Skip to content

Privacy Policy

Read how ClickVPN handles account data, VPN operational data, payment metadata, cookies, user rights, and account deletion.

1. Who We Are

This Privacy Policy explains how Click Technologies LLC (“Company,” “we,” “us,” or “our”) collects, uses, stores, discloses, and otherwise processes personal data in connection with Click VPN, our website, account portal, mobile and desktop applications, subscriptions, customer support, and related services (collectively, the “Services”).

Our registered address is 1 Amiryan Street, Kentron, Yerevan 0010, Republic of Armenia.

For the purposes of applicable data protection laws, including the Law of the Republic of Armenia “On Protection of Personal Data,” Click Technologies LLC is the entity that organizes and carries out the processing of personal data described in this Privacy Policy. Where Armenian law uses the term “processor of personal data,” that term refers to Click Technologies LLC in relation to the Services.

Some third parties mentioned in this Privacy Policy, such as app stores and payment providers, may process personal data as independent controllers or equivalent independent recipients under their own privacy notices.

2. Scope and Consumer-Only Service

This Privacy Policy applies when you:

  1. visit our website or account portal;
  2. create or use an account;
  3. purchase or use the Services;
  4. contact customer support;
  5. use referral or promotional mechanics; or
  6. otherwise interact with us in connection with the Services.

The Services are currently offered only to individual end users. We do not currently offer reseller accounts, enterprise accounts, team accounts, managed organization accounts, or B2B administrator dashboards.

We currently operate referral and promotional mechanics. We do not currently offer newsletters, beta-program access, dedicated IP products, or reseller, team, or enterprise administrator features. Some billing or subscription capabilities may exist in our technical platform but may not be enabled or offered to end users at a given time.

3. How We Handle VPN Data

3.1 VPN Activity Data We Do Not Collect or Store

For purposes of this Privacy Policy, “VPN Activity Data” means the content of your communications, browsing history, DNS query logs, and detailed records of the specific websites, applications, services, files, or destinations you access through the VPN.

We do not collect or store VPN Activity Data. We do not use VPN Activity Data for advertising, profiling, data brokerage, or marketing.

Our backend is not designed to store browsing-history logs, traffic-content logs, DNS-query logs, or per-destination activity logs.

3.2 Limited Operational VPN and Service Data

To provide, secure, bill, troubleshoot, and support the Services, we process limited operational data linked to your account or subscription. This may include:

  1. account, subscription, entitlement, tariff, billing-source, and service-access status;
  2. technical service access records and remote VPN access identifiers;
  3. device-limit data such as hardware identifiers, client type, device model, installation ID, and session-device registry records;
  4. traffic allowance and traffic usage counters, without recording traffic contents or destinations;
  5. service timestamps such as subscription start/end dates, last-seen timestamps, provisioning timestamps, traffic-observation timestamps, and related lifecycle events;
  6. selected plan, server-squad, or service-location records needed to provide the subscription you selected;
  7. request network data, user-agent data, and device headers in authentication, captcha, rate limiting, payment, security, anti-abuse, operator-security, or troubleshooting contexts;
  8. diagnostic or debug data where enabled, generated, or provided for support.

The Apple app may also resolve and cache locally on the device your visible network IP/country and VPN exit IP/country to display connection status and support routing behavior. This lookup may involve external network lookup providers. This app-side network display data is not used by us to reconstruct your browsing history or traffic contents.

We use limited operational VPN and service data only to provide VPN access, manage subscriptions, enforce device limits, prevent abuse, troubleshoot issues, process billing, maintain backups, and secure the Services.

We do not sell, use, or disclose VPN Activity Data to third parties for any purpose. Non-VPN account, billing, support, security, hosting, and infrastructure data may be processed by service providers solely on our behalf and under our instructions to provide the Services.

4. Personal Data We Process

4.1 Account and Profile Data

We may process your account ID, identity-provider user ID, email address, pending email address, username, first name, last name, role, account status, language preference, referral-related fields, account limitations, balance, total spend, first-payment indicators, paid-history indicators, login timestamps, activity timestamps, soft-delete timestamp, and similar account-management data.

