Privacy Notice and Terms
Air recognizes the importance of protecting the privacy of all information provided by any user of AirVPN (collectively or individually "User(s)").
Usage of AirVPN is subject to the terms of this Privacy Notice.
Although the Air servers may be located in various European Union countries, all those servers and all data collected by those servers are subject to this "AirVPN Privacy Notice and Terms" and are compliant to the standards and requirements set by Directives 95/46/EC ("Data Protection"), 2002/58/EC ("privacy on electronic communications"), the EU General Data Protection Regulation 2016/679 and the best practices recommended by the EU Art. 29 Working Party and the EDPS (European Data Protection Supervisor).
Servers located outside the European Union will treat users data with the same (or higher) level of privacy and data protection, never with a lower level of privacy and data protection. AirVPN will not use or locate servers in countries which have laws which would force Air to violate the aforementioned European Union directives. Anyway, in case of jurisdictional conflicts, Air will not recognize extra-UE competence and will respond only to European Union laws.
Air servers and software procedures in general do not acquire personal data.
If an AirVPN user or customer registers an account for which a valid e-mail address is provided, such e-mail address will be protected as personal data according to the aforementioned legal framework. Air will not treat this address to profile the user or disclose his/her identity, and will not transmit it to any third party. The identical protection is enforced by default on every other field, to protect those users who should enter in their account fields any information that could be considered personal data in spite of the fact that Air does NOT require such information.
Pressure from private actors to obtain any data is an illegal act and Air, in order to protect its business and the users' privacy, reserves the right to inform the competent authorities and prosecute the private entities responsible for such illegal acts.
If users decide to pay for the Air service via intermediary companies (e.g. PayPal) which process payments, any data the users give to such companies are not under Air control and are not stored or treated by Air, but by the payment processors companies. Air does not store Instant Payment Notifications, therefore if a payment processor sends an Instant Payment Notification which includes personal data of the customer this will not affect the privacy of that customer in Air system.
Users do not need to enter any personal data to access Air services. Users may optionally provide their e-mail addresses to receive courtesy e-mail pertaining to technical support. When they do so, e-mail addresses are stored in Air servers exclusively for assistance purposes. Any technical or sales support is not outsourced. E-mail addresses are not used by Air to identify or collect any other information about the users, are not processed for any purpose different than providing courtesy, automated communications for technical support, and are not transmitted to any third party. A valid e-mail address is NOT required to access Air services and/or receive technical support, so usage of a valid e-mail address remains totally optional.
Users have the right to ask for information about their data and to ask for deletion of any data pertaining to them with a simple written request by e-mail to: info (at) airvpn (dot) org.
Technical data which are strictly necessary for the Internet / networking connections that are specifically related to the Air service are handled by automatic systems only in RAM and only for the time being necessary to provide the service. Activity traffic and/or traffic content and/or IP addresses of the customers or users are not inspected, logged or stored into any mass storage device.
Security measures are taken to protect data leakage, illegal use of data, unauthorized access to data, specifically (but not limited to):
- machines where operations which might involve personal data are protected by redundant security, including, but not limited to, responding only to private host names and rejecting connections from anything different that a tiny white list of addresses
- the database of the accounts is not stored in those Air servers which are dedicated to provide VPN access; it is stored in servers which are not accessible from the outside
- Air databases, according to their contextual usage, are isolated from each other
- in the users database all personal data that do not need a search index are encrypted
- physical access to the machines keeping the users database is prevented by state of the art surveillance in top rated datacenters
- Air uses only ciphers for which a cryptographic practical/feasible attack has not been found by the worldwide scientific community
- different Air servers are not allowed to communicate directly with each other. Each communication, only when strictly necessary for technical reasons (for example checking the authorization of a user in order to let him/her enter an Air VPN service), is performed through an intermediary application service, and is always encrypted
- Air personnel takes care to check daily security and vulnerability bulletins, to keep Air own software as well as system software (including kernels) up to date and to act very expeditiously to patch any found vulnerability in any employed software
Responsible of data treatment is:
Air di Paolo Brini c.a. Paolo Brini firstname.lastname@example.org c/o Studio Papa Via Vecchi 53 I-06100 PERUGIA ITALY