Pivot VPN Privacy Policy & GDPR Notice
Embedded Files
Effective date: 14.04.2026
Last updated: 14.04.2026
1. Who we are
This Privacy Policy explains how Pivot VPN (“Pivot VPN,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you use our website, apps, browser extensions, customer support channels, and VPN services (collectively, the “Services”).
Data Controller: Hwilo for technical solutions
Registered address: Building 20/46, Ain Shams, Marg, Cairo, Egypt
Website: pivotvpn.net
Contact email: hwilo.app.dev@gmail.com
By using our Services, you acknowledge that your personal data will be processed as described in this Privacy Policy.
2. Scope of this Policy
This Privacy Policy applies to:
the Pivot VPN website;
mobile and desktop applications;
browser extensions;
account registration and billing;
communications with support;
analytics, diagnostics, and security monitoring related to the Services.
This Privacy Policy does not apply to third-party websites, platforms, payment providers, app stores, or services that we do not control, even if they are linked from our website or app.
3. Our core privacy position
Pivot VPN is built to minimize data collection.
We do not log or store your browsing activity or the content of your online traffic. In particular, we do not intentionally store:
browsing history;
websites visited;
DNS queries related to your browsing activity;
the content of communications or traffic passing through the VPN tunnel;
files downloaded or uploaded through the VPN tunnel;
connection logs that monitor what you do online through the VPN.
Where limited technical processing is necessary to authenticate your account, maintain service stability, prevent abuse, process payments, provide support, or comply with legal obligations, we restrict that processing to the minimum necessary.
4. Personal data we collect
4.1 Account and subscription data
When you create an account or subscribe, we may collect:
email address;
password hash or authentication credentials;
subscription status and plan type;
purchase source (for example, website, Apple App Store, Google Play);
transaction or subscription identifiers;
country or region associated with billing, tax, fraud prevention, or app store records.
4.2 Payment and billing data
We do not store full payment card numbers.
Payments are processed by third-party payment processors, app stores, or subscription platforms. Depending on your payment method, we may receive limited billing-related information such as:
payment status;
subscription renewal date;
plan purchased;
transaction ID;
refund or chargeback status;
country for tax and invoicing purposes.
4.3 Customer support and communications
If you contact us, we may collect:
your email address;
the content of your message;
attachments, screenshots, or diagnostics you choose to send;
support history;
device or app details relevant to resolving the issue.
4.4 App, device, and diagnostics data
To maintain the Services, improve app stability, prevent abuse, and diagnose errors, we may collect limited technical data such as:
app version;
operating system and device type;
language selection;
crash reports;
diagnostic event data;
performance and reliability metrics;
coarse country or region derived from app or billing context;
anonymized or pseudonymized identifiers used for analytics, attribution, fraud prevention, or subscription reconciliation.
4.5 Website usage and cookie data
When you visit our website, we or our service providers may collect data through cookies and similar technologies, including:
IP address;
browser type;
device information;
pages viewed;
referral source;
approximate location derived from IP;
cookie IDs or similar identifiers.
Details are provided in our Cookies Policy.
5. What we do not collect as activity logs
Pivot VPN does not use the VPN service to monitor your internet behavior. We do not intentionally retain logs of:
websites visited through the VPN;
browsing history through the VPN;
DNS requests tied to your browsing session;
content accessed through the VPN;
source IP and assigned VPN IP in a way designed to reconstruct user browsing activity;
timestamps of online activity for monitoring browsing behavior.
This section describes our service design intent and operating model. It does not limit processing that is strictly necessary for account authentication, billing, fraud prevention, service integrity, abuse mitigation, legal compliance, or support.
6. How we use personal data
We use personal data only where necessary for legitimate business and legal purposes, including:
to create and manage user accounts;
to provide VPN access and maintain subscriptions;
to authenticate users and devices;
to process payments, renewals, refunds, and chargebacks;
to provide customer support;
to detect abuse, fraud, unauthorized account access, and security incidents;
to maintain service reliability, monitor performance, and fix bugs;
to improve the website, applications, and user experience;
to send essential service communications, including transactional and support-related messages;
to send marketing communications where permitted by law or where you have consented;
to comply with legal, regulatory, tax, accounting, and law-enforcement obligations;
to establish, exercise, or defend legal claims.
7. Legal bases for processing under GDPR
If you are in the EEA, UK, or another jurisdiction with similar rights, we process personal data on one or more of the following legal bases:
Performance of a contract — where processing is necessary to provide the Services you requested, such as account creation, subscription management, authentication, and support.
Legitimate interests — where necessary to secure, improve, and operate our Services, including fraud prevention, abuse detection, debugging, analytics, and service administration, provided those interests are not overridden by your rights and freedoms.
Consent — where required, for example for certain cookies, analytics, or marketing communications.
Legal obligation — where processing is necessary to comply with applicable law, tax obligations, court orders, or lawful requests from authorities. GDPR recognizes these legal bases for processing personal data.
