Privacy

Viltrum Privacy Policy

How Viltrum collects, uses, stores, shares, and protects personal data.

Last updated: June 9, 2026

This Privacy Policy explains how 19techlab Ltd ("Viltrum," "we," "us," or "our") collects, uses, stores, shares, and protects personal data when you use the Viltrum VPN app, our account services, our website, and related support services. Our registered office is 32-38 Leman St, London E1 8EW, United Kingdom.

Viltrum is designed around a simple privacy rule: we collect the minimum information needed to provide and support the service, and we do not collect or store VPN activity logs.

1. Who We Are

19techlab Ltd is the controller of the personal data described in this Privacy Policy. You can contact us about privacy, account, support, abuse, or legal requests at support@viltrum.ai.

2. Scope

This Privacy Policy applies to Viltrum's VPN app for iOS and macOS, account features, subscription management, support by email, and any Viltrum website where this Privacy Policy is posted. It does not apply to third-party websites, payment processors, app stores, device operating systems, or services that we do not own or control.

3. Our No-Logs Commitment

Viltrum does not monitor, record, log, store, sell, or pass to third parties your VPN activity. In particular, we do not store:

  • your browsing history or websites visited;
  • the contents of your communications or internet traffic;
  • DNS queries made while using the VPN;
  • your source IP address as a stored VPN log;
  • the VPN IP address assigned to you as a stored user record;
  • VPN connection timestamps, session duration, or server selections;
  • bandwidth usage or traffic volume as a server-side VPN usage record; or
  • any record linking you to a particular online activity through Viltrum.

Network processing

Network systems necessarily process packets in transit to provide a VPN connection, but Viltrum is designed not to write VPN activity or connection data to persistent logs. Connection duration and bandwidth information shown in the app are calculated and stored on your device only and are not sent to Viltrum as VPN logs.

Because we do not keep VPN activity logs, if we receive a lawful request for information about a user's VPN activity, we do not have browsing history, traffic contents, DNS queries, source IP logs, connection timestamps, session duration, or bandwidth logs to provide.

4. Personal Data We Collect

4.1 Account data

When you create or use a Viltrum account, we process the email address and password or authentication credentials needed to create, secure, and administer your account. We use this information to let you sign in, manage your subscription, communicate with you about your account, respond to support requests, and protect the service from fraud or account misuse.

4.2 Subscription and payment data

If you purchase a subscription, payment processing may be handled by Stripe or the Apple App Store. We may receive and store limited payment-related records such as subscription status, plan type, transaction identifiers, receipt status, renewal status, refund status, payment method type, billing country, tax information, and limited card information such as card brand and last four digits where provided by the processor. We do not intentionally store full card numbers or card security codes.

Stripe and Apple process payment information under their own terms and privacy policies. If you buy through the Apple App Store, Apple controls many billing, cancellation, and refund processes.

4.3 Support and email communications

If you contact us at support@viltrum.ai, we process your email address and the contents of your message so we can respond, investigate the issue, maintain support records, and protect our legal rights. Please do not send sensitive information unless it is necessary for your request.

4.4 App data, analytics, diagnostics, and identifiers

Viltrum does not collect crash reports, diagnostic reports, app analytics, attribution analytics, marketing analytics, advertising identifiers, or device identifiers. If this changes, we will update this Privacy Policy before using such data for a new purpose where required by law.

Apple may provide operating-system-level privacy, crash, billing, or App Store services independently of Viltrum. Apple controls those services under Apple's own terms and privacy notices.

4.5 Website data and cookies

As of the date of this Privacy Policy, Viltrum does not use website cookies, website analytics, marketing pixels, or third-party advertising trackers. If we introduce cookies or similar technologies, we will update this Privacy Policy and provide any required consent controls.

4.6 On-device usage information

Viltrum may show connection duration, bandwidth usage, or remaining free-trial allowance inside the app. This information is calculated and stored on your device only and is not transmitted to Viltrum as a VPN usage log.

5. How We Use Personal Data

  • to create, authenticate, and secure your account;
  • to provide VPN access and subscription entitlements;
  • to process payments, renewals, cancellations, refunds, receipts, and tax records;
  • to respond to support, privacy, legal, and abuse requests;
  • to send service messages such as account, security, billing, policy, or subscription notices;
  • to prevent fraud, unauthorized account access, and abuse of the service using account-level and payment-level information, not VPN activity logs;
  • to comply with legal, accounting, tax, regulatory, and dispute-resolution obligations; and
  • to establish, exercise, or defend legal claims.

