Skip to main content

CicadaVPN Privacy Notice

Last updated: November 27, 2023

This Privacy Notice describes the privacy practices of CicadaVPN's websites, applications, and Services, specifically applying to the CicadaVPN product. The provision of Services related to CicadaVPN (“CicadaVPN Services”) involves the processing of additional personal data. Please find more detailed information below.

GENERAL REMARKS

CicadaVPN guarantees a strict no-logs policy for CicadaVPN Services, meaning that your internet activity while using CicadaVPN Services is not monitored, recorded, logged, stored, or passed to any third party. We do not store used bandwidth, traffic logs, IP addresses, or browsing data. From the moment a CicadaVPN user connects to one of our VPN servers, their internet data becomes encrypted.

ADDITIONAL PERSONAL DATA PROCESSED WHEN PROVIDING CICADAVPN SERVICES

In addition to the information provided in the Privacy Policy, we process the following data when you use CicadaVPN Services:

Technical Information

  • Statistical server load information: We monitor server performance (CPU, RAM, server net usage) to recommend the most suitable servers to our users.
  • Username and a timestamp of the last session status: This information is used to limit the number of concurrent active user sessions and is automatically deleted within 15 minutes after a session is terminated.
  • Connectivity information: To prevent abuse and to be able to dispute unfair chargebacks, we register whether the user has used the CicadaVPN Service in the last 30 days. No personally identifiable information is collected in this case, apart from the fact that the CicadaVPN Service was or was not used during the mentioned period.
  • Interaction data: To safeguard against abuse and detect prohibited activities, such as scraping, we employ advanced tools to detect irregular patterns within users’ activity when new sessions are initiated. No personally identifiable information is collected in this case, except the indication that irregular patterns were or were not detected within the user’s activity.

Information Collected on CicadaVPN Website

  • Social media platforms and widgets: Our website may include social media features, such as Facebook, Twitter, and LinkedIn like and/or share buttons, to help you share our content more easily. These features may collect information about your IP address and which pages you visit, and they may also set cookies to make sure the feature functions properly.

Information Collected on Our Applications

  • In-app event information: Our application collects anonymized information about the activity on your Account. The processed data only relates to a specific device, meaning that we cannot tell which particular user sent us event information. The in-app event information is necessary for us to:

    • Know if the application is working properly (e.g., if the user was able to register or log in successfully, if the user was able to connect to a server from his/her location).
    • Know how users interact with our application (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.).
    • Identify problems related to our app performance and updates (e.g., crash error reports).
      You can opt out of the collection of in-app information at any time by navigating CicadaVPN app settings.
      In-app event data includes:
    • General event information: Which application sent the event, event time, categorization, and limited routing information.
    • Device information: Device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.
    • Application information: Name, version and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, current VPN connection status, and related information (protocol and technology in use, current server, etc.), information about A/B testing (if any), user preferences (e.g., notifications enabled/disabled, language, preferred connection settings).
    • Account information: Active/inactive Subscriptions of CicadaVPN products, current and past active/inactive plans, trial information.
      Note that a unique device identifier is randomly generated on the customer’s side, and it’s impossible to link it to the customer's email or user ID.
  • Device information: We may collect some device information on our application too. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of CicadaVPN Services. Additionally, to help users connect to the most convenient server when using a Quick Connect feature, our application detects the device’s city (detection is done locally; this data is not logged in our systems).

  • Device identifiers: In some cases, we may record your device’s identifier for marketing or analytics purposes. These identifiers are assigned to your device by the OS manufacturer and can be reset at any time from your device's settings. For instructions, see the following policies for different devices: Advertising & Privacy on iOS devices and Managing your Google Settings on Android devices.

  • Enabled features: Knowing which product features are enabled on your application helps us provide you with more relevant information. For example, this means that you will not receive in-app notifications about CicadaVPN features that are already enabled.

Threat Protection Feature

CicadaVPN offers a Threat Protection feature to its users. When enabled, this feature blocks ads, trackers, malicious websites, and malware. The data processed about users of the Threat Protection feature depends on its use. Generally, we process only the data which helps us provide and improve this service.

  • URL scanning: The Threat Protection feature matches the URLs against the databases of already known items and, if found there, it blocks ads, trackers, phishing attempts, and malicious websites. We are not able to tell which particular user interacted with the exact URL or website. The data that we process is the URL and its status (e.g., if it is blocked). This is necessary to perform and improve this service.

  • Initial file scanning: When the Threat Protection feature initially scans newly downloaded files, it uses an engine to determine if the file is malicious or not. At this point, the data is processed as follows:

    • Scan status: In order for us to block harmful files, we process information on whether the file is malicious or not, and if the scanning was technically properly performed.
    • URLs: We collect this information to determine the source of downloaded files to detect malicious websites. By identifying patterns in malicious URLs, we can block access to sites associated with harmful activities.
    • Connection information: The network connection is essential for the Threat Protection feature to perform smoothly, therefore we process limited data that helps us determine the quality of the connection. Such data may include your country, time zone, and the name of your internet service provider.
    • Cloud-based threat detection: This option is only available for users who have enabled it. When the initial file scan cannot determine if a file is malicious, the file is uploaded to the cloud where a deep scan is performed to detect malware. The cloud-based threat detection applies only to executable files, meaning that no other types of files (such as .doc, .pdf, .jpg) are uploaded to the cloud. When the file is uploaded to the cloud, we are not able to tell which particular user the file belongs to. After cloud-based threat detection, the scanned files are stored and used to improve our Services.
  • Vulnerable app detection: When enabled, this feature informs you if you have any applications that might be exploited by hackers. We do this without gathering your personal data, ensuring all data analyzed is entirely anonymous and unlinked to any particular user. The service quality data that we are analyzing (such as information about whether the user has enabled or disabled the feature, whether the feature has successfully finished the scan, and similar) is for service improvement only and understanding the trends and the spread of vulnerable applications. Please note, this feature uses the National Vulnerability Database (NVD) API but is not endorsed or certified by the NVD.

OTHER SERVICES/FEATURES BY CICADAVPN

  • Meshnet: This feature enables you to establish a point-to-point connection and route your online traffic through another device that’s either yours or another CicadaVPN user’s. When you use this feature, we process the following information: details on the connections and permissions you’ve created, device OS and version, hashed device ID, and user’s email address. If you use file sharing, we also process anonymized information about the number of files transferred, file sizes, and the type of documents (extensions) shared.

  • Dedicated IP service: A dedicated IP address is a unique internet protocol (“IP”) address assigned exclusively to the user during the period of the subscription (afterward, this IP address can be reused for other users). Please be aware that if you purchase a dedicated IP address, your email and information related to your account will be linked to that IP address.

  • Smart DNS: The Smart DNS service replaces the DNS address provided by your internet service provider with one from a different server. Please be aware that this does not provide you with a new IP address. Due to the nature of this service, we have to store your IP address on our systems when you activate the SmartDNS service.

  • Dark Web Monitor feature: When enabled, this feature scans the web to see whether your email address has appeared in any personal data breaches detected by our third-party service provider. For this feature, we share hashed email addresses of the users with our third-party service provider. Your email address is not used or stored by the third-party service provider for any other purposes than helping you monitor data breaches that your email address appeared in. Any generated results are wiped out as soon as you disable the feature.

Back to general Privacy Policy