Application Privacy Policy
Last Modified: 8 September, 2025
1. INTRODUCTION
This privacy policy describes how we will collect, use, share and otherwise process your personal data in connection with your use of:
- Toggle VPN mobile application software (App).
- Any of our services that are accessible through the App (Services).
We guarantee that your internet activity while using Toggle VPN services is not monitored, recorded, logged, stored, or passed to any third party. We do not store used bandwidth, traffic logs, IP addresses, or browsing data. From the moment you connect to one of our VPN servers, your internet data becomes encrypted.
Our App is generally intended for use only by adults (i.e. individuals who are over 18 years of age or of the age of majority in your country). Children are not allowed to use our Services. We do not knowingly collect personal information from children. If you believe that we might unintentionally collect personal data from or about children, please contact us and we will take reasonable measures to promptly delete such personal data from our records.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.{' '}
2. IMPORTANT INFORMATION AND WHO WE ARE
Contact details
Our full details are:
- Full name of legal entity: Toggle Inc.
- Email address: dpo@toggle.org
- Postal address: 25399, The Old Rd, APT 3210, Stevenson Ranch - 91381-1618 United States (US)
- Telephone number: +1 (760) 512-1393
You have the right to make a complaint at any time with a data protection supervisory body.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review.
If we introduce changes to this privacy policy, those changes will be posted on this page and notified to you by push notification or by email or when you next start the App or log onto your account. You may be required to read and acknowledge the changes to continue your use of the App or the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.{' '}
3. WHAT DATA WE MAY COLLECT
We collect only the data that is necessary for the purposes described in this Privacy Policy. We do not gather any more information than we need to provide you with the App and Services. The personal data we collect will depend on the circumstances and your use of the App or the Services.
We collect data in three ways:
- data you provide to us;
- data we collect automatically;
- data we collect from our partners.
A. Data you provide to us
If you contact us via e-mail or another direct communication channel, we may collect the following categories of data:
- Contact information you choose to provide us (such as name and email address)
- Data you choose to provide us when you request our support, such as non-identifying data about your device, operating system, network and connection, selected VPN configuration, subscription, screenshots or videos of the error and other technical data.
If you subscribe to our App directly with the Company:
- Data you choose to provide us as your contact information for the purposes of auto-renewal notifications.
B. Data we collect automatically
When you use our App or Services, we may automatically collect the following categories of data:
- account ID;
- IP address.
Note that we do not use such data to learn a person’s true identity or contact details, but only to provide you with our App and Services.{' '}
C. Data we collect from our partners
Third-party platforms. In case of subscription purchases processed by Apple App Store or Google Play, we do not access, collect or store your financial data, such as your credit card number or bank account. You are requested to provide payment details directly to the relevant platform. We may, however, receive limited non-financial data relating to the purchase, for example platforms may notify us if a purchase was successful and provide transaction details such as transaction ID, purchase token, currency, purchase date and time) (“Purchase Data”). Any post-purchase processes are controlled by the platforms. We encourage you to review privacy policies and terms of service of the platforms for further information before subscribing to the App.
Third-party payment processor. If you subscribe to our App directly with the Company, we will use Stripe for processing your payments. We will receive the following categories of data from Stripe (“Transaction Data”):
- Stripe customer ID;
- transaction data, such as partial bank card details;
- non-identifying data you submitted to Stripe, such as your country-level billing address.
