PRIVACY POLICY
1. INTRODUCTION
This privacy policy sets out how Toggle Inc. (“Company”) uses and protects your personal data when you (“you”, “user”) access and use of the Website located at https://www.toggle-vpn.com and its subdomains and any of the Company’s other Websites on which a link to this privacy policy appears (“Website”), including when you register an account with us or sign up to our newsletter or purchase our services.
Product-specific Privacy Policies. Specific Company’s products cater to different user needs, and they may process different personal data points during their performance. If you are using Toggle VPN services, the following Privacy Policy will apply to you: https://www.toggle-vpn.com/privacy-policy
We guarantee that your internet activity while using Toggle VPN services is not monitored, recorded, logged, stored, or passed to any third party. We do not store used bandwidth, traffic logs, IP addresses, or browsing data. From the moment you connect to one of our VPN servers, your internet data becomes encrypted.
Our Website is generally intended for use by adults (i.e. individuals who are over 18 years of age or of the age of majority in your country). We do not knowingly collect personal information from children. If you believe that we might unintentionally collect personal data from or about children, please contact us and we will take reasonable measures to promptly delete such personal data from our records.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
2. IMPORTANT INFORMATION AND WHO WE ARE
Toggle Inc. is the controller and is responsible for your personal data (“Company”, “we”, “us” or “our” in this policy).
Contact details
Our full details are:
- Full name of legal entity: Toggle Inc.
- Email address: dpo@toggle.org
- Postal address: 25399, The Old Rd, APT 3210, Stevenson Ranch - 91381-1618 United States (US)
- Telephone number: [+1 (760) 512-1393]
You have the right to make a complaint at any time with a data protection supervisory body.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review.
If we introduce changes to this privacy policy, those changes will be posted on this page. You may be required to read and acknowledge the changes to continue your use of the Website.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
3. WHAT DATA WE MAY COLLECT
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes user ID.
- Contact Data includes contact information you chose to provide to us, which may include at your discretion: your name , email address, phone number, billing address, copies of the communications between us and the user.
- Transaction Data includes your name, partial payment card detail (such as 4 last digits of your bank card number, expiration date and country of issue), billing address (country-level), payment ID, details about payments from you and to you.
- Technical Data includes IP address, time zone setting, device operation system.
- Usage Data includes logs and detail of user’s use of the Website, being the dates and times on which the user accesses and updates our Website, any error or debugging information, and the resources that the user accesses and the actions we and the user take in relation to them and Cookies Data.
- Cookies Data: the information collected through the cookies and similar technologies listed in our Section 6 of this policy.
- Marketing Data includes user’s direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to the user or received from the user.
- Feedback Data: user’s feedback and survey responses.
We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific Website feature in order to analyse general trends in how users are interacting with our Website to help improve the Website and our service offering.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
-
Your interactions with us. You may choose to provide us with
your personal data by filling in online forms or by corresponding
with us by post, phone, email or otherwise. This includes personal
data you provide when you:
- subscribe for our services;
- create an account on our Website;
- subscribe to our newsletter;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- request our support;
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our Website, we may automatically collect Technical Data, Usage Data and Cookies data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs or other similar technologies.
-
Third parties. We will receive personal data about you from
third parties, such as:
- Third-party analytics providers. Our analytics providers may provide us with information regarding your use of our Website (such as your interaction with the Website, software bugs and errors, etc.) so that we could improve our Website and detect and prevent fraud in our services. For example, we use data security service provided by Cloudflare Inc. (USA).
- Third-party payment processors will provide us with Transaction Data if you subscribe to our services on the Website. We use payment processing service provided by Stripe Inc. (USA).
- Advertising partners. From time to time, we may receive non-personal information from our advertising partners concerning the performance of our advertising campaigns displayed outside our Website. For example, we may be provided with data about interaction with our advertisement (such as clicks, views, impressions and installs), information from which ad network and advertising campaign the install of our Service originated from or data necessary to fight fraud (such as refund abuse in games or click fraud in advertising) (“Ads Performance Data”).
