Last updated: November 1, 2025
Company: THE DAFFODIL BOUTIQUE, LLC
Contact email: belh@thedaffodilboutique.com
This Data Processing Agreement (“Agreement” or “DPA”) is entered into between THE DAFFODIL BOUTIQUE, LLC (“Company,” “we,” “our,” or “us”) and the end user of the GardeVPN mobile application (“User,” “you,” or “your”).
This Agreement describes how data are collected, processed, stored, and protected while you use the GardeVPN service, in accordance with applicable data protection laws and best security practices.
“Personal Data” — any information that can identify an individual directly or indirectly.
“Processing” — any action performed on data, such as collection, storage, use, or deletion.
“Controller” — the entity determining the purposes and means of processing personal data.
“Processor” — the entity that processes personal data on behalf of the Controller.
“Applicable Data Protection Laws” — includes the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws.
The Company processes only the minimal data required for the operation of GardeVPN.
Processing is carried out for the following purposes:
To establish and maintain secure VPN connections.
To provide core app functionality, including encryption, IP masking, and connection management.
To monitor and prevent technical misuse or unauthorized access.
To improve service reliability and performance through anonymous diagnostics.
GardeVPN strictly follows a no-logs policy — no browsing data, traffic content, or DNS requests are collected or stored.
Depending on your app usage, the following limited types of data may be processed:
Technical Information: IP address (temporarily, during session), device type, OS version, and connection timestamps (without browsing content).
Anonymous Performance Data: aggregated, non-identifiable metrics for network optimization.
Subscription Information: for premium services, confirmation data from Apple’s App Store (no payment card data is processed by the Company).
The App does not collect personal details such as your name, email address, or contact information.
All relevant data are stored locally on your device.
The Company does not maintain permanent user data storage on its servers.
Temporary technical session data are deleted automatically once the VPN session ends.
Subscription information is managed solely by Apple and governed by Apple’s data policies.
To ensure the security and confidentiality of user data, the Company applies the following safeguards:
End-to-end encryption (AES-256) for all VPN traffic.
Use of secure tunneling protocols (OpenVPN, IKEv2, or WireGuard).
DNS and IP leak prevention mechanisms.
No-logs infrastructure with isolated server environments.
Regular reviews, audits, and software security updates.
All communication between your device and GardeVPN servers is encrypted and protected from interception.
The Company does not transfer or share user data with third parties.
All data processing takes place within secure data centers managed by trusted providers adhering to strict privacy and security standards.
If any transfer of data outside your jurisdiction becomes necessary, it will comply with applicable safeguards such as the Standard Contractual Clauses (SCCs) under GDPR.
Under applicable privacy regulations, you have the right to:
Request access to any data processed about you.
Request correction or deletion of such data.
Object to processing or withdraw consent (where applicable).
File a complaint with a data protection authority.
Requests can be made at belh@thedaffodilboutique.com.
Because GardeVPN does not store identifiable personal data, many of these rights will not practically apply.
The Company does not use third-party subprocessors for handling user data except for essential infrastructure (e.g., Apple for billing or server providers for VPN node operation).
All partners comply with the same or higher standards of data protection.
All Company personnel authorized to process technical or operational data are subject to strict confidentiality obligations and are trained in secure data management.
In the unlikely event of a data breach, the Company will promptly evaluate the situation and notify relevant authorities and affected users, if required by law.
This Agreement remains valid for as long as the user utilizes the GardeVPN service.
When the App is uninstalled or the service is discontinued, all locally stored data are permanently deleted from the user’s device.
The Company reserves the right to update or modify this DPA to reflect changes in legal requirements or data practices.
The latest version will always be available within the App or on the official GardeVPN website.
Continued use of GardeVPN after updates implies acceptance of the revised Agreement.
For any questions, requests, or concerns regarding this Agreement, please contact:
THE DAFFODIL BOUTIQUE, LLC
📧 belh@thedaffodilboutique.com