4. WHY WE COLLECT AND USE YOUR PERSONAL DATA{' '}
We will only collect and use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:
- Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
- Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
- Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.
| Purpose or activity | Type of personal data | Lawful basis for processing |
| To permit you to install the App and register you as a new App user, recognise you when you return to our Services, manage payments and send you service communications |
User ID IP address Purchase Data or Transaction Data |
Performance of a contract |
| To send your subscription auto-renewal notifications where required under applicable laws, if you subscribe to App directly with the Company |
User ID Contact data (if available) Transaction Data |
Legal obligation |
| To respond to your communication to us, including support requests |
Contact data User ID Device, operation system and network data Subscription data |
Performance of a contract |
| Applying security measures to our processing of your personal data, including processing in connection with the App | All personal data under this privacy policy | Legal obligation (applying appropriate technical and organisational measures) |
| To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities’ requests | All personal data under this privacy policy | Legal obligation |
| To notify you of changes to the App, Services, our terms and conditions for ongoing contracts, our privacy policy for ongoing contracts | User ID | Performance of a contract |
| To respond to your requests to exercise your rights under this privacy policy | As relevant to your request | Legal obligation |
5. AUTOMATED DECISION MAKING AND PROFILING
We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).
6. CRIMINAL OFFENCE DATA AND SPECIAL CATEGORY DATA
We do not intentionally collect criminal offence data about you. However, we may process data relating to criminal offences in monitoring the use of our App for security purposes, where we suspect you may have committed a crime, such as attempting to make a fraudulent purchase or claim or circumvent the security of the App or Services. In such circumstances we will provide that information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those circumstances, according to the type of activity and purpose, we will rely on legitimate interests (protecting our business, employees and other users) and legal obligation (where required by legal, judicial or law enforcement to disclose or process that information).
7. SPECIAL CATEGORIES OF PERSONAL DATA
We do not knowingly collect special categories of personal data such as data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
8. DISCLOSURES OF YOUR PERSONAL DATA
We may disclose your information to certain categories of recipients (for example, cloud storage or third-party payment processor) in order to provide you with our Services and comply with our legal obligations. We share some data with these third parties only when legally permitted or under data processing agreements.
We share your personal data with these third parties only where we have a legal basis as set out above or where such third parties process data on our behalf based on a data processing agreement, which may restrict further subcontracting by such third parties.
We may share your personal data with the following third parties:
- Amazon Web Services, Inc., USA (AWS), our data storage provider. You can find their privacy policy at: https://aws.amazon.com/ru/privacy/
- Stripe, Inc., USA (Stripe), our third-party payment processing provider. If you subscribe to our App directly with the Company, we will use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.
- regulators, law enforcement, and public authorities where necessary to exercise our rights or comply with a legal obligation.
9. INTERNATIONAL TRANSFERS
Our Services are global by nature and your data can therefore be transferred and processed in other countries other than the country in which you are resident. Because different countries may have different data protection laws than your own country, we take steps to ensure adequate safeguards are in place to protect your data as explained in this Policy. Adequate safeguards that our partners may use include transfer of data to the jurisdictions, which are considered by the European Commission to be offering an adequate level of protection for personal data of EU residents or standard contractual clauses approved by EU Commission or other methods approved by the relevant regulators in other countries.
Please contact us using the contact details above if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
10. DATA SECURITY
Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access. We are continuously developing and implementing administrative, technical and physical security measures to protect the confidentiality, security and integrity of the collected data and to prevent from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the data under our control. This includes, but is not limited to, data encryption and limitation of access to personal information based on a “need-to-know” principle.
We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
All information you provide to us is stored on secure servers provided by AWS (SOC 2 Type II complaint, ISO 2700 complaint), located in jurisdictions, which are considered by the European Commission to be offering an adequate level of protection for personal data of EU residents or standard contractual clauses approved by EU Commission or other methods approved by the relevant regulators in other countries.
Access to our systems is strictly controlled through firewalls, whitelisting of IP addresses, and the application of the principle of least privilege. All access requires strong, complex passwords and mandatory multi-factor authentication.
Any payment transactions carried out by our third-party provider of payment processing services Stripe will be encrypted using encrypted using mutual transport layer security (mTLS) technology and processed as described at https://docs.stripe.com/security.
11. DATA RETENTION
We keep your information only so long as we need it to provide our App and Services to you and fulfill the purposes described in this Privacy Policy.
Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Personal information printed on paper will be destroyed by shredding.
