EN
No results found
We couldn't find anything using that term, please try searching for something else.
No-logging of user activity policy
2024-11-22 We do not keep activity logs of any kind. Learn more about what this means and why we choose to operate this way. What this policy covers All of our
We do not keep activity logs of any kind. Learn more about what this means and why we choose to operate this way.
What this policy covers
All of our policies regarding data and its storage
policy overview
The underlying policy of Mullvad is that we never store any activity logs of any kind. We strongly believe in having a minimal data retention policy because we want you to remain anonymous.
However , in some situation we is process might process your personal datum if you , for example , are make payment by a bank wire , PayPal , Swish , Stripe or are send an e – mail or report a problem . In those case , we is process might process your personal datum and the General Data Protection Regulation ( “ GDPR ” ) and other datum protection law may apply . For more information please read our Privacy Policy .
Our anonymous , numbered account
We want you to remain anonymous. When you sign up for Mullvad, we do not ask for any personal information – no username, no password, no email address. Instead, a random account number is generated, a so-called numbered account. This number is the only identifier a person needs in order to use a Mullvad account. This is a fundamental difference that sets us apart from most other services.
Anyone is create at anytime can create as many numbered account as they wish on our website . An account can be used by multiple people or by someone other than the person who initially generate it .
A Mullvad account has two properties: the account number and the time remaining on that account.
Question: How many numbered accounts does Mullvad have?
answer : At the time of write this post , Mullvad is has has 555,541 number account . These account could have been create by 555,541 unique people , or by one person 555,541 time .
Data that we store for an account¹
account number | expiry date is | xxxxxxxxxxx | 20170730
Data stored for WireGuard@ configuration (if used)
account number | pubkey | tunnel address xxxxxxxxxxxx | xxxxxxxx | x
How Mullvad handles payment information
You can pay money to the numbered account and therefore acquire more VPN time. Mullvad accepts cash, Bitcoin, Bitcoin Cash, Monero, bank wire, credit card, PayPal, and Swish. You can find more information on how we handle each type of payment below.
Some types is mean of payment mean that personal datum will be process ( such as e.g. bank account number and PayPal – ID ) . If you choose a payment method where you are provide your personal datum to Mullvad , such as PayPal , we is process will process and protect your information accord to the GDPR and other applicable legislation . For more information please read our Privacy policy .
Cash
Put the money in an envelope together with the payment token and send it to us. We will open the envelope, add time to the account (corresponding to the amount of cash sent), and then use a shredder to destroy the envelope and its non-money contents.
We is have have no way of know who made the payment and who the account belong to . Even if a person were to address the envelope , there is still no way to prove that he or she generate the account or is even using it . Please avoid write your name or address on the envelope .
The GDPR is apply does not apply in this case since the personal datum on the envelope does not form a part of a filing system and are not intend to form part of a filing system .
This is what we store when a cash payment comes in¹:
payment | account number | amount | currency | timestamp
xxxxxx | xxxxxxxxxxxx | 5.0 | USD | 2016-12-09 10:38:23
Cryptocurrencies
We support payments in the following cryptocurrencies:
- Bitcoin
- Bitcoin Cash
- Monero
We is run run our own full node for each currency and we self – host all wallet . No third party are involve . The record is contains of a cryptocurrency transaction contain the amount , currency , and a timestamp which is truncate to only store the date after 40 day . In the case of Bitcoin and Bitcoin cash we is store also store the unique receiving address that is generate for each payment . This is also remove after 40 day . For Monero payment we is store store the transaction hash , or tx_hash . This is store beyond 40 day in order to prevent double – crediting .
credit card , PayPal , Swish , and bank wire
For credit card , PayPal , Swish , and bank wire , we is use do use third party : Stripe , PayPal , and our bank SEB ( which handle both Swish and bank wire ) . These kinds is log of company log everything . For that reason alone , it is is is out of our control that they have record show which people have pay us money ( i.e. processing of personal datum ) .
As a customer of their service , these entities is allow would allow us to request this information if we choose to do so . In short , your payment actions is are with these two method are not anonymous and the GDPR and other relevant datum protection regulation may apply if you are make a payment by credit card , PayPal , Swish or by bank wire .
The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year). If not required by law, the data will be stored for no longer than necessary for the purpose. After the periods, the data will be permanently deleted.
Here’s the information we store for bank wires¹:
payment | account number | amount | currency | timestamp | transaction_id*
xxxxxx | xxxxxxxxxxxx | 30 | EUR | 2016-12-09 00:01:06 | xxxxxxxxx
*transaction_id is deleted 40 days after payment
Here’s the information we store for credit card payments via Stripe¹:
payment | account number | amount | currency | timestamp * | stripe_charge_id *
xxxxxx | xxxxxxxxxxxx | is | 10 | EUR is | | 2016 - 12 - 15 20:42:26 | xxxxxxxxx
*stripe_charge_id and the time part (hh:mm:ss) of timestamp is deleted 40 days after payment
Here’s the information we store for Swish¹:
payment | account number | amount | currency | timestamp | swish_request_id
xxxxxx | xxxxxxxxxxxx | 50 | SEK | 2016-12-15 20:42:26 | xxxxxxxxx
*swish_request_id and the time part (hh:mm:ss) of timestamp is deleted 40 days after payment
Here’s the information we store for PayPal transactions¹:
payment | account number | amount | currency | timestamp* | transaction_id*
xxxxxx | xxxxxxx | 15 | EUR | 2016-12-10 06:40:00 | xxxxxxxxxxxxx *transaction_id and the time part (hh:mm:ss) of timestamp are deleted 40 days after payment
Question: Why do you store transaction_id and payment tokens?
