Privacy Policy

Last updated: May 10, 2024

This document ("Privacy Policy") explains the privacy rules applicable to personal data and other information collected or submitted when you access, install, or use CicadaVPN services and websites, regardless of the device you use (computer, mobile phone, tablet, etc.).

The data controller of your personal data, as described in this Privacy Policy, is CicadaVPN LTD. (address: 188 Quay Street, Auckland, New Zealand; email: privacy@cicadavpn.com) ("CicadaVPN", "we", "us", or "our").

The capitalized words used in this Privacy Policy as definitions are defined here or in our General Terms.

By visiting our websites, submitting your personal data to us, and accessing, installing, and/or using our services, you confirm that you have read this Privacy Policy and agree to be bound by it. If you do not agree with this Privacy Policy or any provisions hereof, please do not use our services and websites.

1. Processing of Your Personal Data

CicadaVPN processes personal data to a limited scope to provide services, process payments, and enable the functioning of our websites and mobile applications. We may process the following categories of personal data:

Information for Creating Your Account

Email Address: Required for registration, account creation, password recovery, and service usage.

Subscription Information

Subscription Data: Includes your email address, chosen subscription plan, subscription term, ID, frequency, status, auto-renewal status, and features enabled/disabled (e.g., multi-factor authentication).

Payment Data: Necessary for payment collection, processed by our payment partners. We may also process some billing information ourselves in specific cases.
Country Details: Processed for VAT calculation purposes.
Payment Fraud Prevention: Personal data may be verified by us and/or our payment partners to prevent fraudulent payments.
Information Concerning Zero Authorization for Billing: Confirms the validity of your payment method without collecting personally identifiable information.
Information Related to A/B Price Testing: Used to optimize pricing strategies, which may include data collection related to your behavior, preferences, or responses.

Communication Data

Email Address: Used to send updates, respond to inquiries, and send offers or surveys (opt-out available).
Customer Support Inquiries: Includes information necessary to resolve queries, such as payment verification details, country, OS information, and local application logs.
Communication Optimization Data: Used to optimize email campaigns and push notifications.
Chatbot and Live Chat Widget: May collect device information and IP address to assist support and optimize service.

Information Collected on Our Applications and Websites

Service Usage: Information about the specific CicadaVPN services and features you use.
Access Logs: Includes IP address, browser type, and operating system for security and service performance.
Cookies: Used to improve website functionality, analyze usage, and for advertising. More details are provided in our Cookie Policy.

Referrals Data

Information for Participating in Referral Programs: Requires the referrer to provide personal data about themselves and the referred party. It is the referrer's responsibility to abide by applicable privacy laws.

Promotional Games Data

Information for Participating in Promotional Games: Includes full name, email address, and phone number. Participation is voluntary, and data provided may be shared with third parties involved in organizing such games.

Account Data: Used for managing and administering our profiles on social networks. This includes data voluntarily provided by you, such as your full name, profile name, pictures, and public comments.

2. Grounds for Processing of Personal Data

Your personal data is processed:

Contractual Necessity: To provide access to our services, process transactions, and ensure secure and reliable performance.
Legal Obligation: For record-keeping, tax purposes, and compliance with applicable laws.
Consent: For sending marketing communication and managing participation in contests or promotions. You can withdraw your consent at any time.
Legitimate Interests: For business communication, fraud prevention, security issues, and service improvement.

We do not share your personal data with third parties except as described in this Privacy Policy.

Service Providers

We use third-party service providers for various operations, such as payment processing, email automation, diagnostics, and analytics.

CicadaVPN Partners

Our partners, such as distributors and resellers, may process your personal data as independent data controllers. Procedures established by them will apply to such relationships.

Business Transfers

In the event of a business sale, merger, acquisition, or similar event, we may share your personal data with the new entity.

Protection of Our Rights

We may disclose personal data to establish or exercise our legal rights or defend against legal claims.

Requests for Data

We carefully review each request for user data to ensure it complies with applicable laws.

Cross-Border Transfers of Personal Data

Your personal data may be transferred and processed in countries where CicadaVPN operates. We ensure suitable safeguards are in place for such transfers.

You have the following rights concerning your personal data:

Delete: Request the erasure of your personal data.
Access: Know and access the personal data we have collected about you.
Rectify: Correct inaccurate/incomplete personal data.
Object: Object to processing based on legitimate interests.
Portability: Request a copy of your personal data or have it transferred to another controller.
Restrict: Restrict the processing of your personal data.
Withdraw Consent: Withdraw your consent where applicable.

To exercise your rights, contact us at privacy@cicadavpn.com.

5. Data Security

We maintain strict controls over the personal data we collect, implementing physical, technical, and organizational measures to protect your information. These include:

Physical Measures: Controlled access to facilities and secure storage of devices containing personal data.
Technical Measures: Layered defense with firewalls, anti-malware protection, and encryption of data.
Organizational Measures: Adoption of security policies, regular audits, and ongoing employee training on data protection.

Despite these measures, no technology is completely bulletproof. By using our services, you acknowledge that we cannot guarantee 100% security.

6. Data Retention and Deletion

CicadaVPN will retain your personal data only as long as necessary to provide services or fulfill legal obligations. Specific retention periods include:

Billing Information: Retained for 10 years from the last transaction.
Marketing Communication: Retained for 1 year after the end of your subscription or until you opt out.

When we no longer have a legal basis to retain your personal data, it will be securely disposed of or anonymized.

