PRIVACY POLICY 

Last updated: 04/05/2023

At Grass VPN, operated by A24Z LTD, security and privacy are central to everything we do. We believe it’s important to be transparent about the personal data we collect, how we use it, who we share it with, and how we store it. This Privacy Notice outlines how we process and manage the data you provide when using our products, services, apps, and websites that link to this notice (collectively referred to as our “services”).

In this notice, the term “personal data” refers to any information related to an identified or identifiable natural person that is protected as personal data under applicable data protection laws.

This notice covers A24Z LTD’s data collection and processing practices with respect to any virtual private network (VPN) applications it offers, including Grass VPN.

In this notice, “we,” “us,” and “our” refer to A24Z LTD, which provides you with the services and is responsible for handling your data in accordance with this notice. For mobile apps, you can identify the company providing the service by checking the company listed on the app’s download page or reviewing its terms of service.

Our services are not intended for use by minors. In this context, minors are individuals under the age of 16 (or a lower age if applicable in your jurisdiction). We do not knowingly collect personal data from minors. If we discover that personal data from a minor has been collected, we may close the account and delete the associated data without notice.

Grass VPN does not log or track your VPN browsing activities in a way that can be linked back to you. When using our VPN connection, we do not store any information identifying what you browse, view, or do online through that connection. The only exception is when you choose to communicate with us (e.g., via chat or email) over the VPN and voluntarily identify yourself.

Data transmitted over our VPN connections is encrypted, and we do not monitor or record the content of your browsing, viewing, or activities while using the VPN (unless you are using the VPN connection to communicate with us).

Since we do not log your VPN browsing activities, even if compelled to provide user activity data, there would be nothing to disclose.

Free versions of our VPN products are supported by personalized ads. However, these ads are not based on any of your VPN browsing activities, nor do we share such activity with our advertising partners. Personalization is handled by our advertising partners, who collect information such as your user-resettable advertising identifier (e.g., AAID or IDFA) and combine it with their existing data to show you more relevant ads. Google allows you to disable your advertising identifier through your Google account settings, and you can disable the Apple advertising identifier through your Apple device settings.

Paid versions of our VPN products do not contain ads, and therefore, do not share information with advertising partners.

1. What information do we collect about you?

This section explains the different types of information we collect from and about you. Below are the types of information we may gather:

Information you provide to us

 

• • Account information: Grass VPN does not generally require you to create an account to use the services. If you choose to create an account, we may collect details such as your name, username, email address, and password.

• • Transactional information: When you purchase services from us, you will need to provide payment information for the transaction. We use industry-standard payment processors to handle payment data. These processors have their own terms and privacy policies. Additionally, we may collect information about the transaction, such as your billing address, subscription type, currency, purchase date, and amounts.

• • Customer support information: If you reach out for support, we collect information to assist in diagnosing and resolving your issues. This may include your contact information (e.g., email), payment details, and information about your usage of the services.

• • Other submissions: We collect information you submit when you participate in surveys, provide feedback, engage in promotions, apply for a job, or otherwise communicate with us.

Information collected automatically when using our services

 

• • IP address: We may collect your IP address when you use our services, and derive your approximate location based on it. Please refer to Section 2 for information on how we use your IP address and derived location. However, we do not store your IP address.

• • User interaction data: We gather data on how you interact with our websites, apps, and any advertisements we may display. For example, we may track which elements of the user interface you interact with.

• • Device information: We and our ad networks collect information about the device you use to access our services, including device model, settings, operating system, network details, and app version numbers. This data is only collected for free users by our ad networks.

• • Device hash: We may create a unique device hash for each device using our services. This hash is randomly generated, and reinstalling the app will generate a new device ID. The device hash is not linked to VPN browsing activity or user identity.

• • Advertising identifiers: Our ad networks may collect your device’s advertising identifier for marketing and analytics purposes. You can disable this identifier through Google account settings or Apple device settings.

• • VPN application information: We do not store your VPN browsing activities (e.g., websites visited or apps accessed through the VPN). However, we may collect diagnostic data as mentioned earlier. We also gather anonymized usage data, such as connection speed, latency, connection success, login success, feature usage, error reports, and troubleshooting information.

• • Information from cookies and similar technologies: We may collect information from cookies and similar technologies. You can learn more about this in our cookie policy outlined in Section 5.

Information provided to us by third parties

 

• • Referrals: If you are invited to use Grass VPN, the person who referred you may provide us with your personal information, such as your email address or other contact details.

