Privacy Policy

1. Controller and Scope

Snap VPN (“we,” “our,” or “us”) is the data controller for the information described in this policy. This policy governs the Snap VPN application for iPhone and iPad (the “Application”), the Snap VPN virtual private network service (the “Service”), and the marketing website at www.snapvpn.net (the “Site”).

Snap VPN is operated on a principle of data minimization. The Service is designed so that the information required to deliver a virtual private network tunnel does not need to be retained after the session ends. The categories enumerated below reflect that design.

2. The No-Log Commitment

Subject to the transient processing required to route packets during an active VPN session, and subject to records that may be created independently by Apple, by destination services accessed by the user, by intermediate networks, or by infrastructure providers — none of which Snap VPN controls or receives — Snap VPN is designed and configured not to create or retain persistent records of the following:

• The websites, services, IP addresses, or hostnames that a user accesses through the tunnel.
• DNS queries issued through the tunnel.
• The originating IP address from which a user connects to a Snap VPN server.
• The amount of data transferred during an individual session.
• The duration of an individual session or its start or end timestamp.
• The payload of traffic transiting the tunnel.
• Email addresses, names, passwords, or user-account credentials. The Service does not maintain user accounts.

The Snap VPN server fleet operates on a stateless architecture. Tunnel session data exists only in volatile memory for the duration of the active connection and is not committed to persistent storage by Snap VPN. System loggers on Snap VPN servers are configured to suppress per-connection records.

3. What Snap VPN Stores

The categories below are an exhaustive inventory of the personal data and operational data that Snap VPN stores. Each card describes what is collected, the source of the collection, why it is collected, the lawful basis for processing under the General Data Protection Regulation, how long it is kept, and the recipients to which it is disclosed. Categories not listed here are not collected by Snap VPN.

Snap VPN does not maintain user accounts. There is no username, password, profile, address book, behavioral profile, device fingerprint, advertising identifier, or payment record in Snap VPN's systems.

4. The Marketing Website

The Site does not use third-party analytics, behavioral advertising, or cross-site tracking. The Site sets only strictly necessary cookies. No personal information is sold, shared, or otherwise disclosed for advertising purposes within the meaning of the California Consumer Privacy Act, as amended by the California Privacy Rights Act, or analogous statutes.

The Site honors the Global Privacy Control (GPC) signal in jurisdictions in which honoring such a signal is required or recognized.

5. The Role of Apple

Snap VPN is distributed exclusively through the Apple App Store. Apple collects, processes, and retains information about the purchase, download, and use of the Application independently of Snap VPN, in accordance with Apple's own privacy policies. Information that the user provides directly to Apple — including Apple ID, payment instrument, billing address, and download history — is held by Apple as an independent data controller. Snap VPN does not have access to such information.

6. Service Providers

Snap VPN relies on third-party hosting providers to operate the server fleet that delivers the Service. Hosting providers are engaged as service providers (within the meaning of the California Consumer Privacy Act) or as processors (within the meaning of the General Data Protection Regulation), under written contracts that prohibit any use of the data other than for delivery of the Service. The contents of traffic transiting the WireGuard tunnel are end-to-end encrypted between the user's device and the destination service. Snap VPN cannot, however, control any independent network records, lawful-process responses, or other actions that an infrastructure provider may take outside Snap VPN's systems.

7. Minors

The Service is intended for adults. Snap VPN does not knowingly collect personal information from any individual under the age of eighteen (18), or under any higher age of majority set by applicable law in the user's jurisdiction. If Snap VPN becomes aware that it has collected personal information from a person below the applicable age, the information will be deleted promptly. A parent or legal guardian who believes that a minor has provided personal information to Snap VPN may submit a deletion request to support@snapvpn.net.

8. Rights of California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively the “CCPA”), affords California residents specified rights with respect to the personal information that a business collects. Snap VPN does not sell personal information, share personal information for cross-context behavioral advertising, process personal information for targeted advertising, or offer financial incentives or differential pricing in exchange for personal information. The Site honors legally recognized opt-out preference signals, including the Global Privacy Control. The following rights are available to California residents:

• The right to know the categories of personal information collected, the sources from which it was collected, the purposes for which it is processed, and the categories of third parties to which it is disclosed.
• The right to request deletion of personal information that Snap VPN has collected and retains about the requesting individual.
• The right to request correction of inaccurate personal information.
• The right to limit the use of sensitive personal information. Snap VPN does not use sensitive personal information for any purpose other than that which is reasonably necessary to provide the Service.
• The right not to be subject to retaliation or discrimination for exercising any of the foregoing rights.

