Privacy Policy

CeriVPN Privacy Policy

Last Updated: January 2025
Version: 1.0
Effective Date: Upon acceptance

🔒 Our Privacy Commitment

Your privacy is our top priority. CeriVPN operates under a strict no-logging policy and implements privacy-by-design principles. We collect minimal data necessary for service provision and never track, log, or monitor your online activities.

Important Note: This Privacy Policy is governed by Malaysian law and our operational capabilities as a Malaysian company. Our privacy commitments represent our best efforts to provide strong privacy protections within our technical and commercial capacity.

1. Introduction and Data Controller

1.1 Who We Are

This Privacy Policy explains how Emerald Cube Sdn. Bhd. (“CeriVPN,” “we,” “us,” or “our”) collects, uses, processes, and protects your personal information when you use our Virtual Private Network (VPN) services, subject to Malaysian law and our operational capabilities.

Data Controller Details:

  • Company: Emerald Cube Sdn. Bhd.
  • Address: Level 32, Vertical Corporate Tower B, Bangsar South, Kuala Lumpur 59200, Malaysia
  • Email: privacy@cerivpn.com
  • Governing Law: Malaysian Personal Data Protection Act (PDPA)

1.2 Scope of This Policy

This Privacy Policy applies to our services where technically and commercially feasible:

  • CeriVPN mobile applications (iOS and Android)
  • CeriVPN website (cerivpn.com)
  • Customer support services
  • All related CeriVPN services and communications

2. Our No-Logging Policy

🚫 What We DON’T Collect or Log

CeriVPN operates a verified no-logging policy. We do NOT collect, log, monitor, or store:

  • Browsing Activity: Websites you visit, pages you view, or content you access
  • Connection Logs: When you connect or disconnect from our servers
  • Traffic Data: Data transmitted through our VPN servers
  • DNS Queries: Domain name system requests you make
  • Bandwidth Usage: Amount of data you consume
  • Session Duration: How long you stay connected
  • IP Addresses: Your real IP address or VPN-assigned IP addresses
  • Metadata: Information about your internet communications
  • Timestamps: When you access specific content or services

2.1 Technical Implementation

Our no-logging policy is implemented through:

  • RAM-Only Servers: Our servers run on RAM-only systems that automatically delete all data upon restart
  • No Hard Drive Storage: No persistent storage of user activity data
  • Automatic Data Deletion: Any temporary technical data is automatically purged within 24 hours
  • Regular Audits: Security audits to verify our no-logging claims, subject to our available resources

2.2 Legal Requests

Due to our no-logging policy, we have no user activity data to provide to authorities, even if legally compelled. We may be required to provide basic account information (email, subscription details) under Malaysian legal procedures, but never browsing or connection data.

3. Information We Do Collect

We collect only the minimum information necessary to provide our VPN service:

Data Type Purpose Legal Basis (PDPA) Retention Period
Account Information
Email address, username, encrypted password		 Account creation, authentication, customer support Contract performance Until account deletion
Payment Information
Billing details, payment method (processed by third parties)		 Subscription processing, refunds, fraud prevention Contract performance, legal obligation 7 years (Malaysian tax requirements)
Device Information
Device type, OS version, app version		 Technical support, compatibility, security updates Legitimate interest Until account deletion
Technical Support Data
Support tickets, diagnostic information		 Customer support, troubleshooting Contract performance 3 years after resolution
Marketing Communications
Email preferences, communication history		 Service notifications, marketing (with consent) Consent, legitimate interest Until consent withdrawn

3.1 Anonymous Usage Statistics

We may collect anonymous, aggregated statistics that cannot be linked to individual users:

  • Total number of connections per server
  • Server performance metrics
  • General geographic usage patterns (country-level only)
  • App crash reports (anonymized)

4. How We Use Your Information

4.1 Service Provision

  • Account Management: Creating and maintaining your account
  • Authentication: Verifying your identity and account access
  • VPN Service: Providing secure VPN connections
  • Technical Support: Helping resolve service issues
  • Service Improvement: Enhancing performance and reliability

4.2 Communications

  • Transactional Emails: Account confirmations, password resets, billing notifications
  • Service Updates: Important service announcements and security updates
  • Marketing Communications: Promotional emails (only with your consent)
  • Customer Support: Responding to your inquiries and requests

4.3 Legal and Security

  • Fraud Prevention: Detecting and preventing fraudulent activities
  • Security Monitoring: Protecting against abuse and security threats
  • Legal Compliance: Meeting Malaysian legal obligations and regulatory requirements
  • Terms Enforcement: Ensuring compliance with our Terms of Service

5. Information Sharing and Disclosure

5.1 When We Share Information

We may share your personal information only in the following limited circumstances:

  • Service Providers: Third-party companies that help us operate our service (payment processors, cloud hosting, customer support)
  • Legal Requirements: When required by Malaysian law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale of assets (subject to this Privacy Policy)
  • Consent: When you explicitly authorize us to share your information
  • Safety and Security: To protect our rights, property, safety, or that of our users