• • Third-Party Accounts: Some of our services allow you to register using a third-party account (e.g., Google or Microsoft). If you choose to do so, the third party may share certain information with us, such as your name and email address. You may have the option to control which information is shared with us through the privacy settings of your third-party account.

• • Threat Information: We may receive data from reputable security industry partners to help us improve and test our services (e.g., lists of malicious URLs, spam blacklists, or sample malware). Some of this data may incidentally include personal information.

2. What do we use the information for?

 

• • To provide, maintain, troubleshoot, and support our services: We use your information to meet our contractual obligations, such as granting you access to Grass VPN when you have an active subscription, using your IP address to connect you to the most optimal VPN server, and using usage data to resolve any issues you report.

• • For billing and payment purposes: Your account and transaction information is used to handle billing and process payments, which is necessary to fulfill our contract with you.

• • To communicate with users and prospective users: We use your information to respond to your support requests, send updates about Grass VPN, and communicate relevant information. We do this either as part of our contract with you, with your consent, or because we have a legitimate interest in providing you with relevant updates. You can opt out of marketing communications at any time.

• • To improve our services: We analyze how users interact with Grass VPN to identify areas for improvement. For example, usage and diagnostic data help us understand usage patterns and optimize server locations. Threat information is used to improve our threat detection capabilities. We also review customer feedback to better understand user needs.

• • To develop new services: We use customer feedback and support requests to guide the development of new services, which is in our legitimate interest to ensure Grass VPN continues to meet user expectations.

• • To market and advertise our services: We may use your information to measure the effectiveness of our marketing efforts and personalize advertising. For instance, we may track who referred you to our services to assess the success of promotional programs. However, we do not use your VPN browsing activity for marketing or advertising purposes.

• • To prevent harm or liability: We use information for security purposes, such as investigating security incidents or monitoring for fraud. This helps protect both you and us from abuse. For example, we may review account or device information to detect unauthorized activity.

• • For legal compliance: We use your information as required by law or regulation, for example, to ensure compliance with trade embargoes and sanctions, or to determine applicable taxes. We also use your information to enforce our legal rights and resolve disputes.

• • IP addresses: We collect your IP address to technically enable the VPN service but do not store it beyond the session. IP addresses are not associated with your VPN browsing activity. We may use your approximate location (based on your IP address) to connect you to the nearest VPN server or show more relevant advertising for free users.

Please note that we may use and share aggregated or de-identified data for regulatory compliance, research, analysis, marketing, and other legitimate business purposes, as this data does not reveal the identity of individual users.

3. With whom do we share your personal information?

We may share your personal information under the following circumstances:

 

• • With your consent or direction: For example, if you choose to sign up for Grass VPN using a third-party account (like Google or Microsoft), we will collect your name and email address from that provider. Likewise, the third party will also collect certain registration and login details.

• • With affiliates and trusted third-party partners: To deliver some of the features of Grass VPN, we collaborate with affiliates and reputable third-party providers. We protect your data by establishing confidentiality agreements and limiting data sharing to what is necessary for the services they provide. Some areas where third parties assist include:

• • Payment processing

• • Service analytics

• • Customer support and sales operations

• • Maintaining our service infrastructure

• • Delivering advertisements and marketing content

• • Managing ad displays for our free VPN product

• • In the event of a change in ownership: If Grass VPN or parts of its business, services, or assets are sold or transferred, your information may be shared with the new owner as part of the transaction.

• • For legal reasons: Although we do not log any VPN browsing activities that can be associated with you, we may be required to share personal information (such as your account details like your email) in response to legal demands, court orders, or law enforcement requests. We ensure to only disclose what is legally required and challenge requests we consider to be excessive or invalid.

• • To protect our rights and prevent misuse: We may disclose limited information to enforce our agreements with users, respond to legal claims, and safeguard against fraud or misuse that could harm Grass VPN, its users, or affiliates.

4. Use of advertising services with free VPN products

For users of Grass VPN’s free version, we may display ads through third-party ad networks. As we’ve mentioned, we do not gather or share any VPN browsing information with advertisers. However, advertising providers will have access to certain information related to the delivery of the ads, such as the app or website where the ad appears, and certain device-related data.

We use third-party SDKs (software development kits) to manage and display ads within our app. These SDKs might collect data such as:

 

• • Advertising identifiers (set by your device’s operating system)

• • Your IP address, which helps approximate your geographic location (if you are using Grass VPN, this location might differ from your actual one)

• • Device-specific information, like the model, operating system, language, and time zone

• • The name of the app or website showing the ad

Some ads may be tailored to you based on your device’s advertising identifier or IP address. You can click on the AdChoices icon in personalized ads to learn more about the ad network, review their privacy policy, or opt out of personalized ads. Even after opting out, you may still see general (non-personalized) ads.