4.2 Identity, Authentication, and Session Data

We may process authentication and identity-related data necessary to operate the Services, including session identifiers, consent or authorization request identifiers, authentication methods, identity-provider data, linked sign-in providers and subjects, verification and recovery addresses, user-agent data, request network data in specific security or anti-abuse flows, and session timestamps.

Some of this data may be temporarily processed through identity, authorization, session-cache, or fraud-prevention systems rather than stored as long-term account records.

4.3 Subscription, Entitlement, and Service Access Data

We may process subscription and entitlement data such as tariff or product identifiers, subscription start and end dates, revocation status, superseded status, auto-renew status, billing source, renewal owner, source environment, device limits, traffic quotas and usage counters, trial status, entitlement version, subscription lifecycle events, and subscription-related audit records.

4.4 Server, Device, and Service Access Data

To provide and manage service access, we may process data linking subscriptions to selected plans, service locations, server squads, or remote VPN access records, as well as device or hardware identifiers, client type, device model, installation identifiers, push-device data, service-access status, provider-specific remote identifiers, service-access errors, service observations, and related timestamps.

4.5 Payment, Billing, and Transaction Data

We may process transaction type, amount, description, payment method or billing source, external transaction identifiers, product identifiers, original transaction identifiers, purchase tokens, linked purchase tokens, payment status, receipt data, invoice data, provider references, rejection reasons, and billing-event payloads.

We may also process limited transaction metadata such as request network data, user-agent data, original amount and currency, exchange rate, receipt identifiers, promo code data, commission data, notes, and provider-specific metadata where relevant to billing, fraud prevention, accounting, or support.

Available payment methods may vary depending on the platform, device, country, app-store rules, payment-provider rules, and the channel through which you purchase the Services. Purchases made through apps distributed by Apple App Store or Google Play may be processed through the relevant app-store billing system where required by applicable platform rules. Cryptomus, Wata, and other non-app-store payment providers are used only where permitted by applicable law, payment-provider rules, and platform rules.

4.6 Referral and Promotional Data

Where applicable, we may process referral codes, referred-by data, referral claim timestamps, promo-code usage, referral earnings, referral contest events, and related reward or commission information.

4.7 Support and Communications Data

If you contact us, we may process your name, email address, support ticket contents, chat messages, attachments, support-session identifiers, language preference, and any other information you choose to provide.

4.8 Device, App, Push, Monitoring, and Diagnostics Data

We may process app version, operating system, device model, platform, hardware or device identifiers, push-token data, last-seen timestamps, push delivery status, command identifiers, diagnostics, error logs, monitoring logs, and related metadata required to operate, secure, diagnose, and support the Services.

4.9 Website and Cookie Data

If you use our website or account portal, we may process cookie identifiers, local storage records, pages viewed, referral URLs, browser type, device information, approximate location derived from network data, security logs, fraud-prevention data, consent preferences, and website analytics data where analytics consent has been granted.

4.10 Backup and Recovery Data

We may process backup metadata such as who requested a backup, backup labels, manifest summaries, result details, archive metadata, status messages, and object-storage references. Backup archives may include application databases and related service databases used to operate the Services.

4.11 Data Received from Third Parties

We may receive limited data from app stores, payment providers, push-notification providers, captcha or anti-abuse tools, identity and authorization services, support-session services, network lookup providers, analytics providers where consent applies, and our VPN access provisioning and subscription management platform, including transaction status, subscription status, technical identifiers, usage observations, and service-operation metadata relevant to account security, support, billing, provisioning, and reconciliation.

4.12 Special-Category and Biometric Data

We do not intentionally request or require special-category personal data or biometric personal data for the ordinary operation of the Services, unless such processing is separately disclosed and permitted by law.

5. Legal Grounds for Processing Under Armenian Law

We process personal data under Armenian law where:

  1. you have given consent to the processing;
  2. your consent is deemed to have been given because the data were provided by you in a document, request, form, or other communication addressed to us;
  3. the data were obtained under a contract concluded with you and are used for the operations provided by that contract;
  4. the data were obtained from publicly available sources; or
  5. the processing is directly provided for or required by law.