12. YOUR LEGAL RIGHTS
You have the following rights under data protection laws in relation to your personal data.
- Access. Request access to and/or a copy of the personal data we process about you (commonly known as a data subject access request). This enables you to check that we are lawfully processing it.
- Correction. Request correction of any incomplete or inaccurate data we hold about you. (We may need to verify the accuracy of the new data you provide to us.)
- Deletion. Request us to delete or remove personal data where there is no good reason for us continuing to process it. You also can ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we need to erase your personal data to comply with law. (In some cases, we may need to continue to retain some of your personal data where legal6 required. If these apply, we will notify you at the time of our response.)
- Objection. Object to us processing your personal data where (a) we are relying on legitimate interests as the lawful basis and you feel the processing impacts on your fundamental rights and freedoms, or (b) the processing is for direct marketing purposes. In some cases, we may refuse your objection if we can demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights and freedoms.
- Restriction. Request that we restrict or suspend our processing of your personal data: if you want us to establish the data’s accuracy; where our use of the data is unlawful, but you do not want us to erase it; where we no longer require it, but you need us to hold onto it to establish, exercise or defend legal claims; or you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Data portability. Request we transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means that we process on the lawful bases of consent or performance of a contract.
- Withdraw consent. Withdraw your consent at any time where we are relying on consent to process your personal data. Please know that this does not affect the lawfulness of any processing carried out before you withdraw your consent, and after withdrawal, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- If you are unhappy with how we process your personal data, we ask that you contact us first using the details below so that we have the chance to put it right. However, you also have the right to make a complaint to the regulator at any time.
You can exercise any of these rights at any time by contacting us at dpo@toggle.org or via App.
13. US PRIVACY RIGHTS
This section applies to you if you are a resident of any of the following US States: California, Virginia, Colorado, Connecticut, Texas, Utah, Oregon (“US States”) which have adopted their state privacy acts (together “US Privacy laws”).
Below you will find information what rights you may have and how to exercise those rights and our process of handling those requests.
- Right to access. You may submit up to two times in a 12-month period, free of charge, a verifiable request to disclose what personal information we collected, used, shared, sold or disclosed about you in the preceding twelve (12) months.
- Right to delete. You have the right to request that we delete any of your personal information we collected and retained, subject to certain exceptions. Once we receive and verify your consumer request, we will delete your personal information from our records. However, we may deny your deletion request if retaining the information is necessary for us or our service providers under certain circumstances, which will be explained to you at the time of the denial, if any.
- Right to correct. Depending on your state of residency, you have the right to request to correct the inaccurate personal information that we hold about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
- Right to data portability. You have the right to obtain your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller without hindrance.
- Right to opt-out. Depending on your state of residency, you have the right to opt-out of the processing of the personal data for purposes of (i) targeted advertising or cross-contextual behavioral advertising, (ii) the “sale” and/or sharing of personal data, or (iii) profiling (or solely automated decisions) that produce legal or similarly significant effects concerning you), as defined by the applicable US Privacy laws. However, we note that we do not collect any personal information for any of these purposes.
- Right to be free from discrimination. We may not discriminate against you for exercising any of your rights under US laws, including but not limited to (i) denying you our Services; (ii) charging you different prices or rates for our Services; (iii) providing you a different level or quality of Services; (iv) suggesting that you may receive a different price or rate for Services or a different level or quality of Services.
- Right to limit use and disclosure of sensitive personal information (for California residents). However, we note that we do not collect any sensitive personal information.
We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days. We reserve the right not to respond to your request or provide you with personal data, in case we were unable to verify your identity or authority to make such a request.
If you are a Virginia, Colorado, or Connecticut resident, you have the right to appeal our decision to deny your rights request. We do not sell data of our users.
14. CONTACT US
Please contact us if you have any questions about this policy.
If you have questions about data protection, or if you have any requests for resolving issues with your personal data, you can contact us at dpo@toggle.org or by contacting us via App.