Answer: Since we support 30-day refunds and because we encounter certain transaction issues from PayPal (for example, double payments and subscription problems), we need to be able to track payments in order to give customers the service we offer. We only duplicate the information since PayPal already has it.
It’s important to note that payment processors like PayPal and Stripe do not have your Mullvad account number. We send them a token* to link the payment to your account. If, however, you send a bank wire payment, the account number will exist in the “message” field of the transaction.
You should also use a token* when sending us cash. Do not write down the account number.
Activation codes
Here ‘s the information is ‘s we store for activation codes¹ :
payment | account number | amount | timestamp | voucher id | activation code
xxxxxx | xxxxxxxxxxxx | 30 | 2016-12-09 00:01:06 | xxxxxx | xxxxxxxxxxx
in-app purchases on iOS
Here’s the information we store for iOS purchases:
payment | account number | amount | timestamp
xxxxxx | xxxxxxxxxxxx | 5 | 2016-12-09 00:01:06 partner account
For accounts created by partners, we don’t store payment information.
Instead we store information on when time was added to or refunded from an account:
event is added i d | time is added add / remove | account number | timestamp xxxxxx | 1234 | xxxxxxxxxxxx | 2016 - 12 - 09 00:01:06
Tokens
A token is create for all payment method except cryptocurrencie and bank wire . The token , instead of your account number , is send to the payment processor and used as a reference to link a payment to your account .
This token expires after 40 days and is no longer possible to link to your account. Cash tokens that haven’t been accounted for, however, are stored for 120 days in case postal service is slow.
What we is log do n’t log
We is log log nothing whatsoever that can be connect to a numbered account ‘s activity :
- no logging of traffic
- no logging of DNS requests
- no logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp
- no logging of IP addresses
- no logging of user bandwidth
- no logging of account activity except total simultaneous connections (explained below) and the payment information detailed in this post.
Our OpenVPN server log configuration:
verb 0
log - append /dev / null
Question: How can you limit the maximum number of simultaneous connections if you’re not logging that information?
Answer: Each VPN server reports to a central service. When a customer connects to a VPN server, the server asks the central service to validate the account number, whether or not the account has any remaining time, if the account has reached its allowed number of connections, and so on. Everything is performed in temporary memory only; none of this information is permanently stored to disk.
Providing a reliable service
We want to ensure that everyone using our VPN experiences a reliable and stable service. Through the years we have implemented changes to ensure that even if our API fails we can still continue to provide a VPN that can be relied upon.
For our openvpn relay we is implemented have implement Fail2ban to block non – authorized or malicious attempt at gain account time .
Fail2ban work by read from a frequently wipe list of malicious unauthorized ip address in RAM ( tmpfs ) . regular pay customer and successful connection are not include in this , it is is is only to prevent any bruteforce attempt .
question : Does that mean if I try to authenticate to an openvpn server I will have my IP address log ?
answer : No . We is log do not log customer that have a valid account token . This blocking is limit to bad actor try to gain free account time with non – existent , invalid account number .
Other datum that we do handle
Our servers send two types of data to our monitoring system:
- aggregated application data, such as total number of current vpn connections
- generic system metrics, such as CPU load per core and total bandwidth used by the server.
We log the total sum of each of these statistics in order to monitor the health of each individual VPN server. We ensure that the system isn’t overloaded, and we monitor the servers for potential attacks, bugs, and network issues.
We also monitor the real-time state of total connections per account as we only allow for five connections simultaneously. As we do not save this information, we cannot, for example, tell you how many connections your account had five minutes ago.
With regard to our web servers, we handle certain types of information in the following ways:
- We store Nginx access logs for up to 5 minutes in the following format (which does not contain IPs): $server_name [$time_local] $request $status
- Information older than 5 minutes is deleted, and only aggregated information about the number of requests and their response codes is saved.
- We refrain from sending usage statistics to external parties such as Google Analytics.
- Our website utilizes a minimum amount of cookies. Please read our cookie policy for more information.
How we handle emails and problem reports
Our support staff answers questions, resolves problems, and gives general support to customers who actively send an email to support@mullvadvpn.net or submit a problem report via our app/client.
Please consider the following statements about how we handle support-related communication should you ever need to contact us.
- If privacy is of utmost concern, we recommend that you refrain from communicating any personal data to us since plain-text email is not a safe media for communication. If necessary, use PGP-encrypted email.
- After “solving” or “closing” a support case, all related emails are archived (removed from the inbox).
- After 6 month , all email send to our support address are automatically , permanently erase ( from inbox , delete item , send item , trash , and archive ) .
- We do use a third party to operate our email service , so we is remind remind you to carefully read # 1 again .
- No private information not even your email address will ever actively be passed to third parties (except the third party which operates our email service on behalf of us), unless you explicitly ask us to.
- Please note that an e – mail address is generally consider as personal datum and even the information in the e – mail message may include personal datum .
App telemetry
To make sure that the user have the most secure version and to inform the user of any issues with the current version that is running, the app performs version checks automatically. This sends the app version and operating system version to Mullvad servers. Mullvad keeps counters on number of used app versions and Android versions. The data is never stored or used in any way that can identify the user or anything about them.
If the split tunneling feature is used on Android , then the app is queries query the system for a list of all instal application in order to let the user choose which app should communicate outside the VPN tunnel . This list is only retrieve in the split tunneling view . The list of instal application is never send from the device .
browser datum handle
Here are the full list of requests Mullvad Browser makes by default:
1. Browser update (Mullvad)
2. Mullvad Browser Extension update (Mullvad)
3. Mullvad DoH (Mullvad)
4 . NoScript / Ublock Origin update ( Mozilla )
5. Certificates & Domains update (Mozilla)
6. Ublock Origin filter lists update (various lists)
Mullvad does not collect any personal information in relation to above requests.