6. Legal Bases for Processing

Where UK GDPR, EU GDPR, or similar laws apply, we rely on the following legal bases as appropriate: performance of a contract to provide the app, account, subscription, and support services; legitimate interests such as securing accounts, preventing fraud, operating our business, and responding to requests; legal obligations such as tax, accounting, consumer, regulatory, and sanctions obligations; and consent where the law requires consent for a specific processing activity.

7. Sharing Personal Data

We do not sell personal data. We do not sell, rent, or monetize VPN activity because we do not collect VPN activity logs.

We may share limited personal data with:

  • payment processors and app stores, including Stripe and Apple, for billing, subscription, receipt, tax, fraud-prevention, cancellation, and refund purposes;
  • hosting, infrastructure, and email service providers that help us operate accounts, support, and business systems;
  • professional advisers, insurers, auditors, and service providers where needed for business, compliance, accounting, security, or legal purposes;
  • law enforcement, regulators, courts, or other parties where we believe disclosure is required by law or necessary to protect rights, safety, security, or the integrity of the service; and
  • a successor or potential successor in connection with a merger, financing, reorganization, sale, or transfer of all or part of our business, subject to appropriate confidentiality protections.

Service providers

Any service provider that processes personal data for us is expected to process it only for the relevant service purpose and under appropriate confidentiality and data-protection obligations.

8. International Transfers

Viltrum is operated from the United Kingdom and may use service providers or infrastructure in other countries. Where personal data is transferred internationally, we use safeguards required by applicable law, such as appropriate contractual protections or transfer mechanisms. VPN traffic may be routed through VPN server locations chosen or made available as part of the service, but Viltrum does not store VPN activity logs tied to those routes.

9. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No internet service can be guaranteed to be completely secure, so our privacy approach also depends on collecting and retaining as little personal data as reasonably possible. You are responsible for using a strong password, keeping your account credentials confidential, and promptly telling us if you suspect unauthorized account access.

10. Retention and Deletion

We retain personal data only for as long as needed for the purposes described in this Privacy Policy, including providing the service, maintaining account and subscription records, complying with legal, tax, accounting, and regulatory obligations, resolving disputes, preventing fraud, and enforcing our agreements.

  • Account data is generally retained while your account exists and for a reasonable period after closure where needed for legal, security, refund, chargeback, or dispute purposes.
  • Billing, tax, receipt, and transaction records may be retained for the period required by applicable accounting, tax, and legal rules.
  • Support emails may be retained for a reasonable period so we can respond to you, improve support quality, and maintain records of requests or complaints.
  • VPN activity logs, connection logs, server-side bandwidth logs, and server-side session-duration logs are not retained because Viltrum does not create them.

Deletion requests

You may request deletion of personal data by contacting support@viltrum.ai. We may need to retain limited records where required or permitted by law, and deleting account data may prevent us from continuing to provide the service.

11. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data we hold about you. You may also have the right to withdraw consent where processing is based on consent, complain to a data protection authority, or appeal certain privacy decisions.

To exercise privacy rights, contact support@viltrum.ai. We may need to verify your identity and account before responding. We will respond within the timeframe required by applicable law.

UK residents may have the right to complain to the UK Information Commissioner's Office. EU/EEA residents may have the right to complain to their local supervisory authority.

12. Children and Young Users

Viltrum is not directed to children and we do not knowingly target children with marketing. Users under 18 may use Viltrum only with the consent and supervision of a parent or legal guardian. If you are a parent or guardian and believe a child has provided personal data without appropriate permission, contact us so we can review and, where appropriate, delete the information.

Where Viltrum is likely to be accessed by children in the United Kingdom or another jurisdiction with children's privacy rules, we aim to apply high-privacy defaults, data minimization, and clear information practices consistent with applicable law.

13. Regional Privacy Notices

13.1 California and other US state privacy rights

Viltrum does not sell personal data and does not share personal data for cross-context behavioral advertising as those terms may be defined under certain US state privacy laws. Subject to applicable law, residents of California and other US states may request access, correction, deletion, portability, or information about categories of personal data collected, used, disclosed, or shared. You may exercise these rights by contacting us.

13.2 Do Not Track

Because Viltrum does not use website analytics, marketing pixels, or advertising cookies as of the date of this Privacy Policy, we do not respond differently to browser Do Not Track signals.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by updating the date above, posting a notice, sending an email, or displaying an in-app notice where appropriate. Continued use of Viltrum after an updated policy becomes effective means you acknowledge the updated policy.

15. Contact Us

For privacy, support, abuse, or legal requests, contact 19techlab Ltd at support@viltrum.ai. Registered office: 32-38 Leman St, London E1 8EW, United Kingdom.