Improve Section on Payment Handling in Privacy Policy

[Braguette 0]

Can you add more details on how payment information is stored in your Privacy Policy? I think you need to keep payment information for at least 30 days so that you can honor your 30 day money back guarantee, but you don't have the details in the current privacy policy. Do you keep payment information (including payment method) after 30 days? Mullvad's corresponding entry in their privacy policy is a good reference for what I'd like to see.

By the way, I'm not a shill. AirVPN is cheaper and can be set up to be much more private than Mullvad.

[Staff 9755]

Hello!

We do not retain data on AirVPN servers. Data remains forever in your and our PayPal account,, as well as in your credit card company database, though.

However that's a matter of PayPal or your credit card issuer privacy policy. In our privacy notice we address this fact here:
 

Quote

If users decide to pay for the Air service via intermediary companies (e.g. PayPal) which process payments, any data the users give to such companies are not under Air control and are not stored or treated by Air, but by the payment processors companies. Air does not store Instant Payment Notifications, therefore if a payment processor sends an Instant Payment Notification which includes personal data of the customer this will not affect the privacy of that customer in Air system.

Thank you very much for your choice. Enjoy AirVPN!

Kind regards
 

[Braguette 0]

I understand from your privacy policy that you never receive personal information from payment companies like PayPal, but I don't understand how you can offer the 30-day money-back guarantee without maintaining some link between the payment and the account (e.g. transaction id) for the initial 30-day period of the account. Information on this is what I would like to see in the Privacy Policy. Edited ... by Braguette
Removed irrelevant last sentence.

[Staff 9755]

@Braguette

A transaction ID is not a personal information, but a code created pseudo-randomly, so it would be an error to cover it in a Privacy Notice and Terms document. Anyway it is stored in the payment processor database forever. If a customer asks for a refund, she must provide the needed data to make the refund possible, or simply ask the payment processor for a refund via the proper procedure implemented both in 2Checkout and PayPal.

If the payment was delivered directly without intermediaries (i.e. through cryptocurrency which we accept cutting out any intermediary), the customer asking for a refund must again provide us with the proper data to let us verify refund eligibility, for example transaction hash in a blockchain.

Kind regards