Last Updated: December 1, 2020

1. SCOPE OF THIS PRIVACY POLICY

This privacy policy statement (“Privacy Policy”) describes how Brooog, LTD. and our affiliates (“Brooog,” “we,” “us,” or “our”) obtain, use, store, change, disclose, and delete our users’ (“you,” or “your”) personal data as it relates to Brooog’s Services and Brooog’s marketing practices. This Privacy Policy is a part of and is incorporated into the Brooog, LTD. End User Agreement between Brooog and you. We ask that you read this Privacy Policy carefully as it contains important information on how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us in the event you have a privacy concern or complaint.

For the purposes of this Privacy Policy, the term “personal data” means any information relating to an identified or identifiable natural person. The term “personal data” does not include any information that has been anonymized, such that the natural person to which such information relates is not identifiable.

For the purposes of this Privacy Policy, the term “Services” means all of Brooog’s websites, mobile and other applications, products, services, software, and accompanying documentation, including VPN Services. The term “VPN Services” means all of Brooog’s Virtual Private Network (VPN) Services, including VPN Unlimited, VPN Lite, Business VPN, and Private Browser.

Brooog does not monitor, store, or log your online activity, including your browsing history, connection times, metadata, downloads, server usage, or data content during your session in the VPN Services. For a list of categories of personal data that Brooog collects, see Section 2 (D) of this Privacy Policy.
Brooog also never stores or logs your IP address after the end of your session in the VPN Services – Brooog always removes your IP address after your session ends. See Sections 2 (D) and 7 of this Privacy Policy.

If you have any privacy or personal data concern related to any of Brooog’s products, services, or practices, please contact us at support@brooog.com.

Please review our other relevant policies and agreements:

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

IMPORTANT:YOUR FAILURE TO PROVIDE CERTAIN PERSONAL DATA MAY MAKE OUR SERVICES OPERATE NOT AS INTENDED OR NOT OPERATE AT ALL FOR YOU. YOUR FAILURE TO PROVIDE CERTAIN PERSONAL DATA MAY ALSO MAKE IT IMPOSSIBLE FOR US TO PROVIDE SOME OF OUR SERVICES TO YOU, BECAUSE OUR SERVICES REQUIRE CERTAIN MINIMUM PERSONAL DATA IN ORDER TO OPERATE AS WE INTEND.

In Section 2(A-C) of this Privacy Policy, we provide categories of personal data that Brooog collects and how Brooog collects such personal data when you use the Services.
In Section 2(D) of this Privacy Policy, we provide a description of Brooog’s “no logging” policy that applies when you use the VPN Services.
In Section 2(E) of this Privacy Policy, we provide additional categories of personal data that Brooog collects and how Brooog collects such personal data when you use Brooog Sign.

1. PERSONAL DATA THAT YOU PROVIDE

   Upon your registration for and use of the Services, we collect certain personal data directly from you, in each case only if applicable, including the following:

   1. First and last name (either through the registration field or through your social media login);
   2. Company name;
   3. Email address;
   4. Username and password (in a “hashed” format);
   5. (Certain products only) Public and encrypted private keys;
   6. (Certain products only) User uploaded document content and preview;
   7. (Certain products only) A listing of custom parameters entered by you, such as domain names and/or block list categories, used to block (blacklist) or allow (whitelist) access to specific websites;
   8. Team members and their contact information;
   9. Other profile information that you choose to provide to us; and
   10. Any other information that you choose to provide to us by completing a web form, sending to us an email, online chat, forum postings, and any other similar means.

   “Hashed” format means that the data was passed through a one-way cryptographic hash function and cannot be restored by Brooog.