Grass VPN is supported by ad revenue for its free services, so we ask that you avoid using ad blockers. However, if you do choose to use an ad blocker, the VPN service will continue to work.

Vendor

Privacy Policy

Google Admob / Google Analytics

https://policies.google.com/technologies/partner-sites

IronSource

https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy

AdColony

https://www.adcolony.com/privacy-policy

DT Exchange/Fyber

https://www.digitalturbine.com/dt-clients-privacy-policy

Unity Ads

https://unity.com/legal/privacy-policy

LiftOff/Vungle

https://liftoff.io/privacy-policy

Meta/Facebook

https://www.facebook.com/privacy/policy

Bigo Ads

https://www.adsbigo.com/privacy.html

StartApp

https://www.start.io/policy/privacy-policy-site/

Chartboost

https://docs.chartboost.com/en/legal/privacy-policy

In addition, you may opt out of interest-based mobile advertising by using the Digital Advertising Alliance (DAA) AppChoices app.

5. Tracking Technologies & Cookies

About Tracking Technologies

Grass VPN, operated by A24Z LTD, uses various technologies within our services to help collect information, including tracking links, pixel tags, page tags, and web beacons. These are small, often hidden, images or pieces of code placed in web pages, ads, and emails to track specific actions. For example, if you access a page, open an email, or click a link, these technologies notify us that the action has been taken. Although we refer to these as “tracking technologies,” they do not always track individuals directly, and the information gathered is usually anonymized and not linked to personal data.

SDKs

SDKs (software development kits) are software tools provided by our advertising partners or other third parties that allow our apps to interact with their services. For example, some of Grass VPN’s mobile apps use SDKs to display ads from advertising networks. These SDKs may collect, use, or track some device information as described earlier.

Cookies

Cookies are small text files stored on your device when accessing our services. Cookies help us and our partners recognize returning users and provide a more seamless experience. Cookies may have a set expiration period depending on their purpose. We use cookies for the following:

 

• • To provide our services: Some cookies are necessary for Grass VPN to function properly, such as authenticating your identity and granting you access to resources.

• • To store your preferences: Cookies can store settings like language preferences or pre-fill information like usernames on login forms. They also help us optimize the content we show you.

• • For analytics: Cookies help us analyze how users interact with our services, such as which screens or web pages you visit, to improve performance and user experience.

• • For security: Cookies enable us and our payment partners to detect potential fraud and enhance security.

• • For advertising: We use cookies with third-party advertising partners to promote Grass VPN across the web.

Third Parties

We may allow certain third-party business partners to place tracking technologies within Grass VPN’s services. These partners may use these technologies for:

 

• • Providing services: Some of our partners use these technologies to help us deliver our services to you.

• • Analytics: They help us understand how you use Grass VPN, allowing us to improve functionality.

• • Marketing: These technologies assist us in marketing Grass VPN, tracking ad performance, retargeting ads based on your previous interactions, and identifying similar audiences.

• • Serving ads: Ad networks may use these technologies to show you more relevant ads based on your interests and behavior.

Your Choices

 

• • Managing cookies: Most web browsers and some mobile devices offer controls to manage or block cookies. Refer to your browser or mobile device’s “help” section for more information on managing cookies. Be aware that blocking certain cookies may impact the functionality of Grass VPN.

• • Third-party advertising cookies: For more information on opting out of personalized or interest-based advertising, you can visit the following pages:

• • Network Advertising Initiative opt-out page

• • Digital Advertising Alliance opt-out page

• • Your Online Choices (for Australian residents)

• • Your Online Choices (for EU residents)

• • Google Ads: To opt out of personalized Google ads, visit the Google Ads Settings page. Note that after opting out, you may still see non-personalized ads.

• • Google Analytics: We use Google Analytics to understand user behavior on Grass VPN. If you wish to opt out of Google Analytics, Google provides an opt-out browser add-on.

6. Security

At Grass VPN, operated by A24Z LTD, we implement a variety of administrative, organizational, technical, and physical measures to safeguard your personal data from unauthorized access, loss, or alterations. Access to your account and information is limited to team members who need it to perform their duties. While we strive to maintain high levels of security, no system can guarantee 100% protection.

7. International Data Transfers

Your personal data may be transferred to countries outside of your place of residence to support our operations, including transfers to affiliated companies, service providers, and partners. Data protection laws in these countries may differ from those in your home country. For example, personal data collected in Switzerland, the United Kingdom, or the European Economic Area (EEA) may be transferred and processed in countries outside those regions for the purposes described in this policy.