Where consent is the basis of processing, we keep the data for the period objectively necessary for the relevant purpose or for the period stated in the consent.

6. Why We Process Personal Data

We process personal data to:

  1. create, maintain, and secure your account;
  2. provide, operate, provision, and support the VPN service and related applications;
  3. authenticate users and manage identity, sign-in, verification, recovery, and authorization flows;
  4. process subscriptions, payments, renewals, refunds, chargebacks, and billing reconciliation;
  5. apply device limits, entitlement rules, traffic quotas, and subscription service access;
  6. provide customer support and respond to technical issues, disputes, and complaints;
  7. prevent abuse, unauthorized access, fraud, automated misuse, and security incidents;
  8. send service, billing, administrative, and security-related notices;
  9. operate referral and promotional mechanics;
  10. maintain backups, operational resilience, auditability, and troubleshooting;
  11. measure website usage and performance through analytics tools used on the website or account portal where consent applies;
  12. comply with legal obligations and protect our rights.

7. Cookies, Local Storage, and Analytics

We use strictly necessary cookies and browser storage on our website and account portal for security, fraud prevention, account and session management, language routing, core website behavior, and storing your cookie/privacy choices. These technologies are required for the website and account portal to work safely.

On marketing pages only, we may use Google Analytics after you explicitly opt in. Before analytics consent is granted, our current web implementation does not load the Google Analytics script and does not create Google Analytics cookies.

If analytics is enabled, Google Analytics may process limited website interaction data such as page URL, page path, page title, page views, sign-up click events, pricing-interest click events, browser/device information, and analytics cookie identifiers such as _ga and _ga_*.

Our current Google Analytics setup uses consent controls so that analytics storage is granted only after opt-in. Advertising storage, ad user data, and ad personalization are kept disabled in this setup. We do not currently use marketing cookies, remarketing, or advertising personalization cookies.

You can withdraw analytics consent at any time through Cookie settings on marketing pages. When consent is withdrawn, we disable future analytics events and attempt to remove Google Analytics cookies for the current domain on a best-effort basis. You can also manage cookies through your browser settings.

8. Sharing of Personal Data

We may provide limited personal data to:

  1. app stores and payment providers, including Apple App Store, Google Play, Cryptomus, Wata, and other payment providers we use, depending on the platform, purchase channel, applicable law, payment-provider rules, and platform rules;
  2. hosting, cloud, infrastructure, database, API, backup, object-storage, and content-delivery providers;
  3. identity, authentication, authorization, session, captcha, rate-limiting, and account-security providers;
  4. our VPN access provisioning and subscription management platform;
  5. push-notification providers and customer-support session providers;
  6. server-side monitoring and error-diagnostics providers, where configured;
  7. website analytics providers, such as Google Analytics, only after analytics consent where required;
  8. network lookup providers used by the app to display network status, country, or VPN exit information;
  9. professional advisers, auditors, insurers, and consultants;
  10. public authorities, courts, regulators, or law enforcement where required by law or necessary to protect rights, property, safety, or legal claims;
  11. parties involved in a merger, acquisition, restructuring, financing, or sale of assets.

Any third party with whom we share user data must provide the same or equal protection of user data as described in this Privacy Policy and required by applicable law.

Where another person or company processes personal data on our behalf, we require that person or company by written agreement to process the data only within the permitted scope, apply appropriate security measures, and maintain confidentiality.

Some third parties, such as app stores, payment providers, analytics providers, or network lookup providers, may process your data under their own privacy notices when you interact with them directly or when their services are used.

Because we do not offer reseller, enterprise, or team-account products, we do not share user data with reseller administrators, enterprise account owners, or team administrators.

We do not sell personal data. We do not disclose VPN Activity Data for advertising, profiling, or data brokerage.

9. International Transfers

We and our service providers may process personal data in Armenia, France, and in other countries as necessary for operating the Services.

Where personal data are transferred outside Armenia, we do so:

  1. with your consent;
  2. where the transfer follows from the purposes of the processing and/or is necessary to implement those purposes; or
  3. otherwise as permitted or required by Armenian law.

Where the destination country ensures an adequate level of protection under the officially published list of the Armenian authorized body or under applicable international agreements, personal data may be transferred without separate permission.

