Brooog Privacy Policy

1. BROOOG'S STRICT NO-LOGS GUARANTEE (VPN SERVICES)

Your privacy is our mission. We are committed to a strict No-Logging Policy for our Virtual Private Network (VPN) Services. This means we do not monitor, record, or store any data related to your online activity that could identify you.

We absolutely DO NOT monitor, store, or log:

• Browsing history, websites visited, or content accessed during your session.
• Traffic destinations, data content, or DNS queries.
• VPN connection timestamps, duration, or session metadata.
• Your original IP address after your VPN session ends.
• Server usage or bandwidth consumption that can be linked to a specific user.

The Minimal Data We Collect (and Why):

To ensure service quality and prevent abuse, we collect the following minimal, non-identifying data:

• **Number of Connected Devices:** Used solely to enforce the maximum device limit specified in your subscription.
• **Total Amount of Web Traffic & Session Dates:** Collected only if you use a personal server or personal IP address, for capacity planning purposes. This data does not include any detail on what the traffic was.

This policy ensures that your personal data, including your email address and username, is **never** connected to any of your internet activities during your VPN Services sessions.

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

IMPORTANT: YOUR FAILURE TO PROVIDE CERTAIN PERSONAL DATA MAY MAKE OUR SERVICES OPERATE NOT AS INTENDED OR NOT OPERATE AT ALL FOR YOU.

2.A. PERSONAL DATA THAT YOU PROVIDE (Registration & Use)

Upon your registration for and use of the Services, we collect certain personal data directly from you, including the following:

• First and last name (or through your social media login).
• Email address.
• Username and password (stored in a **“hashed”** format, which means the data was passed through a one-way cryptographic hash function and cannot be restored by Brooog).
• Company name (if applicable).
• Other profile information that you choose to provide (e.g., web form submissions, email, online chat).
• (Certain products only) Public and encrypted private keys, domain names, or block list categories.

2.B. PERSONAL DATA THAT WE COLLECT AUTOMATICALLY

Upon your use of the Services, we collect certain personal data automatically, including the following:

• IP address (stored only for the duration of a VPN session, then deleted).
• Browser type and operating system.
• Device name, code, manufacturer, and language.
• Time zone, connection type, WiFi network name, and country.
• Brooog website/app usage, including version used, activation date, and updates installed.
• Other data collected in accordance with our Cookies Policy.

2.C. PERSONAL DATA THAT WE COLLECT FROM OTHER SOURCES

We may also collect personal data, such as names and contact information, from third parties, such as marketing, research, sales lead generator companies, social networks, and publicly-accessible sources.

We collect your payment history regarding our Services (but **not** your full payment card information) from third-party payment processors (e.g., Google, Apple, PayPal, Amazon, Stripe, and Paymentwall).

3. HOW WE USE PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING

We use the personal data we collect for the following purposes and rely on the corresponding legal bases:

4. WHEN AND WHY WE SHARE PERSONAL DATA

4.A. VPN Services Personal Data (The No-Sharing Guarantee)

As detailed in Section 1, Brooog does not monitor, store, or log your internet activities while using our VPN Services. Consequently, **Brooog does not share, transfer, sell, rent, or disclose in any way to third parties ANY personal data about the users of the VPN Services for ANY purpose.**

4.B. General Services Personal Data

Brooog does not sell or rent your personal data to any third parties without your consent. We share your personal data with our affiliates and third-party service providers for everyday business purposes, including to:

• Store, transfer, and manage your personal data (e.g., cloud hosting and infrastructure providers).
• Process your purchases of the Services (e.g., payment processors: Google, Apple, PayPal, Amazon, Stripe, Paymentwall).
• Manage and service your Brooog account (e.g., customer support and email platforms).
• Sell and market the Services (e.g., marketing automation tools).

4.C. Legal Disclosures and Business Transfers

We may share your personal data when appropriate or necessary to respond to lawful legal processes, including:

• Lawful subpoenas from government authorities and/or private entities;
• Court orders; and
• In the context of litigation and regulatory investigations.

We may also share your personal data in the event we are acquired by, merge with, or sell all or substantially all of our assets to another entity.

4.D. CALIFORNIA CONSUMER PRIVACY ACT (CCPA/CPRA)

Brooog does not sell or "share" (as defined under California law) your personal information for monetary or other valuable consideration. We treat all personal data under the strict non-disclosure terms outlined in this Privacy Policy. If we were to ever change this practice, you would be notified and provided with a clear and prominent link titled "Do Not Sell or Share My Personal Information."

5. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Depending on your location and applicable law (such as GDPR), you may have the following rights regarding your personal data:

How to Exercise Your Rights

To request to exercise any of the rights listed above, we may require you to provide us with detailed information about your request for identity verification purposes.

Please send a detailed request to our Privacy Team at: [email protected]

6. WHERE AND HOW WE STORE PERSONAL DATA (SECURITY)

We use appropriate physical, electronic, technical, and organizational measures to secure and protect your personal data to ensure a level of security appropriate to the risk.

We employ security measures such as **data encryption in transit (SSL/TLS)** and **encryption at rest** where appropriate to safeguard your personal data. We work with our third-party service providers globally to put in place adequate protections to ensure the security of personal data when it is stored and transferred.

You should understand, however, that no safeguards are guaranteed to prevent unauthorized disclosure and/or use of personal data. Because of that, we cannot guarantee or warrant that your personal data will never be exposed.

7. HOW LONG WE STORE PERSONAL DATA

We do not store certain personal data (i.e., IP address, connection type, browser type, and operating system) that we collect automatically for our VPN Services after the session ends (see Section 1).

We store some of your personal data that we collect from you and from other sources as long as you remain a user of the Services. We retain personal data necessary for compliance with our legal obligations and contractual performance for the longer of: (i) the required time period under applicable law; or (ii) seven years.

8. COPPA (CHILDREN'S PRIVACY)

The Services are not directed to children under the age of 13, nor do we knowingly collect information from children under the age of 13. If you are under the age of 13, please do not provide personal information of any kind whatsoever to Brooog.

If a child provides us with personal information, a parent or legal guardian of that child may contact us to obtain that information and/or delete it from our records by sending an email to [email protected].

9. CHANGES TO THIS PRIVACY POLICY

We may make changes to this Privacy Policy as the applicable laws, relevant technologies, and our data processing practices change. We will notify you of changes to this Privacy Policy by posting the updated policy on our website and in our applications and other Services.

The changes shall become effective upon such posting (as indicated by the "Last Updated:" date at the top of this Privacy Policy), or as otherwise required by applicable law. We encourage you to review this policy regularly.