5.2 Third-Party Service Providers

We work with carefully selected third-party providers who are bound by strict data protection agreements:

  • Payment Processors: Stripe, PayPal, Apple Pay, Google Pay (for subscription processing)
  • Cloud Infrastructure: Secure hosting providers for our applications and databases
  • Email Services: Transactional email providers for account communications
  • Analytics: Privacy-focused analytics tools (with anonymized data only)
  • Customer Support: Support platform providers for help desk services

5.3 International Data Transfers

Your personal information may be transferred to and processed in countries other than Malaysia. We implement appropriate safeguards where technically and commercially feasible:

  • Contractual Safeguards: Data protection agreements with service providers
  • Security Measures: Encryption and access controls for data transfers
  • Malaysian Law Compliance: All transfers subject to Malaysian legal requirements
  • Operational Limitations: Safeguards implemented within our technical and commercial capabilities

6. Your Privacy Rights

🛡️ Your Rights Under Privacy Laws

Depending on your location and subject to Malaysian law and our operational capabilities, you may have rights regarding your personal information.

Important Note: The following rights represent our commitment to privacy best practices but are subject to Malaysian law, our operational capabilities, and available resources. Response times and procedures may vary based on the complexity of requests and our capacity as a Malaysian company.

6.1 General Privacy Rights

  • Right to Access: Request information about personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Deletion: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we process your personal data
  • Right to Data Portability: Receive your data in a portable format (where technically feasible)
  • Right to Object: Object to processing based on legitimate interests or marketing
  • Right to Withdraw Consent: Withdraw consent for processing at any time

6.2 Regional Privacy Considerations

  • PDPA (Malaysia): Full compliance with Malaysian Personal Data Protection Act
  • GDPR-Inspired (EU/EEA): We strive to provide GDPR-style privacy rights where technically and commercially feasible
  • CCPA-Style (California): We aim to provide California-style privacy rights where practically possible
  • Limitations: All rights subject to Malaysian law and our operational constraints

6.3 How to Exercise Your Rights

To exercise your privacy rights, you can:

  • Email Us: Send requests to privacy@cerivpn.com
  • Account Settings: Manage some preferences through your account dashboard
  • Support Team: Contact our customer support team

Response Commitment: We will make reasonable efforts to respond to your requests within a reasonable timeframe, typically within 30 days, subject to the complexity of the request and our operational capacity.

7. Data Security and Protection

7.1 Security Measures

We implement comprehensive security measures to protect your personal information, within our technical and financial capabilities:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict access controls and authentication for our systems
  • Regular Audits: Security audits and penetration testing within our budget
  • Employee Training: Privacy and security training for staff
  • Incident Response: Data breach response procedures
  • Infrastructure Security: Secure data centers with physical and digital protections

7.2 VPN Security Features

  • Military-Grade Encryption: AES-256 encryption for all VPN traffic
  • Perfect Forward Secrecy: Each session uses unique encryption keys
  • DNS Leak Protection: Prevents DNS queries from bypassing VPN
  • IP Leak Protection: Protects against IPv4 and IPv6 leaks

7.3 Data Breach Notification

In the unlikely event of a data breach:

  • We will make reasonable efforts to notify affected users as soon as practically possible
  • Malaysian authorities will be notified as required by law
  • We will provide clear information about the incident and remedial actions
  • We will take immediate steps to contain and remedy the breach within our capabilities

8. Data Retention and Deletion

8.1 Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this policy:

  • Account Data: Until account deletion or 2 years after last activity
  • Payment Records: 7 years (for Malaysian tax and legal compliance)
  • Support Tickets: 3 years after resolution
  • Marketing Data: Until consent is withdrawn
  • Technical Logs: Maximum 24 hours (then automatically deleted)

8.2 Account Deletion

When you delete your account:

  • Personal data is immediately marked for deletion
  • Most data is deleted within 30 days
  • Some data may be retained longer for Malaysian legal or tax compliance
  • Anonymous usage statistics may be retained indefinitely

8.3 Data Deletion Requests

You can request deletion of your personal data by:

  • Deleting your account through the app
  • Contacting support at privacy@cerivpn.com
  • Exercising your privacy rights under applicable law

9. Children’s Privacy

9.1 Age Restrictions

CeriVPN services are not intended for children under 13 years of age (or 16 in regions with stricter requirements). We do not knowingly collect personal information from children under these ages.