Where the destination country does not ensure an adequate level of protection and Armenian law requires permission for the transfer, we will obtain the necessary permission from the authorized body before the transfer based on a contract containing adequate safeguards.

10. Data Retention and Deletion

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy or as required or permitted by law.

Our current implementation indicates the following retention approach:

Account and profile records are retained while the account is active. When account deletion is completed through the app or account portal, active local account records and associated user-owned records are deleted, subject to the exceptions below.

Subscription, entitlement, device-limit, service-access, transaction, payment, referral, promo, support, audit, provider-reference, and operational records are retained while needed to provide the Services, process payments, maintain access, support users, prevent abuse, resolve disputes, comply with accounting or legal obligations, or protect our rights. Where account deletion applies, user-owned active records are deleted unless retention is required or permitted for these purposes.

Authentication and session-cache records are short-lived where the implementation uses cache storage. Current defaults include approximately 5 minutes for session validation cache, approximately 10 seconds for logout blacklist entries, approximately 900 seconds for pending second-factor state, and approximately 600 seconds for support-session JWTs.

Rate-limiting records are retained only for the configured rate-limit window. Current default API throttling is based on a short window configured by environment, with a default of approximately 60 seconds.

App debug logs are local diagnostic logs used for troubleshooting when debug logging is enabled. Current Apple app code keeps recent debug log entries on-device with pruning by age and size; these logs are not automatically sent to us unless you provide them for support.

Server-side monitoring and diagnostics logs are retained for operational, security, and troubleshooting purposes according to the configuration of the relevant monitoring system.

Backup archives are retained according to the backup retention configuration. Current API deployment documentation and default code configuration use approximately 3 days for backup archive retention. Backup metadata and history rows may remain longer for audit and operational continuity.

Cookie-consent choices are stored in browser storage until you change the choice, clear browser storage, or the consent version changes. Google Analytics cookies, if enabled, are retained according to Google Analytics/browser behavior and our analytics configuration, and are removed on a best-effort basis when consent is withdrawn.

We may retain limited data for longer where necessary for security, fraud prevention, payment disputes, tax, accounting, legal compliance, backup integrity, dispute resolution, enforcement of agreements, or legal claims.

Where the purpose of processing has been achieved, we will stop the processing without delay unless retention is required by law or necessary to establish, exercise, or defend legal claims.

Where consent is withdrawn in the manner required by Armenian law, we will stop the processing and destroy the relevant data within the period required by law, unless another lawful basis for retention applies.

11. Security and Incident Response

We use technical and organizational measures designed to protect personal data, including encryption, access controls, least-privilege access, secure infrastructure practices, vendor review, session controls, logging and monitoring, and incident-response procedures.

No system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us without delay if you believe your account has been compromised.

In the event of an outflow of personal data from electronic systems, we will act in accordance with Armenian law, including making any required public announcement and notifying the competent authorities.

12. Your Rights Under Armenian Law

Subject to Armenian law, you have the right to:

  1. obtain information about whether we process your personal data;
  2. access your personal data and information on the purposes, legal grounds, methods, recipients, source, and time limits of processing;
  3. request completion, updating, rectification, blocking, or destruction of your personal data where they are incomplete, inaccurate, outdated, unlawfully obtained, or unnecessary for the purposes of processing;
  4. withdraw consent in the manner provided by law;
  5. appeal our actions or inaction to the authorized state body for personal data protection or through judicial procedure;
  6. seek compensation for damage as provided by law.

On the basis of a written request, we will provide information on the availability of your personal data or provide an opportunity to access it within 5 working days after receiving the request.

If your personal data are incomplete, inaccurate, outdated, unlawfully obtained, or unnecessary for the processing purpose, we will immediately, or where immediate action is not possible, within 3 working days, take the necessary steps to complete, update, rectify, block, or destroy them.

If we reject a request to provide, rectify, block, or destroy personal data, we will issue a written and reasoned decision within 5 days after receiving the request.

If you withdraw consent by a signed written request or an electronically signed request, we will stop the processing and destroy the relevant personal data within 10 working days after receipt of the withdrawal, unless a different period applies by law or mutual agreement. We will notify you of the destruction within 3 working days after destruction.

