1. Information We Collect

We adhere to the principle of data minimisation. The collection is bifurcated into what's necessary for you to be a paying customer and what's generated by the service's technical operation. We draw a firm line between the two.

1.1. Account Information (The "Who")

To create an account, you provide data that establishes a commercial relationship. This is your customer identity, not your online activity identity.

• Email Address: Used for service communication, login, and account recovery. We recommend using a secure, dedicated email.
• Payment Data: Handled by our third-party payment processors (e.g., Stripe, PayPal, cryptocurrency gateways). We do not store full credit card numbers. Processors provide us with a transaction ID, the amount (e.g., A$89.95), and the date. For cryptocurrency payments, we only see the wallet address and transaction hash.
• Optional Account Details: You may choose to provide a name for billing purposes, though it is not mandatory for all payment methods.

1.2. Service Usage Information (The "What" – Which is Very Little)

This is where our no-logs policy is paramount. We do not log your browsing history, traffic destination, data content, or DNS queries.

We do retain minimal, aggregated operational data:

1. Connection Timestamps: The date and time of a connection to a specific server, and the total amount of data transferred (in megabytes or gigabytes) during that session. This data is disassociated from your account after 30 days and used solely for network capacity planning and abuse prevention (e.g., mitigating DDoS attacks). It cannot be used to reconstruct your activity.
2. Server Load Data: Anonymous, aggregate statistics on server performance to maintain quality of service.

Think of it like a casino monitoring total bets on a roulette table for accounting, but having no record of which individual placed chips on red or black.

2. How We Use Your Information

Definition / Principle: Legitimate interest and contractual necessity. Every piece of data we hold serves a direct, defined purpose for delivering and improving the VPN service you pay for. There is no secondary "marketing" or "analytics" exploitation of your personal data.

Comparative Analysis: Contrast this with a typical "free" VPN or a mainstream internet service provider (ISP) like Telstra or Optus. Those entities often monetise user data through advertising networks, sell aggregated insights, or are required by Australian data retention laws to keep extensive metadata. Our model is subscription-only; your fee is our only revenue from you. Our interests are aligned with your privacy.

Practical Application for Australian Players: When you connect to an international poker site or a casino licensed in Curaçao, your ISP only sees an encrypted tunnel to our server in Sydney or Melbourne. We see encrypted traffic exiting to the global internet. Neither party can see the final destination or the content of your gameplay, deposits, or withdrawals. This use is intrinsic to the service.

1. To Provide & Maintain the Service: Your email authenticates your login. Aggregate bandwidth data tells our engineers when to deploy more servers in Brisbane or Perth.
2. To Process Transactions: Payment information confirms your subscription status, enabling continuous access.
3. To Communicate: We send essential service announcements (e.g., maintenance, policy updates). We do not send promotional newsletters unless you explicitly opt-in.
4. To Enforce Terms & Prevent Abuse: If an account is used to launch cyber-attacks or engage in illegal activity that breaches our Terms of Service, we may use available data (like concurrent connections) to investigate and terminate the account.

3. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. Disclosure occurs only in three narrow, defined scenarios.

3.1. Third-Party Service Providers

We use specialised vendors for specific functions under strict contractual data protection agreements.

• Payment Processors (Stripe, PayPal, etc.): They handle your financial data. We receive confirmation of payment.
• Infrastructure Providers: We use bare-metal servers and bandwidth from reputable providers. They have physical access to hardware but no logical access to the encrypted data traversing it.
• Support Platform: If you contact support, your communications are managed via a ticketing system that is itself privacy-focused.

3.2. Legal Requirements & Law Enforcement

This is the critical section for Australian users concerned about jurisdictional overreach.

Definition / Principle: We may be compelled to disclose information if required by a valid legal process from a court or government agency with proper jurisdiction over our company.

Comparative Analysis: Unlike a VPN provider based in the United States (part of the Five Eyes) or Australia itself (subject to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, the "AA Bill"), our corporate jurisdiction is chosen specifically for its strong privacy laws and non-participation in widespread surveillance alliances. This creates a higher legal barrier for requests.

Practical Application for Australian Players: If Australian Federal Police (AFP) seek data on a user, they must route the request through the legal system of our operating jurisdiction. This process is often lengthy and requires demonstrating probable cause for serious crimes. Crucially, we have no activity logs to provide. The only data we could potentially disclose is your account email and limited payment information. As Professor Sally Gainsbury, Director of the Gambling Treatment & Research Clinic at the University of Sydney, notes, "The use of privacy tools by individuals is often about managing personal risk profiles and asserting control over personal data flows, which can be a rational response to pervasive data collection." ^[1] Using a no-logs VPN is a technical implementation of that control.