9.2 Parental Control

If you are a parent or guardian and believe your child has provided us with personal information:

  • Contact us immediately at privacy@cerivpn.com
  • We will make reasonable efforts to delete the information promptly
  • We will take steps to prevent future collection

10. Cookies and Tracking Technologies

10.1 Website Cookies

Our website uses minimal cookies:

  • Essential Cookies: Required for basic website functionality
  • Analytics Cookies: Anonymous usage statistics (where technically implemented)
  • Preference Cookies: Remember your settings and preferences

10.2 Mobile App Analytics

  • Crash Reports: Anonymous crash data to improve app stability
  • Performance Metrics: App performance and usage patterns (anonymized)
  • Feature Usage: Which features are used most (no personal identification)

10.3 Opt-Out Options

You can control tracking:

  • Browser settings to block or delete cookies
  • App settings to disable analytics
  • Contact us to opt-out of specific tracking

11. Jurisdictional and Legal Framework

11.1 Governing Law and Jurisdiction

  • Primary Jurisdiction: This Privacy Policy is governed exclusively by Malaysian law
  • PDPA Compliance: Full compliance with Malaysian Personal Data Protection Act
  • Malaysian Law Supremacy: In case of any conflict between Malaysian law and foreign regulations, Malaysian law shall prevail
  • Court Jurisdiction: Malaysian courts have exclusive jurisdiction over privacy-related disputes

11.2 Regional Privacy Standards

Important Note: The following regional standards represent our commitment to privacy best practices but do not create binding legal obligations beyond what is required under Malaysian law.

  • GDPR-Inspired (EU/EEA): We strive to implement GDPR-style privacy protections where technically and commercially feasible
  • CCPA-Style (California): We aim to provide CCPA-inspired privacy rights where practically possible
  • Regional Compliance: Best efforts compliance with regional privacy laws within our operational capacity
  • Resource Limitations: All privacy commitments are subject to our available resources and technical capabilities

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our services or business practices
  • New Malaysian legal or regulatory requirements
  • Enhanced privacy protections (where feasible)
  • User feedback and suggestions

12.2 Notification Process

When we make significant changes:

  • Email Notification: We’ll make reasonable efforts to email registered users about material changes
  • In-App Notice: Notifications in our mobile apps where technically possible
  • Website Banner: Clear notice on our website
  • Version Control: Updated version number and effective date

12.3 Your Choices

After policy updates:

  • Review Period: Reasonable time to review changes before they take effect
  • Continued Use: Using our service after changes indicates acceptance
  • Disagreement: You can delete your account if you disagree with changes
  • Granular Consent: Some changes may require specific consent where required by law

13. Third-Party Services and Links

13.1 Third-Party Websites

Our service may contain links to third-party websites or services. This Privacy Policy does not apply to:

  • External websites linked from our service
  • Third-party apps or services you access through our VPN
  • Social media platforms and their embedded content
  • Partner websites and services

13.2 Third-Party Responsibility

We are not responsible for:

  • Privacy practices of third-party websites
  • Content or accuracy of external sites
  • Data collection by third-party services
  • Security of external platforms

13.3 Integration Partners

We work with select partners for:

  • Payment Processing: Secure transaction handling
  • Customer Support: Help desk and ticketing systems
  • Infrastructure: Cloud hosting and CDN services
  • Analytics: Privacy-focused usage insights

14. Business Transfers

14.1 Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of assets:

  • User data may be transferred as part of the transaction
  • We will make reasonable efforts to notify users before any transfer
  • The acquiring entity must honor this Privacy Policy or provide equivalent protections
  • Users will have the option to delete their accounts

14.2 User Protection

During business transfers:

  • Your rights under this policy remain intact
  • No-logging policy commitments will be maintained
  • Enhanced protections for sensitive data where possible
  • Option to opt-out of the transfer

15. Contact Information

📧 Privacy Contact

General Privacy Inquiries:
Email: privacy@cerivpn.com
Response Commitment: We will make reasonable efforts to respond within a reasonable timeframe

Postal Address:
Emerald Cube Sdn. Bhd.
Attention: Privacy Officer
Level 32, Vertical Corporate Tower B
Bangsar South
Kuala Lumpur 59200
Malaysia

Phone: +60 3 2779 6174

Business Registration: 977577-X

15.1 Dispute Resolution

For privacy-related concerns:

  • Contact Us First: We encourage direct communication to resolve issues
  • Malaysian Authorities: You may contact Malaysian regulatory authorities if required
  • Legal Framework: All disputes subject to Malaysian law and jurisdiction

16. Glossary of Terms

16.1 Privacy Terms

  • Personal Data: Any information relating to an identified or identifiable person
  • Processing: Any operation performed on personal data (collection, storage, use, etc.)
  • Data Controller: Entity that determines purposes and means of processing personal data
  • Consent: Freely given, specific, informed agreement to data processing

16.2 Technical Terms

  • VPN: Virtual Private Network – encrypted tunnel for internet traffic
  • No-Logging: Policy of not storing user activity or connection data
  • Encryption: Process of encoding data to prevent unauthorized access
  • IP Address: Unique identifier assigned to devices on internet networks
  • DNS: Domain Name System – translates website names to IP addresses

Acknowledgment: By using CeriVPN, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy, and that this policy is governed by Malaysian law.

🔐 Our Commitment to You

We are committed to protecting your privacy and being transparent about our data practices within our capabilities as a Malaysian company. If you have any questions or concerns about this Privacy Policy, please contact us at privacy@cerivpn.com.

CeriVPN Privacy Policy – Version 1.0
Last Updated: January 2025
© 2025 Emerald Cube Sdn. Bhd. All rights reserved.

Shopping Cart