To exercise your rights, contact us at privacy@clickvpn.click or at 1 Amiryan Street, Kentron, Yerevan 0010, Republic of Armenia.

13. Account Deletion

You can initiate account deletion through the app or account portal.

In-app path for iOS, iPadOS, and Mac Catalyst: Account → Profile → Delete Account.

In-app path for tvOS: Settings → Account → Delete Account.

Web path: Account portal → Settings → Delete account.

Account deletion page: https://clickvpn.click/delete-account

The current app and web flows send an authenticated account-deletion request to our API. When the request succeeds, the API deletes active local account records and associated user-owned records, signs you out, and removes local authenticated state in the app or web client.

Account deletion may not immediately remove all copies from backups, external providers, accounting systems, fraud-prevention systems, payment dispute records, security records, or legally required retention systems. Backup archives are removed according to the backup retention cycle, currently approximately 3 days by default for backup archives. Where retention is required or permitted, we retain only the minimum data reasonably necessary for the relevant purpose.

If you cannot access your account, you may contact us at privacy@clickvpn.click to request deletion after verification.

14. Consequences of Not Providing Data

If you do not provide account or authentication data, you may not be able to create an account, sign in, recover access, or use account-based Services.

If payment, billing, or app-store data cannot be processed, we may not be able to activate, renew, refund, reconcile, or support a paid subscription.

If device identifiers or technical service-access records are not available, we may not be able to provide VPN access, enforce device limits, issue service configuration, or troubleshoot access issues.

If you do not accept the in-app VPN data notice where required, the app may prevent VPN connection, VPN configuration, trial activation, purchase, or other VPN-related actions until the notice is accepted.

If you decline optional analytics cookies on marketing pages, the website and Services will still work, but we will not receive optional Google Analytics events for those pages.

15. App Store and Google Play Notices

If you use our iOS, iPadOS, Mac Catalyst, tvOS, or Android app, you may also see app-store disclosures and in-app disclosures that describe VPN-related data use, permissions, subscriptions, and account deletion. These disclosures supplement this Privacy Policy.

Our apps provide an in-app VPN data notice before VPN use. The notice explains that we do not collect or store browsing history, DNS query logs, traffic content, or communications, and that we process only limited operational data needed to provide VPN access, manage subscriptions, enforce device limits, account for traffic usage, diagnose issues, and protect the service. The user must affirmatively accept this notice before using VPN-related functionality.

On Apple platforms, acceptance is stored locally for the current disclosure version. On Android, the VpnService disclosure and consent flow is provided in-app before VPN functionality is used, in addition to the system VPN permission flow required by Android.

Where applicable, our app-store disclosures, Google Play Data Safety declarations, Apple App Privacy details, and in-app VPN disclosures are intended to align with this Privacy Policy.

16. Automated Decisions

We do not make decisions producing legal consequences for you solely on the basis of automated processing of personal data, unless such processing is permitted by law or based on your consent.

17. Age Restriction and Children’s Data

The Services are not intended for children under 13.

If you are under 16, you may use the Services only with the consent of your legal representative, where such consent is required for the processing of your personal data under applicable law.

If you are between 16 and 18, you may use the Services only with the consent and supervision of your parent or legal guardian where required by applicable law.

We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, or from a minor where required consent has not been provided, we will take appropriate steps to delete or otherwise handle such data in accordance with applicable law.

A parent, legal guardian, or legal representative who believes that a minor has provided personal data to us without the required consent may contact us at privacy@clickvpn.click.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will publish the updated version and update the “Last updated” date above. Where required by law, we will also provide additional notice.

19. Contact Us

Click Technologies LLC

1 Amiryan Street, Kentron, Yerevan 0010, Republic of Armenia

Privacy contact: privacy@clickvpn.click

Support: support@clickvpn.click

Website: https://clickvpn.click

Privacy Policy page: https://clickvpn.click/legal/privacy

Account deletion page: https://clickvpn.click/delete-account

Last updated:

Questions about privacy?

Contact us if you have questions about this Privacy Policy or your data rights.

Contact Support