5. HOW WE USE YOUR PERSONAL DATA
We will only collect and use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:
- Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
- Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
- Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
DELIVERY AND IMPROVEMENT OF OUR SERVICES AND PURCHASES
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To permit you use the website without registration of Account |
Technical
Cookies |
Legitimate interests (delivering our Services to you) |
| To take steps towards providing you with services at your request, to process purchases and deliver services to you, including managing payments and sending you service communications |
Identity
Contact (if provided) Transaction Technical |
Performance of a contract |
ACCOUNT MANAGEMENT AND PROFILING
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To combine the information we collect about you into a single customer account profile |
User ID
Contact (if provided) Marketing |
Legitimate interests (to publicise and grow our business) |
DIRECT MARKETING
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To send you direct marketing communications via email |
Contact
Technical Direct Marketing |
Consent |
TROUBLESHOOTING, IMPROVEMENT AND SECURITY
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To administer, monitor and improve our business and Services including troubleshooting, data analysis and system testing |
Identity
Contact Technical |
Legitimate interests (for running our business, provision of administration and IT services, network security, maintaining the security of services, providing a secure service to users and preventing fraudulent and other misuse of our services) |
| To apply security measures to our processing of your personal data, including processing in connection with the Services | All personal data under this privacy policy | Legal obligation (applying appropriate technical and organisational measures) |
| Otherwise monitoring use of the services and deploying appropriate security measures |
Contact
Security Transaction |
Legitimate interests (running our business, provision of administration and IT services, network security, maintaining the security of our services, providing a secure service to users and preventing fraudulent and other misuse of our Services) |
RIGHTS AND OBLIGATIONS
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities’ requests | All personal data under this privacy policy | Legal obligation |
COOKIES AND PERSONALISATION
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To deploy and process personal data collected via Cookies that are strictly necessary | Cookies | Legitimate interests (delivering and securing our services) |
| To deploy and process personal data collected via Cookies that are not strictly necessary | Cookies | Consent |
OTHER COMMUNICATIONS
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To notify you of changes to the services, your purchases and our terms and conditions for ongoing contracts |
User ID
Contact (if provided) |
Performance of a contract |
| To respond to your requests to exercise your rights under this policy | As relevant to your request | Legal obligation (complying with data subject requests) |
| To ask you to complete a survey and process your response (where applicable, please also see the separate privacy policy) | Contact (if provided) | Consent |
| To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary | As relevant to your enquiry or request | Legitimate interests (service our users and prospective users) |
PERSONAL DATA SHARING
| Purpose or activity | Type of personal data | Lawful basis for processing |
| Share personal data with our third-party providers for purposes not otherwise set out above | As set out at “Disclosures of your personal data” | Legitimate interests (for the purpose relevant to the recipient, as set out at “Disclosures of your personal data”) |
6. COOKIES
Like most online services, we use cookies and similar technologies to provide and personalize your Website experience, analyze Website use, provide target advertisements and prevent fraud. You can disable optional cookies in your browser settings or via updating Cookie Preferences on the website, but then some parts of the Website and/or our services may not function properly.
What are cookies?
Cookies are small pieces of text sent to your web browser that assist us in providing our services according to the purposes described. A cookie file is stored in your web browser and allows our Website or a third party to recognize you and make your next visit easier and the Website more useful to you.
Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your device when you go offline, while session cookies are deleted as soon as you close your web browser.
How do we use cookies?
We do not use our own cookies on the Website, but we may use third-party cookies. Cookies serve different tasks. For example, they may be used in our Services to report usage statistics, deliver advertisements on and through our Website, and so on in accordance with privacy policies of third parties.
Strictly necessary cookies
Some cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the Website and/or our services may not work. These cookies typically do not store personal data. Please note that you cannot withdraw your consent to cookies that are strictly necessary for the operation of the Website
Functional cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us understand which pages are the most and least popular and see how visitors move around the Website. The information collected in these cookies are aggregated, meaning that they do not relate to you personally. If you do not allow these cookies we will not know when you have visited our Website, and will not be able to monitor its performance. In some cases, these cookies may be sent to our third-party service providers to help us manage analytics.
Targeting cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
How to opt-out of the installation of Cookies?
As cookies are linked to the browser you are using, they can be disabled directly by your browser, however, disabling cookies may prevent you from using certain website features – in particular, services provided by third parties may not be accessible and may not be displayed correctly.
You can find further information about how to manage Cookies in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
Also, for further information or instructions follow the initiatives provided by the EDAA (EU) , Digital Advertising Alliance (US), Network Advertising Initiative or AppChoices for mobile devices, DAAC (Canada), and other similar services.
7. DISCLOSURES OF YOUR PERSONAL DATA
We may disclose your information to certain categories of recipients (for example, cloud storage or third-party payment processor) in order to provide you with our Website and services and comply with our legal obligations. We share some data with these third parties only when legally permitted or under data processing agreements.
We may share your personal data with the following third parties:
- Third-party analytics providers. We may share data with our analytics providers with regard to your use of our Website (such as your interaction with the Website, software bugs and errors, etc.) so that we could improve our Website and detect and prevent fraud in our services. We use data security service provided by Cloudflare Inc. (USA), you can find their privacy policy at https://www.cloudflare.com/privacypolicy
- Third-party payment processors. If you subscribe to our services on the Website, we will process your payment with Stripe, Inc., USA (Stripe), our third-party payment provider. We may use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.
- Data storage service providers. Amazon Web Services, Inc., USA (AWS), our data storage provider. You can find their privacy policy at: https://aws.amazon.com/ru/privacy/
- Marketing partners. We may collaborate with marketing partners who help us advertise our Website and services. We may share information with them (usually non- identifying), for them to assist us in measuring and optimising our advertising campaigns.
- Regulators, law enforcement, and public authorities where necessary to exercise our rights or comply with a legal obligation.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. INTERNATIONAL TRANSFERS
Our Services are global by nature and your data can therefore be transferred and processed in other countries other than the country in which you are resident. Because different countries may have different data protection laws than your own country, we take steps to ensure adequate safeguards are in place to protect your data as explained in this Policy. Adequate safeguards that our partners may use include transfer of data to the jurisdictions, which are considered by the European Commission to be offering an adequate level of protection for personal data of EU residents or standard contractual clauses approved by EU Commission or other methods approved by the relevant regulators in other countries.