8. Cookies and similar technologies
We use cookies and similar technologies on our website for:
essential website functionality;
security and fraud prevention;
analytics and performance measurement;
remembering user preferences;
marketing and attribution, where permitted.
Where required by law, we will ask for consent before placing non-essential cookies on your device. You can also manage cookies through your browser settings or our cookie banner/settings tool.
For more information, please see our Cookies Policy.
9. Sharing of personal data
We do not sell your personal data.
We may share limited personal data with third parties only when necessary for the purposes described in this Privacy Policy, including:
payment processors and subscription platforms;
app stores such as Apple App Store and Google Play;
hosting, infrastructure, and cloud service providers;
customer support tools;
analytics, attribution, and crash-reporting providers;
email and communications providers;
fraud prevention and security vendors;
professional advisers such as lawyers, accountants, auditors, and insurers;
public authorities or law enforcement, where required by applicable law or valid legal process;
buyers, investors, or successor entities in connection with a merger, acquisition, restructuring, or asset sale.
We require service providers to process personal data only on our instructions and with appropriate confidentiality and security safeguards.
10. Third-party services we may use
To operate, secure, and improve Pivot VPN, we use certain third-party service providers. These providers may process limited personal data or technical data on our behalf or as independent service providers, depending on the service involved.
The categories of third-party services we use may include:
payment processing and app store billing;
subscription management;
hosting and infrastructure;
authentication and backend services;
analytics and performance monitoring;
mobile attribution;
push notifications and communication services;
email delivery, where applicable.
Our current third-party providers may include, where enabled and applicable:
Apple App Store
Google Play
RevenueCat
Firebase
Google Sign-In
AppsFlyer
OneSignal
These providers may process data such as device information, app identifiers, purchase and subscription status, authentication data, diagnostic data, and app interaction events in accordance with their own privacy policies and applicable laws.
We may change or update the third-party providers we use from time to time as our services evolve. We encourage you to review the privacy policies of those providers directly.
11. International transfers
Your personal data may be processed in countries other than your own. When we transfer personal data outside the EEA, UK, or other jurisdictions with transfer restrictions, we use appropriate safeguards where required, such as adequacy decisions or approved contractual mechanisms, including the European Commission’s Standard Contractual Clauses. International transfers under GDPR require appropriate safeguards where no adequacy decision applies.
12. Data retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide and secure the Services, comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.
Retention periods may vary depending on the type of data and the purpose for which it was collected. In general:
Account data is retained for as long as your account remains active and for a limited period thereafter where necessary for legal compliance, fraud prevention, dispute resolution, and recordkeeping.
Subscription, billing, and transaction-related records may be retained for the period required under applicable tax, accounting, financial reporting, and app marketplace rules.
Support requests and related communications may be retained for as long as reasonably necessary to respond to your request, improve support operations, and protect against abuse or legal claims.
Technical, diagnostic, and service-related data may be retained for the shortest period reasonably necessary to maintain app security, investigate errors, prevent misuse, and improve performance.
Where we process data based on consent, we may retain such data until consent is withdrawn, unless a longer retention period is required or permitted by law.
When personal data is no longer required for the relevant purpose, we delet
13. Your privacy rights
Depending on your location, you may have the right to:
be informed about how your personal data is used;
access your personal data;
correct inaccurate personal data;
request deletion of your personal data;
restrict certain processing;
object to certain processing;
receive your personal data in a portable format where applicable;
withdraw consent at any time where processing is based on consent;
lodge a complaint with your local data protection authority.
Under the GDPR, these rights include access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making; requests should generally be answered without undue delay and, in principle, within one month.
To exercise your rights, contact us at hwilo.app.dev@gmail.com.
We may need to verify your identity before processing your request.
14. Account deletion
You may request deletion of your account and associated personal data by:
using the in-app account deletion function, if available; or
contacting us at hwilo.app.dev@gmail.com.
When you request deletion, we will delete or anonymize your personal data unless retention is required for:
legal compliance;
tax or accounting obligations;
fraud prevention and abuse detection;
dispute resolution;
enforcement of our legal rights.
Some limited records may therefore be retained for the legally required or reasonably necessary period.
15. Security
We use reasonable technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.
These safeguards may include:
encryption in transit;
access controls;
role-based permissions;
logging and monitoring of administrative access;
vendor due diligence;
secure development and patching practices.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
16. Children
Pivot VPN is not directed to children, and our Services are not intended for anyone under the age of 18, or the age of digital consent / majority in the relevant jurisdiction if higher.
We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.
17. Third-party links
Our website or apps may contain links to third-party websites or services. We are not responsible for the privacy, security, or content practices of third parties. You should review their privacy policies separately.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice through the website, app, or email.
Your continued use of the Services after the updated Privacy Policy becomes effective means that the updated version applies to your use of the Services.
19. Contact us
If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, contact:
Pivot VPN
Hwilo for technical solutions
Building 20/46, Ain Shams, Marg, Cairo, Egypt
Email: hwilo.app.dev@gmail.com
If you are in the EEA or UK, you also have the right to complain to your local data protection authority.
Page updated
Google Sites
Report abuse