7. Country-Specific Provisions

For Users in the European Economic Area (EEA)

Residents of EEA countries can exercise their GDPR rights by contacting us at privacy@cicadavpn.com.

For Users in California

California residents can exercise their rights under the CCPA by contacting us at privacy@cicadavpn.com. CicadaVPN does not sell, share, lease, or rent your personal information.

8. Contact Us

If you have any questions, requests, concerns, or complaints about this Privacy Policy or our personal data processing practices, please contact us via privacy@cicadavpn.com or by writing to us at: CicadaVPN LTD. 188 Quay Street, Auckland, New Zealand

9. Children’s Data

CicadaVPN does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data to us. If we become aware of collecting personal data from a child under 18, we will delete it promptly.

10. Other Terms

Limitation of Liability

CicadaVPN employs various security measures to protect your data, but you are responsible for exercising caution when using our services. We are not liable for unlawful activities, willful misconduct, or circumstances beyond our control.

Links to Other Websites

Our websites may include links to other sites whose privacy practices differ from ours. We encourage you to read the privacy policies of any website you visit.

Prevailing Language

The English language version of this Privacy Policy is the original, governing instrument. In case of conflict between the English version and any translation, the English version shall prevail.

Updates to the Privacy Policy

We may amend this Privacy Policy from time to time. If changes materially affect the processing of your personal data, we will notify you in advance. Your continued use of our services after the amendments signifies acceptance.

11. CicadaVPN Service-Specific Privacy Practices

General Remarks

Cicada guarantees a strict no-logs policy for CicadaVPN Services, meaning that your internet activity while using CicadaVPN Services is not monitored, recorded, logged, stored, or passed to any third party. We do not store used bandwidth, traffic logs, IP addresses, or browsing data. From the moment a CicadaVPN user connects to one of our VPN servers, their internet data becomes encrypted.

Additional Personal Data Processed When Providing CicadaVPN Services

Technical Information

Statistical server load information: We monitor server performance (CPU, RAM, server net usage) to recommend the most suitable servers to our users.
Username and a timestamp of the last session status: This information is used to limit the amount of concurrent active user sessions and is automatically deleted within 15 minutes after a session is terminated.
Connectivity information: To prevent abuse and to be able to dispute unfair chargebacks, we register whether the user has used the CicadaVPN Service in the last 30 days. No personally identifiable information is collected in this case, apart from the fact that the CicadaVPN Service was or was not used during the mentioned period.
Interaction data: To safeguard against abuse and detect prohibited activities, such as scraping, we employ advanced tools to detect irregular patterns within users’ activity when new sessions are initiated. No personally identifiable information is collected in this case, except the indication that irregular patterns were or were not detected within the user’s activity.

Information Collected on CicadaVPN Website www.cicadavpn.com

Social media platforms and widgets: Our website may include social media features, such as Facebook, Twitter, and LinkedIn like and/or share buttons, to help you share our content more easily. These features may collect information about your IP address and which pages you visit and they may also set cookies to make sure the feature functions properly.

Information Collected on Our Applications

In-app event information: Our application collects anonymized information about the activity on your Account. The processed data only relates to a specific device, meaning that we cannot tell which particular user sent us event information. The in-app event information is necessary for us: (i) to know if the application is working properly (e.g., if the user was able to register or login successfully, if the user was able to connect to a server from his/her location); (ii) to know how users interact with our application (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.); and (iii) to identify problems related to our app performance and updates (e.g., crash error reports). You can opt-out of the collection of in-app information at any time by navigating CicadaVPN app settings. In-app event contains the following information:
- General event information: which application sent the event, event time, categorization, and limited routing information.
- Device information: device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.
- Application information: name, version and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).
- Account information: active/inactive Subscriptions of Cicada products, current and past active/inactive plans, trial information.
Note that a unique device identifier is randomly generated on the customer’s side and it’s impossible to link it to the customer's email or user ID.
Device information: We may collect some device information on our application too. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of CicadaVPN Services. Also, to help users connect to the most convenient server when using a Quick connect feature, our application detects the device’s city (detection is done locally, this data is not logged in our systems).
Device identifiers: In some cases, we may record your device’s identifier for marketing or analytics purposes. These identifiers are assigned to your device by the OS manufacturer and can be reset at any time from your device's settings. For instructions, see the following policies for different devices: Advertising & Privacy on iOS devices and Managing your Google Settings on Android devices.
Enabled features: Knowing which product features are enabled on your application helps us to provide you with more relevant information. For example, this means that you will not receive in-app notifications about CicadaVPN features that are already enabled.

Threat Protection Feature

CicadaVPN offers a Threat Protection feature to its users. When enabled, this feature blocks ads, trackers, malicious websites, and malware. The data processed about users of the Threat Protection feature depends on its use. Generally, we process only the data which helps us provide and improve this service.

In all cases, the Threat Protection feature processes statistics about the use of the feature, such as the date of the last update of the malicious items’ list, the number of blocked entries, and similar data. We process this data to gain knowledge on how the Threat Protection feature is used, so we can improve user experience and the feature itself. You can opt-out of the processing of such statistics at any time by navigating CicadaVPN app settings.

URL scanning: The Threat Protection feature matches the URLs against the databases of already known items and, if found there, it blocks ads, trackers, phishing attempts, and malicious websites. We are not able to tell which particular user interacted with the exact URL or website. The data that we process is the URL and its status (e.g. if it is blocked). This is necessary to perform and improve this service.