Please contact us using the contact details above if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
9. DATA SECURITY
Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access. We are continuously developing and implementing administrative, technical and physical security measures to protect the confidentiality, security and integrity of the collected data and to prevent from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the data under our control. This includes, but is not limited to, data encryption and limitation of access to personal information based on a “need-to-know” principle.
We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Website or services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
All information you provide to us is stored on secure servers provided by AWS (SOC 2 Type II complaint, ISO 2700 complaint), located in jurisdictions, which are considered by the European Commission to be offering an adequate level of protection for personal data of EU residents or standard contractual clauses approved by EU Commission or other methods approved by the relevant regulators in other countries.
Any payment transactions carried out by our third-party provider of payment processing services Stripe will be encrypted using encrypted using mutual transport layer security (mTLS) technology and processed as described at https://docs.stripe.com/security .
10. THIRD-PARTY LINKS
The Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every Website you visit.
11. DATA RETENTION
We keep your information only so long as we need it to provide our Website and services to you and fulfil the purposes described in this Privacy Policy.
Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Personal information printed on paper will be destroyed by shredding.
12. YOUR LEGAL RIGHTS
You have the following rights under data protection laws in relation to your personal data.
- Access. Request access to and/or a copy of the personal data we process about you (commonly known as a data subject access request). This enables you to check that we are lawfully processing it.
- Correction. Request correction of any incomplete or inaccurate data we hold about you. (We may need to verify the accuracy of the new data you provide to us.)
- Deletion. Request us to delete or remove personal data where there is no good reason for us continuing to process it. You also can ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we need to erase your personal data to comply with law. (In some cases, we may need to continue to retain some of your personal data where required by law. If these apply, we will notify you at the time of our response.)
- Objection. Object to us processing your personal data where (a) we are relying on legitimate interests as the lawful basis and you feel the processing impacts on your fundamental rights and freedoms, or (b) the processing is for direct marketing purposes. In some cases, we may refuse your objection if we can demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights and freedoms.
-
Restriction. Request that we restrict or suspend our processing of
your personal data:
(i) if you want us to establish the data’s accuracy;
(ii) where our use of the data is unlawful, but you do not want us to erase it;
(iii) where we no longer require it, but you need us to hold onto it to establish, exercise or defend legal claims; or
(iv) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. - Data portability. Request we transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means that we process on the lawful bases of consent or performance of a contract.
- Withdraw consent. Withdraw your consent at any time where we are relying on consent to process your personal data. Please know that this does not affect the lawfulness of any processing carried out before you withdraw your consent, and after withdrawal, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- If you are unhappy with how we process your personal data, we ask that you contact us first using the details below so that we have the chance to put it right. However, you also have the right to make a complaint to the regulator at any time
You can exercise any of these rights at any time by contacting us at dpo@toggle.org or via App.
13. US PRIVACY RIGHTS
This section applies to you if you are a resident of any of the following US States: California, Virginia, Colorado, Connecticut, Texas, Utah, Oregon which have adopted their state privacy acts (together “US Privacy laws”).
Below you will find information what rights you may have and how to exercise those rights and our process of handling those requests.
- Right to access. You may submit up to two times in a 12-month period, free of charge, a verifiable request to disclose what personal information we collected, used, shared, sold or disclosed about you in the preceding twelve (12) months.
- Right to delete. You have the right to request that we delete any of your personal information we collected and retained, subject to certain exceptions. Once we receive and verify your consumer request, we will delete your personal information from our records. However, we may deny your deletion request if retaining the information is necessary for us or our service providers under certain circumstances, which will be explained to you at the time of the denial, if any.
- Right to correct. Depending on your state of residency, you have the right to request to correct the inaccurate personal information that we hold about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
- Right to data portability. You have the right to obtain your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller without hindrance.
- Right to opt-out. Depending on your state of residency, you have the right to opt-out of the processing of the personal data for purposes of (i) targeted advertising or cross-contextual behavioral advertising, (ii) the “sale” and/or sharing of personal data, or (iii) profiling (or solely automated decisions) that produce legal or similarly significant effects concerning you), as defined by the applicable US Privacy laws. However, we note that we do not collect any personal information for any of these purposes.
- Right to be free from discrimination. We may not discriminate against you for exercising any of your rights under US laws, including but not limited to (i) denying you our Services; (ii) charging you different prices or rates for our Services; (iii) providing you a different level or quality of Services; (iv) suggesting that you may receive a different price or rate for Services or a different level or quality of Services.
- Right to limit use and disclosure of sensitive personal information (for California residents). However, we note that we do not collect any sensitive personal information.
We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days. We reserve the right not to respond to your request or provide you with personal data, in case we were unable to verify your identity or authority to make such a request.
If you are a Virginia, Colorado, or Connecticut resident, you have the right to appeal our decision to deny your rights request. We do not sell data of our users.
14. CONTACT US
Please contact us if you have any questions about this policy.
If you have questions about data protection, or if you have any requests for resolving issues with your personal data, you can contact us at dpo@toggle.org or by contacting us via App.