Contents
1. Who we are 2. Data we collect 3. Zero logs policy 4. How we use data 5. Third parties 6. Your rights 7. Data retention 8. Security 9. Cookies 10. Contact
Legal

Privacy Policy

Last updated: January 2025  ·  Effective immediately
🔒

Our core commitment: Zero logs

We do not log, store, or monitor your browsing activity, DNS queries, connection times, or IP addresses when you are connected to the VPN. This is not just a policy — it is a technical reality of how our system is built.

01 Who We Are

GhostConnect VPN is a privacy-focused VPN service operated as a trading name of its sole trader owner, based in the United Kingdom. In this policy, "we", "us", and "our" refer to GhostConnect VPN.

We are committed to protecting your personal data and operating transparently about how we handle it. This policy explains what data we collect, why we collect it, and how we protect it.

02 Data We Collect

We collect the minimum data necessary to provide the service:

  • Email address — required to create your account and send service communications
  • Password — stored as a secure cryptographic hash only. We never store your password in plain text and cannot retrieve it
  • Payment information — processed entirely by Stripe. We never see, store, or handle your card details
  • WireGuard public key and internal IP address — required to operate your personal VPN tunnel
  • Subscription status — to determine your plan (free or premium) and manage billing
We do not collect your real IP address, location data, device identifiers, or any information about how you use the internet while connected to our VPN.

03 Zero Logs Policy

This is the most important section of this policy. When you connect to GhostConnect VPN, we do not log or store:

  • Your browsing activity or websites you visit
  • DNS queries made while connected
  • Connection timestamps or session durations
  • Bandwidth or data usage per user
  • Your originating IP address when using the VPN
  • Any metadata about your internet traffic

This is not simply a policy choice — our VPN infrastructure using WireGuard does not write this data to disk. Even if compelled by a legal authority, we would have nothing to hand over regarding your browsing activity because it does not exist in our systems.

04 How We Use Your Data

The data we do collect is used only for the following purposes:

  • To create and manage your GhostConnect VPN account
  • To process your subscription payment and manage billing via Stripe
  • To generate and manage your personal WireGuard VPN configuration
  • To send essential service emails — payment receipts, subscription reminders, and security notices
  • To respond to support requests you send us

We do not use your data for advertising, profiling, or any commercial purpose beyond delivering the VPN service you have paid for.

05 Third Parties

We use a small number of trusted third-party services to operate GhostConnect VPN:

  • Stripe — payment processing. Stripe handles all card data under their own privacy policy and PCI-DSS compliance. We never receive your full card details
  • Hetzner — our VPN server infrastructure is hosted on Hetzner servers based in Europe

We do not sell, rent, or share your personal data with any other third parties, advertisers, or data brokers under any circumstances.

06 Your Rights (UK GDPR)

As a UK-based service, we comply with UK GDPR. You have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request deletion of your account and all associated data
  • Right to restriction — ask us to limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to how we process your data

To exercise any of these rights, contact us through your account dashboard or at the email address in Section 10.

07 Data Retention

We retain account data for as long as your account remains active. When you delete your account:

  • Your email address and password hash are permanently deleted within 30 days
  • Your WireGuard keys and VPN configuration are immediately deactivated and deleted
  • Payment records may be retained for up to 7 years as required by UK tax law

08 Security

We take security seriously and implement the following measures to protect your data:

  • All data in transit is encrypted using HTTPS (TLS 1.2+)
  • Passwords are hashed using SHA-256 with a unique random salt — we cannot recover your password
  • VPN traffic is encrypted using WireGuard's ChaCha20 encryption
  • Our servers are hosted in a secure European data centre with restricted access

In the unlikely event of a data breach that affects your personal data, we will notify you within 72 hours as required by UK GDPR.

09 Cookies

We use only essential cookies necessary to keep you logged in to your account (session authentication tokens). We do not use advertising cookies, tracking pixels, or analytics cookies of any kind.

10 Contact

For privacy-related questions, data requests, or concerns, please contact us at:

📧 support@ghostconnectvpn.com
We aim to respond to all privacy enquiries within 5 working days.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.