A request to exercise any of these rights may be submitted to support@snapvpn.net. Snap VPN will respond within forty-five (45) days, with a single forty-five (45) day extension where reasonably necessary. Because the Service does not maintain user accounts, a verification step may require the requester to furnish the subscription receipt or other evidence sufficient to demonstrate the connection between the requester and the limited data that Snap VPN retains.

9. Rights of Residents of Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Nebraska, Maryland, Minnesota, Indiana, Kentucky, Rhode Island, and other states with applicable comprehensive consumer privacy laws have rights substantially similar to those described in Section 8. To exercise any such right, please submit a request to support@snapvpn.net. Snap VPN will respond within the statutory period applicable to the requester's state of residence. Where a state affords a right to appeal the denial of a request, the requester may appeal by writing to the same address with the subject line “Privacy Appeal.”

10. GDPR, UK GDPR, and Swiss FADP Disclosures

The General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), the United Kingdom GDPR (as incorporated by the Data Protection Act 2018), and the revised Swiss Federal Act on Data Protection apply to residents of the European Economic Area, the United Kingdom, and Switzerland (collectively, “EU/UK Residents”) whose personal data is processed by Snap VPN. The provisions below satisfy the information requirements of Articles 13 and 14 of the GDPR.

10.1 Identity of the Controller

Snap VPN is the controller for the personal data described in Section 3. The controller may be reached by email at support@snapvpn.net. The operating entity and registered office are identified in Section 20.

10.2 EU and UK Representative

Where required by Article 27 GDPR or Article 27 UK GDPR, the representative designated by Snap VPN may be reached at support@snapvpn.net. The current representative's identity and contact details will be furnished on request.

10.3 Categories of Personal Data, Purposes, and Lawful Bases

The categories of personal data that Snap VPN processes, the purposes of processing, and the lawful basis for each category are itemized in Section 3 of this policy. In summary:

• Article 6(1)(b) — Performance of contract: subscription receipts, support correspondence required to respond to an inquiry, and ephemeral session state necessary to deliver the tunnel.
• Article 6(1)(f) — Legitimate interests: aggregate operational metrics for service health, edge-server logs for site security, and processing of abuse complaints. The legitimate interests pursued are operating a reliable and secure network and responding to third-party abuse reports.
• Article 6(1)(c) — Legal obligation: retention required by tax, accounting, evidence-preservation, or mandatory-reporting law, and disclosure required by valid legal process.

Subscription receipt data is necessary to verify paid access; without it, Snap VPN cannot provide the paid Service. Support correspondence is necessary to respond to an inquiry that the user has initiated. No personal data is processed on the basis of consent, except where the user voluntarily includes additional information in a support inquiry.

10.4 Recipients

Personal data is disclosed only to the recipients itemized in Section 3 of this policy: the hosting providers and the content-delivery network, in each case engaged as Article 28 processors under a written contract; and to public authorities where required by valid legal process. Personal data is not disclosed for marketing or for cross-context behavioral advertising.

10.5 International Transfers

Personal data is transferred to the United States in accordance with Chapter V of the GDPR. The transfer mechanism is described in Section 12 of this policy.

10.6 Retention

Retention periods for each category of personal data are specified in Section 3 of this policy and in Section 16.

10.7 Rights of EU/UK Residents

EU/UK Residents have the following rights with respect to their personal data:

• The right of access (Article 15 GDPR).
• The right to rectification (Article 16 GDPR).
• The right to erasure (Article 17 GDPR).
• The right to restriction of processing (Article 18 GDPR).
• The right to data portability (Article 20 GDPR).
• The right to object to processing (Article 21 GDPR), including any processing based on Article 6(1)(f).
• The right not to be subject to automated decision-making with legal or similarly significant effects (Article 22 GDPR). Snap VPN does not engage in such processing.
• The right to withdraw consent at any time, where processing is based on consent.
• The right to lodge a complaint with a supervisory authority (Article 77 GDPR).

Requests to exercise any of these rights may be sent to support@snapvpn.net. Because the Service is engineered not to retain user-level data, certain rights — in particular the right of access and the right to erasure — will yield only the limited categories described in Section 3. Snap VPN will respond within one (1) month, with a permitted extension of up to two (2) further months for complex requests, in accordance with Article 12(3) GDPR.

10.8 Right to Lodge a Complaint

An EU/UK Resident has the right to lodge a complaint with the supervisory authority of the member state of habitual residence, place of work, or place of the alleged infringement. A directory of EU supervisory authorities is maintained at edpb.europa.eu. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ico.org.uk). In Switzerland, the supervisory authority is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).