However, we implement appropriate safeguards to ensure that such data receives an adequate level of protection. If you want more information about these safeguards, feel free to contact us.

8. Data Retention

We retain your personal data for as long as is necessary to provide our services to you or for the duration of your account with Grass VPN. Additionally, we may keep personal data if required by law or for legitimate purposes, such as fraud prevention and defending against legal claims. Residual copies of personal data might also be stored in backup systems to prevent data loss.

Importantly, we do not retain or store data regarding your VPN browsing activity.

9. Marketing Communications and Third-Party Website Links

 

• • Marketing Communications: If you receive marketing emails from Grass VPN, you can unsubscribe at any time by following the instructions in the email. Please note that even if you unsubscribe, you may still receive transactional emails related to services you’ve requested.

• • Push Notifications: If you opt in for push notifications, you can turn them off at any time through your device settings.

• • Third-Party Links: Grass VPN’s services may contain links to third-party websites, plug-ins, or applications. This privacy notice does not apply to those third-party services, and we are not responsible for their privacy practices. Please review their respective privacy policies to learn about how they handle personal information.

10. Your Rights

Depending on your location, you may have certain legal rights regarding your personal data. Subject to applicable laws, these rights may include the ability to:

 

• • Access and receive a copy of your personal data

• • Correct or update your personal data

• • Restrict or object to the processing of your personal data

• • Request the erasure of your personal data

• • Exercise data portability rights

• • Withdraw consent previously provided (e.g., opting out of marketing communications)

• • File a complaint with a data protection authority

• • Request information about the categories of personal data collected, disclosed, or sold, the sources of this data, the purposes for collection or sale, and the third parties with whom data is shared

Your rights and options may vary based on your location, and certain information may be exempt from specific requests under applicable law.

You can manage some of these rights through the settings in our apps, such as updating your account information. You can also opt out of marketing communications by clicking “unsubscribe” in those messages.

If you wish to exercise any of these rights or delete your account, you can contact us using the details provided in the “Contact Us” section. Please note, we may retain some personal data for legal, security, or business reasons, such as information related to purchases or acceptance of our terms of service.

11. Privacy Notice Updates

We may periodically update this Privacy Notice for Grass VPN, operated by A24Z LTD, to reflect changes in law, industry standards, or our business practices. We will post any updates on this page and update the “Last updated” date. If there are significant changes that affect your privacy rights, we will make reasonable efforts to notify you in advance, such as through email or via the Grass VPN services. If you disagree with any changes, you can discontinue using the services and close your account. If you continue using our services after the update becomes effective, the updated Privacy Notice will apply.

12. Contact Us

We expect this Privacy Notice for Grass VPN to evolve, and we welcome your feedback on our privacy practices. If you have any questions or complaints about how we handle your personal data, please contact us at:

A24Z LTD

7 Coronation Road, Dephna House, Launchese #105, London, NW10 7PQ, United Kingdom

Email: [email protected]

+44 7537 105575

Region-Specific Disclosures

We may provide additional or different disclosures depending on the region you reside in, due to local laws. Below are disclosures for specific regions:

R1. Additional Privacy Information for Colorado, Connecticut, Utah, Nevada, and Virginia Residents

Depending on the state or region where you live, you may have specific rights regarding your personal information, including the right to:

 

• • Access your personal information

• • Correct inaccuracies

• • Request deletion or restriction of processing

• • Opt out of certain data processing activities, including the sale of personal information

• • Withdraw previously given consent to data processing

• • File a complaint with authorities if your privacy rights are violated

For Nevada residents: Under Nevada law, you can opt out of the sale of your personal data. While we currently do not sell your personal data, you may request an opt-out in the future by contacting us through the details provided in the “Contact Us” section.

R2. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the “Shine the Light” law:

 

• • You can request a list of third parties to whom we have disclosed your personal data for their marketing purposes, and you have the right to opt out of any such disclosures.

• • You can request the categories of personal information we collect, disclose, or “sell” (as defined under the CCPA), along with the purposes of collection and any third parties with whom we share your information.

• • You may opt out of the “sale” of personal information, including data shared with third parties for personalized advertising. While we do not “sell” personal data in the traditional sense, some versions of Grass VPN supported by personalized ads may involve sharing data for ad targeting purposes. You may exercise your opt-out right by visiting the “Do Not Sell My Personal Information” page.