2. PERSONAL DATA THAT WE COLLECT AUTOMATICALLY

   Upon your use of the Services, we collect certain personal data from you, in each case only if applicable, including the following:

   1. IP address;
   2. Browser type and operating system;
   3. Device name, code, manufacturer, and language;
   4. Time zone, connection type, WiFi network name;
   5. Country;
   6. (Certain products only) Total amount of web traffic for each session and session dates;
   7. Number of your devices using the Services;
   8. Other data collected in accordance with our Cookies Policy; and
   9. Brooog website/app usage, including version used, activation date, and updates installed.
3. PERSONAL DATA THAT WE COLLECT FROM OTHER SOURCES

   We may also collect personal data, such as names and contact information, from third parties, such as marketing, research, sales lead generator companies, social networks, as well as from any publicly-accessible sources. We also collect your payment history regarding our Services (but not your payment information) from third-party payment processors, such as Google, Apple, PayPal, Amazon, Stripe, and Paymentwall.

4. Brooog’S VPN SERVICES – NO LOGGING POLICY

   As explained in this Section 2(D), Brooog does NOT monitor, store, or log your internet activities (including the internet sites that you visit) while using any of our VPN Services, except the total amount of internet traffic for each session and session dates (this data is collected only if you use personal servers or personal IP address). Brooog also stores the number of connected devices for each account – this data is monitored to enforce the maximum device limits. This data can be assessed in the User Office, where you may remove devices from your account.

   Certain personal data collected by us automatically (i.e. IP address, connection type, browser type and operating system) is stored only for the duration of your session in the VPN Services. This means that Brooog never stores or logs these categories of personal data after the end of your session in our VPN Services – we delete such personal data after your session ends. This also means that your personal data, including your email address, first and last name, username, and IP address, is never connected to any of your internet activities during your VPN Services sessions.

5. For compliance with our legal obligations, including:
   1. Carry out or exercise our rights and obligations arising from any orders; and
   2. In the process of litigation and regulatory investigations, when appropriate or necessary.
6. For the purposes of our legitimate interests, or the legitimate interests of our other users and other third parties, including:
   1. To process an order you have made and to provide you with the Services for which you paid or which you receive in a free trial;
   2. Analyzing, personalizing, and improving our Services and marketing practices, unless our actions in this regard require our specific consent;
   3. Discovering issues in our Services;
   4. Detecting and preventing fraud, illegal activity, and any other activity that infringes upon the legal rights of Brooog, our other users, or other third parties;
   5. Carry out or exercise our rights and obligations arising from any orders; and
   6. In the process of litigation and regulatory investigations, when appropriate or necessary.

4. WHEN AND WHY WE SHARE PERSONAL DATA

1. VPN Services personal data:

   Brooog does not share, transfer, sell, rent, or disclose in any way to third parties ANY personal data about the users of the VPN Services for ANY purpose. Moreover, as explained in Section 2(D) of this Privacy Policy, Brooog does not store or log certain categories of personal data (i.e. IP address, connection type, browser type and operating system) after your VPN session ends; therefore it is impossible for Brooog to share such personal data with any third parties. Also as explained in Section 2(D) of this Privacy Policy, Brooog does NOT monitor, store, or log your internet activities (including the internet sites that you visit) while using any of our VPN Services, except the total amount of internet traffic for each session and session dates (this data is collected only if you use personal servers or personal IP address). Therefore, it is impossible for Brooog to share, transfer, sell, rent, or disclose in any way to third parties your internet activities.

2. Services personal data:

   Brooog does not sell or rent your personal data to any third parties without your consent. We will request and obtain your consent prior to selling or renting your personal data to any third parties. We do, however, need to share your personal data to run our everyday business. We share your personal data with our affiliates and third-party service providers for everyday business purposes, including to:

   1. Store, transfer, and manage your personal data;
   2. Process your purchases of the Services;
   3. Manage and service your Brooog account;
   4. Detect and prevent fraud, illegal activity, and any other activity that infringes upon the legal rights of Brooog, our other users, or other third parties; and
   5. Sell and market the Services.