10.9 Automated Decision-Making and Profiling

Snap VPN does not subject EU/UK Residents to decisions based solely on automated processing, including profiling, that produce legal effects concerning them or that similarly significantly affect them.

11. Rights of Quebec Residents

In accordance with An Act respecting the protection of personal information in the private sector (Quebec, c. P-39.1, as amended by Law 25), residents of Quebec have rights of access, rectification, withdrawal of consent, deactivation, and cessation of dissemination with respect to personal information processed by Snap VPN. Quebec residents may exercise any of these rights by writing to support@snapvpn.net. The Privacy Officer designated under section 3.1 of the Act may be reached at the same address.

12. International Transfers

Snap VPN is established in the United States. Where personal data is transferred from the European Economic Area, the United Kingdom, Switzerland, or Canada to Snap VPN in the United States and Chapter V of the GDPR (or its equivalent) applies, Snap VPN relies on the Standard Contractual Clauses adopted by the European Commission (and the corresponding United Kingdom International Data Transfer Addendum and Swiss addendum) together with appropriate supplementary measures. A description of the safeguards in place may be requested by writing to support@snapvpn.net.

13. Legal Process and Government Requests

Snap VPN responds only to legal process that is valid under applicable law. Specifically, Snap VPN requires a search warrant supported by probable cause, issued by a court of competent jurisdiction, for the disclosure of the contents of communications (where such contents exist); a court order under 18 U.S.C. § 2703(d) or an equivalent foreign instrument for the disclosure of non-content transactional records (where such records exist); and a duly issued subpoena for the disclosure of basic subscriber information (where such information exists).

Because the Service is engineered not to retain the categories of information described in Section 2, the response that Snap VPN can provide to a lawful request is limited to the records described in Section 3 that actually exist at the time the request is received. Snap VPN does not voluntarily disclose information to any government entity except where permitted by 18 U.S.C. § 2702 — including reports to the National Center for Missing and Exploited Children under § 2702(b)(6) and § 2702(c)(5), and disclosures pursuant to the emergency exception of § 2702(b)(8) and § 2702(c)(4) where there is a good-faith belief that an emergency involving imminent danger of death or serious physical injury to any person requires disclosure.

14. Reporting of Child Sexual Abuse Material

In accordance with 18 U.S.C. § 2258A, Snap VPN reports apparent violations of specified federal child-exploitation statutes to the National Center for Missing and Exploited Children (NCMEC) promptly upon obtaining actual knowledge of such violations. Snap VPN does not monitor user traffic and is therefore not in a position to obtain such knowledge through its own surveillance; however, reports received from third parties, abuse complainants, or law enforcement are evaluated and forwarded to NCMEC where required by law.

15. Security and Breach Notification

Snap VPN implements appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. In the event of a personal data breach that is reasonably likely to result in a risk to the rights and freedoms of natural persons, Snap VPN will notify the competent supervisory authority within seventy-two (72) hours and will notify affected individuals where required by applicable law.

16. Retention

Snap VPN retains the information described in Section 3 only for as long as is necessary to provide the Service, to comply with applicable legal obligations, to resolve disputes, and to enforce its agreements. Support correspondence is deleted within ninety (90) days following resolution of the relevant matter. Subscription receipts are retained for the lesser of the duration of the active subscription plus twelve (12) months or the period required to comply with applicable tax and accounting law. Aggregate operational metrics are retained indefinitely in non-identifying form.

17. Successor Obligations

In the event that Snap VPN is acquired by, merged with, or transferred to another entity, the commitments described in this policy — including the limitations described in Sections 2 and 3 — survive and bind the successor. Material changes to the categories of information collected or to the retention practices applicable to personal information held at the time of a transaction will be communicated to affected individuals in advance and, where required by applicable law, will require affirmative consent.

18. Changes to This Policy

This policy may be updated to reflect changes in the Service, in applicable law, or in industry practice. Material changes are communicated through the Application and the Site. The effective date at the top of this page reflects the latest version. Continued use of the Service following a material change constitutes acknowledgment of the updated policy.

19. Contact

Privacy inquiries, requests to exercise statutory rights, and complaints may be submitted to support@snapvpn.net. Network abuse reports may be submitted to abuse-contact@snapvpn.net. Additional contact information is listed on the contact page.

20. Entity Information

The Snap VPN service is operated by Arct Technology LLC, a Wyoming limited liability company.

Registered office: 30 N Gould St Ste R, Sheridan, WY 82801, United States.