Categories of Personal Information Collected and Shared

In the past 12 months, we may have shared the following categories of personal data with third parties for purposes such as analytics and advertising, subject to your settings and opt-out rights:

 

• • Identifiers (e.g., IP address)

• • Commercial information (e.g., services you’ve used or purchased)

• • Internet or network activity data (e.g., log data excluding VPN browsing activity)

• • Geolocation data (e.g., general location based on your IP address)

We do not sell personal information of individuals under 16 years of age without required authorization.

R2.5. Additional Rights

Under California law, you may be entitled to request that Grass VPN, operated by A24Z LTD:

 

• • Provide the categories of personal information we have collected or disclosed about you in the past twelve months, the sources of that information, the business or commercial purposes for collecting or “selling” your personal information, and the categories of third parties with whom we have shared this information. These details are provided in this Privacy Notice.

• • Grant access to or provide a copy of certain personal information we hold about you.

• • Delete specific personal information we hold about you.

You may also have the right to be informed about any financial incentives we offer (if applicable), and to ensure you are not discriminated against (as outlined by the California Consumer Privacy Act, or CCPA) for exercising your rights.

Certain information may be exempt from these requests under applicable law. For instance, we may need some information to provide Grass VPN services or comply with legal obligations.

When you exercise these rights, we may take steps to verify your identity before fulfilling your request, such as confirming your email or payment information. If you request the deletion of certain data, you may lose access to Grass VPN services.

You are also allowed to designate an authorized agent to make requests on your behalf. To verify an authorized agent, you must provide written permission or power of attorney. We may contact you directly to confirm the request before proceeding.

For more information about your rights under California law or to exercise them, please contact us via the “Contact Us” section.

R2.6. Summary of How We Handle Your Personal Information

The California Consumer Privacy Act (CCPA) mandates that we disclose to California residents the types of personal information we collect, the purposes for its use, the sources of the information, and the categories of third parties with whom we share it. While this section presents that information as required by the CCPA, it aligns with the details shared throughout the rest of this Privacy Notice.

Sources of Personal Information

All categories of personal information we collect come from the following sources:

 

• • You, through voluntary submission or automatic collection when using Grass VPN services.

• • Third parties, such as service providers or marketing partners.

• • Identifiers like your name, username, and email.

• • Commercial and financial information, such as transaction data and payment details.

• • Internet or device activity, including app usage and interactions.

• • Geolocation information, such as your city and state, based on your IP address.

• • Demographic and statistical data, such as age and gender.

• • Customer service interactions, survey responses, and research data.

Categories of Third Parties with Whom We Share Your Personal Information

The categories of personal information collected by Grass VPN may be shared with the following third parties:

 

• • Corporate affiliates, including those under common control or potential acquirers of our assets.

• • Third-party service providers (e.g., payment processors, analytics providers).

• • Third-party advertising networks (e.g., Google).

• • Legal entities for compliance with laws or regulations.

• • Other parties, with your consent or direction.

Categories of Business & Commercial Purposes for Which We Use Your Personal Information

The categories of personal information we collect are used for the following purposes:

 

• • To provide, maintain, troubleshoot, and support Grass VPN services.

• • For billing and payment purposes.

• • To communicate with current and potential users.

• • To improve Grass VPN services.

• • To develop new services and features.

• • For marketing and advertising, including the promotion of Grass VPN and third-party services.

• • To prevent harm, fraud, or liability.

• • To comply with legal obligations.

GDPR Compliance (Applicable to Users in the European Economic Area, Switzerland, and the United Kingdom)

If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, Grass VPN, operated by A24Z LTD, processes your personal data in compliance with the General Data Protection Regulation (GDPR). Under the GDPR, you have specific rights regarding your personal data, including:

 

• • Right of Access: You have the right to request a copy of the personal data we hold about you.

• • Right to Rectification: You can request that we correct any inaccuracies in your personal data.

• • Right to Erasure: Under certain circumstances, you can request that we delete your personal data.

• • Right to Restriction of Processing: You can ask us to limit the processing of your personal data if, for example, the accuracy of the data is contested or processing is unlawful.

• • Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, machine-readable format and have it transferred to another controller.

• • Right to Object: You may object to the processing of your personal data under certain circumstances, including when your personal data is processed for direct marketing purposes.

• • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

• • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in your country if you believe your rights under GDPR have been violated.

International Transfers of Data: If we transfer your personal data outside of the EEA, Switzerland, or the UK, we will ensure that adequate safeguards are in place to protect your data, in accordance with GDPR requirements. This may include using standard contractual clauses approved by the European Commission or other mechanisms recognized by GDPR.

For more information about your rights or if you would like to exercise them, please contact us using the information provided in the “Contact Us” section of this Privacy Policy. We may need to verify your identity before processing your request.