3. We may share your personal data when appropriate or necessary to respond to legal process, including lawful:

   1. subpoenas from government authorities and/or private entities;
   2. court orders; and
   3. interrogatories, depositions, and other discovery processes in the context of litigation and regulatory investigations.
   4. We may share your personal data if we are, or propose to be, acquired by or merge with another entity or entities, or if we sell, or propose to sell, all or substantially all of our assets to another entity or entities, in which case we would share your personal data with such entity or entities.
   5. We make personal data regarding a specific Document available to users of Brooog Sign who are listed as Participants on such Document. We require this in order to permit our users to effectively use Brooog Sign.
4. We may share your personal data if we are, or propose to be, acquired by or merge with another entity or entities, or if we sell, or propose to sell, all or substantially all of our assets to another entity or entities, in which case we would share your personal data with such entity or entities.
5. We make personal data regarding a specific Document available to users of Brooog Sign who are listed as Participants on such Document. We require this in order to permit our users to effectively use Brooog Sign.

5. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You can limit your sharing and our use of your personal data when it is based on your consent. For example, you can control our use of cookies by using the settings of your internet browser. Please be aware that your limit on our use of personal data may cause our websites and applications to appear and function not as intended. You can also limit our use of your personal data for our marketing purposes. Click here to set your marketing preferences.

If the laws of some countries apply to you, you may have the right to do the following:

1. Request access to your personal data;
2. Request correction of your personal data or supplementation of your personal data for completeness;
3. Request erasure of your personal data under certain circumstances, such as when the personal data is processed based on your consent;
4. Request restriction of processing of your personal data under certain circumstances;
5. Request transfer of your personal data to another entity under certain circumstances, such as when the personal data is processed based on your consent and the processing of your personal data is carried out by automated means;
6. Withdraw consent to the processing of your personal data where the processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal; and
7. File a complaint with your local supervisory authority.

RIGHT TO OBJECT

If the laws of some countries apply to you, you may have the “right to object” to our processing of your personal data when such processing is based on our, or a third party’s, legitimate interests. We will stop processing your personal data, unless:

1. We demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms; or
2. Such processing is necessary for the establishment, exercise or defense of legal claims.

If you object, we will stop processing your personal data for direct marketing purposes.

In order to request to exercise any of your rights, we may require you to provide us with detailed information about your request. Your rights are also subject to certain other limitations contained in the applicable law.

6. WHERE AND HOW WE STORE AND TRANSFER PERSONAL DATA

We use appropriate physical, electronic, technical, and organizational measures to secure and protect your personal data to ensure a level of security appropriate to the risk. You should understand, however, that no safeguards are guaranteed to prevent unauthorized disclosure and/or use of personal data. Because of that, we cannot guarantee or warrant that your personal data will never be exposed. We use third-party service providers globally to store and transfer personal data. We work with our third-party service providers to put in place adequate protections to ensure the security of personal data when it is stored and transferred.

7. HOW LONG WE STORE PERSONAL DATA

We do not store certain personal data (i.e. IP address, connection type, browser type and operating system) that we collect automatically. See Section 2 (D) of this Privacy Policy for an explanation of our “no-logging” policy. We store some of your personal data that we collect from you and from other sources as long as you remain a user of the Services. We retain personal data necessary for compliance with our legal obligations and contractual performance for the longer of: (i) the required time period under applicable law; (ii) or seven years.

8. COPPA

The Children’s Online Privacy Protection Act (“COPPA”) is a United States federal law enacted to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. The Services are not directed to children under the age of 13, nor do we knowingly collect information from children under the age of 13. If you are under the age of 13, please do not provide personal information of any kind whatsoever to Brooog. If a child provides us with personal information, a parent or legal guardian of that child may contact us to obtain that information and/or delete it from our records by sending an email to support@brooog.com.

9. CHANGES TO THIS PRIVACY POLICY

We may make changes to this Privacy Policy (and/or other applicable policies and Addenda) as the applicable laws, relevant technologies, and our data processing practices change. We will notify you of changes to this Privacy Policy (and/or other applicable policies and Addenda) by posting the updated policy on our website and in our applications and other Services. The changes to this Privacy Policy (and/or other applicable policies and Addenda) shall become effective upon such posting (as indicated by the date following “Last Updated:” at the top of this Privacy Policy and/or other applicable policies and Addenda), or as otherwise required by applicable law. We encourage you to review this Privacy Policy (and other applicable policies and Addenda) on a periodic basis.