The Threat Protection feature matches the URLs against the databases of already known items and, if found there, it blocks ads, trackers, phishing attempts, and malicious websites. We are not able to tell which particular user interacted with the exact URL or website. The data that we process is the URL and its status (e.g., if it is blocked). This is necessary to perform and improve this service.

Initial file scanning. When the Threat Protection feature initially scans newly downloaded files, it is using a lightweight engine to determine if the file is malicious or not. At this point, the data is processed as follows:

  • Scan status. In order for us to be able to block harmful files, we process information if the file is malicious or not, and if the scanning was technically properly performed.
  • Connection information. The network connection is essential for the Threat Protection feature to perform smoothly, therefore we process limited data that helps us to determine the quality of the connection. Such data may include your country, time zone, and the name of your internet service provider.