Privacy Policy

1. Who we are

For the purposes of the EU General Data Protection Regulation (GDPR) and similar data-protection laws, the data controller is [SERVICE_NAME], operated as an independent service ("we", "us").

The primary and preferred channel for any privacy-related enquiry — including the exercise of your rights under section 9 — is email:

Contact: gatekeepvpn@firemail.cc

EU representative (Art. 27 GDPR). The Service is operated as a small-scale private offering to a limited number of individually onboarded clients. The processing carried out is occasional within the meaning of Article 27(2)(a) GDPR, does not include large-scale processing of special categories of data or of data relating to criminal convictions, and is unlikely to result in a risk to the rights and freedoms of natural persons. On that basis, no representative in the Union has been designated. This assessment is kept under review.

2. What data we collect

3. What data we do NOT collect

We do not collect, store, or otherwise process:

• Connection timestamps for individual users;
• IP addresses assigned to users during a session, or source IPs initiating connections;
• DNS queries made through the Service;
• Destination IP addresses, domains, or URLs accessed through the Service;
• Traffic content, metadata, or volume per user;
• Any information about applications or services used through the Service.

For operational purposes, our servers may retain aggregate, non-identifying metrics (such as total system load) that are not linked to any individual user and are not capable of being so linked.

4. Legal bases for processing

Where GDPR applies, we rely on the following legal bases (Art. 6(1) GDPR):

• Performance of a contract (Art. 6(1)(b)): to respond to your inquiry, deliver access credentials, and provide the Service;
• Legal obligation (Art. 6(1)(c)): where applicable laws require us to retain certain data (e.g., tax records);
• Legitimate interest (Art. 6(1)(f)): to secure our infrastructure against abuse and to enforce our Terms;
• Consent (Art. 6(1)(a)): where you provide it explicitly (e.g., by submitting the inquiry form).

5. How we use the data

• To reply to your inquiry and arrange access to the Service;
• To provision, maintain, and support your access;
• To issue receipts and comply with accounting and tax obligations;
• To enforce these Terms and prevent abuse of the Service.

We do not use your data for behavioural advertising or automated decision-making with legal or similarly significant effects.

6. Data retention

• Inquiry correspondence that does not lead to onboarding: retained for up to 12 months, then deleted.
• Active-client contact and billing data: retained for the duration of the relationship and for such period thereafter as is required by applicable tax and accounting law.
• Access credentials: revoked and deleted upon termination of your access.

7. Third parties and processors

We rely on a limited number of service providers to operate:

• Form submission provider (Formspree, Inc.) — receives the contents of the inquiry form and forwards them to us. See Formspree's privacy policy.
• Hosting and infrastructure providers — provide the virtual servers that host the Service. They have no access to user content, as traffic is encrypted end-to-end within the tunnel.
• Email provider — delivers and receives our email correspondence with you.

We do not sell personal data and do not share it with third parties for their own marketing purposes.

8. International transfers

Because our infrastructure and service providers are located in multiple countries, your data may be transferred to, and processed in, jurisdictions outside your country of residence. Where required by GDPR, such transfers take place on the basis of appropriate safeguards (such as Standard Contractual Clauses) or applicable derogations.

9. Your rights under GDPR

If GDPR applies to the processing of your data, you have the following rights:

• Access — to request a copy of the personal data we hold about you;
• Rectification — to have inaccurate data corrected;
• Erasure ("right to be forgotten") — to have your data deleted, subject to legal retention requirements;
• Restriction — to restrict processing in certain circumstances;
• Portability — to receive your data in a structured, commonly used format;
• Objection — to object to processing based on legitimate interest;
• Withdraw consent — where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal;
• Lodge a complaint — with a supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

To exercise any of these rights, contact us at gatekeepvpn@firemail.cc. We will respond within one (1) month, extendable by two further months where necessary due to the complexity or number of requests.

10. Security

We apply reasonable technical and organisational measures to protect the data we hold, including encryption in transit, limited administrative access, and strong authentication on our management systems. No system is perfectly secure; if you become aware of a security issue, please write to us immediately.

11. Cookies

This website does not set tracking cookies or deploy third-party analytics. A minimal session mechanism may be used strictly where necessary to submit the inquiry form (e.g., CSRF protection by the form-submission provider). No advertising or profiling cookies are used.

12. Changes

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by reasonable means.

13. Contact

Questions, requests, or complaints regarding this Privacy Policy should be sent to gatekeepvpn@firemail.cc.