1. Effective date
This privacy policy is effective as of January 2026 and was last updated on January 2026. Any material change will be announced on the Stress04Net VPN homepage at least thirty days before it takes effect, and sent to every active account.
2. Who we are
Stress04Net VPN (pn-stress-04.example) is the data controller for the service. Registered office: Stress04Net VPN Labs Ltd, Remote operations; contact by email only.. Jurisdiction: United Kingdom. For privacy matters contact help@pn-stress-04.example; for formal data-protection requests, the data-protection officer is reachable at the same address.
3. Data we collect
We keep the footprint small: account email and an anonymised identifier; a billing reference (full card details never touch our servers); short-lived diagnostic counters (connections attempted, succeeded, failed); support correspondence. We do not collect browsing history, DNS queries, inspected tunnel contents, or advertising identifiers.
4. How we use it
Data is used to provide the service — authenticate, deliver the client, route traffic; to bill you via encrypted card transactions through Stripe; to detect abuse using aggregate rate-limit signals; and to answer support messages. We do not sell, use, or disclose user data to third parties for any purpose beyond these.
5. VPN data commitment
We do not sell, use, or disclose user data to third parties for any purpose. Stress04Net VPN is a VPN service; your traffic is treated as opaque. We do not log activity, browsing history, DNS queries, or IP addresses you connected to. This commitment is reviewed every year by an independent auditor and the summary is published on the Stress04Net VPN site.
6. Third-party processors
Stress04Net VPN relies on a short list of sub-processors: Stripe (payments), Cloudflare (edge delivery), Apple (app distribution and receipts), Amazon Web Services (encrypted storage). Each has a published privacy policy you may consult. We confirm these third parties provide the same or equal protection for user data as outlined in this policy.
7. Retention schedule
We retain data only as required for the stated purpose, or by law: account email is retained for 24 months after last login and then anonymised; payment records for 7 years per tax law; diagnostic signals for 7 days rolling; support correspondence for 12 months after closure; server access logs are truncated (IP removed) after 7 days. Earlier deletion on request to help@pn-stress-04.example.
8. International data transfers
Some sub-processors are incorporated in the United States. For transfers of personal data from the EEA, UK, or Switzerland to the US, Stress04Net VPN relies on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by encryption at rest, encryption in transit, and key management under our sole control.
9. Your GDPR rights
Under the General Data Protection Regulation (GDPR) and the UK GDPR you have the right to access the data we hold about you, to request rectification, to request erasure (right to be forgotten), to portability (export in a common format), to objection, and to restriction of processing. Write to help@pn-stress-04.example with "Data request" in the subject; we respond within thirty days.
10. California privacy rights
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the right to know what personal information we hold, the right to delete it, the right to correct inaccuracies, the right to opt-out of sale (we do not sell personal information — nothing to opt out of, but the right remains), and the right to non-discrimination for exercising any of these. Write to help@pn-stress-04.example with "California privacy request" in the subject.
11. Security and breach notification
Traffic is encrypted in transit (TLS 1.3 for the site; WireGuard and IKEv2 for VPN tunnels). At rest we apply AES-256 with keys in a hardware security module. Production access is limited to a small operations team; every administrative action is logged; hardware-key authentication is mandatory. In the event of a personal-data breach, we will notify affected users within 72 hours of discovery, and notify the relevant supervisory authority where required.
12. Contact and complaints
For general privacy questions write to help@pn-stress-04.example. To request deletion of your account and data write to the same address with "Delete my data" in the subject — we respond within two business days. You have the right to lodge a complaint with your supervisory authority; in the UK this is the ICO, in the EU each country's data-protection authority, in California the California Privacy Protection Agency (CPPA).