Privacy Policy & GDPR — Pivot VPN

Effective date: 14 April 2026 · Last updated: 14 April 2026

1. Who we are

This Privacy Policy explains how Pivot VPN ("Pivot VPN," "we," "us," or "our") collects, uses, discloses, and protects personal data when you use our website, apps, browser extensions, customer support channels, and VPN services (collectively, the "Services").

Data Controller: Hwilo for technical solutions

Registered address: Building 20/46, Ain Shams, Marg, Cairo, Egypt

Website: get.pivotvpn.net

Contact email: service@pivotvpn.net

By using our Services, you acknowledge that your personal data will be processed as described in this Privacy Policy.

2. Scope of this Policy

This Privacy Policy applies to:

This Privacy Policy does not apply to third-party websites, platforms, payment providers, app stores, or services that we do not control, even if they are linked from our website or app.

3. Our core privacy position

Pivot VPN is built to minimize data collection. We do not log or store your browsing activity or the content of your online traffic. In particular, we do not intentionally store:

Where limited technical processing is necessary to authenticate your account, maintain service stability, prevent abuse, process payments, provide support, or comply with legal obligations, we restrict that processing to the minimum necessary.

4. Personal data we collect

4.1 Account and subscription data

When you create an account or subscribe, we may collect:

4.2 Payment and billing data

Payment information for direct subscriptions purchased through get.pivotvpn.net is processed by Paddle.com Market Ltd ("Paddle"), acting as the Merchant of Record on our behalf. We do not store your full payment card number, CVV, or other sensitive cardholder data. Card and bank details are entered into Paddle's secure checkout, which is PCI-DSS compliant, and are processed by Paddle and its sub-processors directly.

From Paddle (or, where applicable, from app stores or other subscription platforms), we may receive limited billing-related information such as:

Paddle's processing of your personal data is governed by Paddle's own privacy notice, which you can review at paddle.com/legal/privacy.

4.3 Customer support and communications

If you contact us, we may collect:

4.4 App, device, and diagnostics data

To maintain the Services, improve app stability, prevent abuse, and diagnose errors, we may collect limited technical data such as:

4.5 Website usage and cookie data

When you visit our website, we or our service providers may collect data through cookies and similar technologies, including:

5. What we do not collect as activity logs

Pivot VPN does not use the VPN service to monitor your internet behavior. We do not intentionally retain logs of:

This section describes our service design intent and operating model. It does not limit processing that is strictly necessary for account authentication, billing, fraud prevention, service integrity, abuse mitigation, legal compliance, or support.

6. How we use personal data

We use personal data only where necessary for legitimate business and legal purposes, including:

7. Legal bases for processing under GDPR

If you are in the EEA, UK, or another jurisdiction with similar rights, we process personal data on one or more of the following legal bases:

8. Cookies and similar technologies

We use cookies and similar technologies on our website for:

Where required by law, we will ask for consent before placing non-essential cookies on your device. You can also manage cookies through your browser settings or our cookie banner/settings tool.

9. Sharing of personal data

We do not sell your personal data. We may share limited personal data with third parties only when necessary for the purposes described in this Privacy Policy, including:

We require service providers to process personal data only on our instructions and with appropriate confidentiality and security safeguards.

10. Third-party services we may use

To operate, secure, and improve Pivot VPN, we use certain third-party service providers. These providers may process limited personal data or technical data on our behalf or as independent service providers, depending on the service involved.

The categories of third-party services we use may include:

Our current third-party providers may include, where enabled and applicable:

These providers may process data such as device information, app identifiers, purchase and subscription status, authentication data, diagnostic data, and app interaction events in accordance with their own privacy policies and applicable laws.

We may change or update the third-party providers we use from time to time as our services evolve. We encourage you to review the privacy policies of those providers directly.

11. International transfers

Your personal data may be processed in countries other than your own. When we transfer personal data outside the EEA, UK, or other jurisdictions with transfer restrictions, we use appropriate safeguards where required, such as adequacy decisions or approved contractual mechanisms, including the European Commission's Standard Contractual Clauses.

12. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide and secure the Services, comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.

Retention periods may vary depending on the type of data and the purpose for which it was collected. In general:

When personal data is no longer required for the relevant purpose, we delete, anonymize, or securely archive it in accordance with our retention practices.

13. Your privacy rights

Depending on your location, you may have the right to:

Under the GDPR, these rights include access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making; requests should generally be answered without undue delay and, in principle, within one month.

To exercise your rights, contact us at service@pivotvpn.net. We may need to verify your identity before processing your request.

14. Account deletion

You may request deletion of your account and associated personal data by:

When you request deletion, we will delete or anonymize your personal data unless retention is required for:

Some limited records may therefore be retained for the legally required or reasonably necessary period.

15. Security

We use reasonable technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction. These safeguards may include:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

16. Children

Pivot VPN is not directed to children, and our Services are not intended for anyone under the age of 18, or the age of digital consent or majority in the relevant jurisdiction if higher. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

17. Third-party links

Our website or apps may contain links to third-party websites or services. We are not responsible for the privacy, security, or content practices of third parties. You should review their privacy policies separately.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice through the website, app, or email. Your continued use of the Services after the updated Privacy Policy becomes effective means that the updated version applies to your use of the Services.

19. Contact us

For questions about these Terms, please contact:

If you are in the EEA or UK, you also have the right to complain to your local data protection authority.