Privacy Policy
Last modified: 25 July 2022
In the following policy, Malloc VPN refers to the service offered by Malloc LTD (the "Company" or "We") through Malloc's website and the software provided through it (the "Service"). This Privacy Policy explains:
- What information we collect through your access and use of our Service
- The use we make of such information
- The security level we provide for protecting such information
By visiting Malloc's website and using the Service, you agree to the terms outlined in this Privacy Policy.
Philosophy
Our Company is committed to protecting and respecting your privacy. It is our overriding policy to collect as little user information as possible to ensure a private and anonymous user experience when using the Service. Below is a summary of the way we deal with information when you use the Service.
Malloc VPN is a No-Logs VPN service
When you use the Service, we do NOT do any of the following:
- Log users’ traffic or the content of any communications
- Discriminate against devices, protocols, or applications
- Throttle your Internet connection
Data we collect and why we collect it
Personal data (related to your account):
Account creation:
To create an account, in order to use our Service, we do not ask your name or surname. All you need to do is
select your username, then provide the email address and choose your password. You can also register with
your existing Malloc account. We do store the email address (or Malloc account) you have entered when
creating an account for communication and anti-abuse purposes. If you are referred to the Service by a
friend or some other third-party who is participating in our referral program, we may associate your account
with the referrer to appropriately credit the referrer.
Support:
When you submit support requests or bug reports, we will collect the data that you choose to share with us
about the issue being reported. Bug reports sometimes rely on third parties, such as Zendesk.
Payment:
The Company relies on third parties to process credit card and PayPal transactions, and we do not save your
full credit card details. For example, if you make a payment with a credit card, your name and the last 4
digits of the credit card number will become part of the invoice and saved by us. Anonymous cash or Bitcoin
payments and donations are also accepted.
How we use this personal data:
Your email address is not shared with any third parties. We mainly use it for account-related questions,
communication, and recovery. By signing up to our Service, you agree to receive communications from us,
which may include promotional emails too. You can stop receiving emails from us by following the unsubscribe
instructions included in every email we send. Alternatively, you can login to the Malloc VPN dashboard and
adjust your email preferences under the ‘Account’ tab.
We might also use your data for payment-related matters. This includes sending you emails, invoices,
receipts, notices of delinquency, and alerting you if you need to update payment details. We use third
parties for secure credit card transaction processing, and we send billing information to those third
parties to process your credit card payments. The information you provide when you contact our support team
is processed for analytics purposes (such as to obtain aggregate statistics on the number of Android
complaints), but they are not combined with any personal data. We do not do any targeted advertising or any
profiling. Right to Access, Rectification, Erasure, Portability, and right to lodge a complaint: Through the
Service, you can directly access, edit, delete or export personal data processed by the Company in your use
of the Service.
If your account has been suspended for a breach of our terms and conditions, and you would like to exercise
the rights related to your personal data, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory
authority.
Data retention:
We retain essential data (such as username, email, billing information) on active accounts in order to
provide services. This data is deleted when your account is deleted. Non-personal data (mallocprivacy.com
website and our native applications)
Why we use analytics software:
We use analytics software to help us deliver a higher quality of service. For instance, looking in aggregate
at the geographic distribution of the Service's users allows us to understand which countries have the most
need for the Service and allocate development resources towards providing the best service in those
countries. Viewing longer term trends in the number of visitors from different countries also allows us to
identify quickly which countries have started to block the Service and take measures to counteract those
blocks.
How do we collect non-personal website data:
We may use various cookies to collect and store information when you visit our website. Users can control
the use of cookies at the individual browser level.
Using our native applications (apps):
When you use our native apps, we may collect certain information in addition to the information mentioned
elsewhere in this Policy. We may use mobile analytics software (Play/App Store app statistics or
self-hosted/open-source Sentry crash reporting) to send crash information to our developers so that we can
fix bugs rapidly. Some platforms (such as the Google Play Store or the Apple App Store) may also collect
aggregate, anonymous statistics, such as which type of devices and operating systems are most commonly used
(e.g. percentage of Android 6.x vs Android 7.x), the total number of installs, total number of uninstalls,
and the total number of active users, and may be governed by the privacy policy and terms and conditions of
Google Play Store or Apple App Store.
None of the software on our apps will ever access or track any location-based information from your
device at any time.
Public Information and Third-Party Websites
Blog:
We have a public blog on our website. Any information you include in a comment on our blog may be read, collected, and used by anyone.
Social media:
We are active on Facebook, Twitter, and Reddit. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Links to other websites:
Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.
Data security
We take data security very seriously. Access to our infrastructure and Secure Core servers is tightly controlled. All of the Malloc VPN servers are encrypted and we do not log VPN session data. Offline backups may be stored periodically, but these are also secured. For users with heightened security needs, it is possible to optionally i) enable 2FA on account access ii) enable login history so that suspicious login attempts can be tracked iii) remove the linked recovery email iv) pay anonymously with cash or bitcoin.
Third Party Networks
Malloc alternative routing technology allows Malloc apps to bypass many censorship blocks, but your network traffic may go through third party networks which we do not control. This could enable a third party to record your IP address or see that you are using Malloc apps (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted. By default, alternative routing is not used for Malloc apps unless they detect that censorship measures are active on your network. Alternative routing can also be completely disabled in the Settings panel of all of our mobile and desktop applications. However, doing so may cause you to be unable to access your Malloc account if you are on a network that is censoring Malloc.
Disclosure of your information
We will only disclose the limited user data we possess when compelled by law for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Foreign authorities' data requests must be approved by competent European authorities. Under European law, it is obligatory to notify the target of a surveillance request, although such notification may come from the authorities and not from the Company.
Changes to our Privacy Policy
The Company reserves the right to periodically review and change this Policy, and will notify users who have enabled the notification preference about any change. Continued use of the Service will be deemed as acceptance of such changes.