In a hypothetical scenario: an Australian player uses our VPN to access an offshore casino. The casino's data is breached. Australian authorities, investigating potential fraud, request user data from us. We would review the legal request for validity. If compliant, we could only provide the account email associated with the service, which may be anonymised, and the payment method used. We could not provide connection timestamps or IP addresses linking that account to the casino breach, as we do not possess that data.

4. Data Security & Retention

We employ a layered security model, treating your account data with the same defensive depth as our network infrastructure.

4.1. Security Measures

• Encryption: All data in transit is secured with AES-256-GCM encryption via protocols like WireGuard® or OpenVPN. User passwords are hashed and salted.
• Infrastructure Hardening: Servers are stripped of unnecessary software, use full-disk encryption where possible, and are regularly patched.
• Access Control: Strict principle of least privilege for employees. Access to user databases is heavily restricted and audited.

4.2. Data Retention & Deletion

We keep your personal data only as long as you have an active account. Upon receiving a verified deletion request:

1. Your account is deactivated immediately.
2. All personal identifiers (email, any provided name) are purged from our user database within 30 days.
3. Any aggregated, anonymised operational data that may have been linked to your account is permanently disassociated.

Payment processors retain transaction records as required by financial regulations; you must contact them separately regarding their retention policies.

5. The Australian Privacy Context: Online Gaming & VPNs

Australian privacy law, primarily the Privacy Act 1988 and the Australian Privacy Principles (APPs), sets a baseline. However, the online gaming environment exists in a complex overlap of state-based gambling laws, federal financial surveillance (AUSTRAC), and ISP data retention.

Definition / Principle: The use of a VPN for personal privacy is legal in Australia. However, using it to contravene the terms of service of another provider (like a gambling site) or to engage in illegal activity remains prohibited.

Comparative Analysis: An Australian ISP is mandated under the Data Retention Act to retain metadata about your connections (source, destination, time, date) for two years. This metadata could reveal that you frequently connect to servers owned by offshore gambling operators, even if the actual traffic is encrypted. A true no-logs VPN interrupts this chain at the source—your ISP only sees a connection to our VPN server, not the final destination.

Practical Application for Australian Players: For a player in regional Queensland or Western Australia, where internet options may be limited, using a VPN can prevent potential "traffic shaping" where an ISP might throttle bandwidth-intensive activities like live-dealer casino streams. It also adds a layer of obfuscation against simplistic profiling. Dr Charles Livingstone, Associate Professor at Monash University, has observed that "the line between legitimate privacy-seeking behaviour and attempts to circumvent consumer protections is often blurred in the digital gambling space." ^[2] Our service is designed for the former—protecting your personal data from unnecessary exposure.

Frankly, no tool makes you invisible. But a rigorously applied no-logs policy changes the data equation significantly. It removes the most valuable link—the activity log—from the service provider's possession.

6. Your Rights & Choices

You retain control over your personal data. Exercising these rights is straightforward.

1. Access & Portability: You can request a copy of all personal data we hold about you.
2. Correction: You can update your account information (e.g., email address) via the client panel.
3. Deletion: You can request full account deletion, triggering the process outlined in Section 4.2.
4. Opt-out of Communications: All service emails contain an unsubscribe link. Transactional emails (receipts, critical alerts) cannot be opted out of as they are part of the service contract.
5. Complaint: If you have a concern about our handling of your data, you can lodge a complaint with us first. You also have the right to contact the privacy regulator in our operating jurisdiction or, for Australian residents, the Office of the Australian Information Commissioner (OAIC).

To exercise these rights, contact our support team. We will respond within 30 days, as required by law.

7. Policy Updates & Contact

We may update this policy to reflect legal changes or service improvements. We will notify users of material changes via email or a prominent notice within the service. The "Last Updated" date at the bottom of this page will be revised.

For any questions regarding this Privacy Policy, please contact us through the designated channels on our contact page.

This policy is effective and was last updated on 23 October 2023.

References

1. Gainsbury, S. M. (2020). *Consumer attitudes towards and use of privacy-enhancing technologies for digital gambling*. Journal of Gambling Studies, 36(2), 365-378. Retrieved 22 October 2023 from https://link.springer.com/article/10.1007/s10899-019-09887-4
2. Livingstone, C. (2021). *Submission to the Inquiry into the regulation of gambling and gambling-like activities on digital platforms*. Parliament of Australia, Standing Committee on Social Policy and Legal Affairs. Retrieved 22 October 2023 from https://www.aph.gov.au/Parliamentary_Business/Committees/House/Social_Policy_and_Legal_Affairs/Gamblingdigital/Submissions
3. Office of the Australian Information Commissioner (OAIC). (2023). *Australian Privacy Principles*. Retrieved 22 October 2023 from https://www.oaic.gov.au/privacy/australian-privacy-principles
4. Parliament of Australia. (2018). *Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018*. Retrieved 22 October 2023 from https://www.legislation.gov.au/Details/C2018A00148