Privacy Policy

April 20th, 2017

This Privacy Policy describes how TunnelBear Inc. (“TunnelBear”) handles your personal information when you use our services (“Services”).

When using our Services, you agree to let us administer your data as we describe in this Privacy Policy.

TunnelBear is a global company, with headquarters in Canada. Although our physical servers are located in many different countries around the world, TunnelBear does not store personally identifiable information outside of Canada’s physical borders. By using our services, you authorize TunnelBear to use your information according to Canada’s laws, regardless of which country you are located in.

If you have any questions or comments about this Privacy Policy, please contact us at: privacy (at) tunnelbear.com

1. Personal Information Collection

As a provider of an online privacy service, we ultimately strive to collect the minimal amount of information required to operate our service. This often means difficult trade-offs between the information we collect and the performance of our service.

We believe in an open dialogue because this privacy policy is an evolving document. We welcome your thoughts and feedback on how we're doing.

1.1 What is Personal Information?

As described below, “Personal Information” means any information that identifies you and includes information provided by you while using our Services. If we use or store Personal Information with information that is non-personal, we will consider the combination as Personal Information.

1.2 Account User Data

When you create or update your TunnelBear user account, we collect and store this “Account Data”. The Account Data stored is listed below in its entirety:

Account Data	What do we use it for?
Email address	General communications, purchase receipts and occasional product news
Twitter ID (optional)	Completion of our Twitter promotion
Email confirmed	Confirmation that your email address is valid
Paid user	Provide paid users with unlimited data
Paid user expiry date	Provide paid service until this date

TunnelBear previously collected your name as part of the account creation process. This was helpful in communications, customer support and anti-credit card fraud efforts. However, through TunnelBear’s regular data privacy discussions, it was determined that the benefits to user anonymity outweighed other business benefits. As a result, you are now only required to provide your email address when creating a TunnelBear account.

1.3 Operational Data

TunnelBear also collects and stores “Operational Data” required to operate our Services. This is data that we collect and store when you connect to our network. Operational data is listed below in its entirety:

Operational Data	What do we use it for?
OS Version e.g. iOS 7	User support, troubleshooting and product planning
TunnelBear App Version e.g. PC version 2.1.1	User support and troubleshooting
Active this month e.g. 1 or 0	Customer satisfaction, support, network demand planning
Total data used this month e.g. 22.34 GB	Customer satisfaction, support, network demand planning, granting free user data

Understanding how much data people are using is a critical metric for TunnelBear. It tells us if people are using TunnelBear, if people have reached their free data limit, if the service is working properly and it also helps us plan for demand on our network. However, choosing a usage metric that respects your privacy is challenging task. We decided that collecting the overall amount of data used by a specific user, for the current month, was the correct balance. We also ensure that no historical record is kept by resetting the total monthly usage value to 0 at the end of each month. We felt that overall usage would respect individual user privacy (i.e. no login timestamps, no logs, etc.) while still providing the most vital data for TunnelBear to efficiently operate our service.

1.4 Personal and Financial Data Collected at Payment

Making a purchase with a credit card on any service will result in personally identifiable information being exchanged with payment processors. For an anonymous purchase experience, TunnelBear is pleased to offer payment through Bitcoin. No information is collected or stored from Bitcoin transactions.

Credit Card Transactions

TunnelBear processes credit card payment information securely through Stripe and PayPal. Credit card processors store Personal Information associated with financial transactions outside of Canada’s borders.

When you pay with credit card, TunnelBear stores the following information:

Payment Data	What do we use it for?
Cardholder last name e.g. Smith	For use in credit card fraud prevention
Date of card use e.g. 2014/01/01	For use in credit card fraud prevention
Last four Numbers of Credit Card e.g. 5555	For use in credit card fraud prevention

TunnelBear does not store, but can securely login and view the following information through our third party payment processors Stripe and PayPal:

Payment Data	What do we use it for?
Card billing address	For use in credit card fraud prevention
Card expiry	For use in credit card fraud prevention
Last four Numbers of Credit Card	For use in credit card fraud prevention

TunnelBear never stores your complete credit card number. To keep your payment information secure, we adopt all available security and multi-factor authentication measures available from these providers.

TunnelBear operates exclusively with PCI compliant payment processors. Only our payment processors have the ability to collect, use and access your full credit card information and other financial information. They can use this information solely for the purpose of charging and invoicing you for our (paid) Services.

No one likes credit card fraud. As a service that’s serious about online privacy, TunnelBear can attract some dodgy characters that attempt to use stolen credit cards to purchase upgraded TunnelBear accounts. Despite trying a number of commercial solutions, credit card fraud became a significant enough problem that we built our own proprietary machine-learning anti-fraud solution.

To enhance the effectiveness of TunnelBear’s anti-fraud tools, we sometimes store your Last Name and the last four numbers of your credit card (and only last 4 numbers) when you upgrade your TunnelBear. This information is exclusively stored for the purposes of making the use of stolen credit cards to purchase TunnelBear as annoying as possible for thieves.

1.5 Other Data TunnelBear Just does NOT Collect

TunnelBear explicitly does NOT collect, store or log the following data:

IP addresses visiting our website
IP addresses upon service connection
DNS Queries while connected
Any information about the applications, services or websites our users use while connected to our Service

2. Personal Information

Any Personal Information you provide to TunnelBear will be administered according to the following principles:

2.1 Accountability

Should you have any concerns about how your information is handled or questions about our privacy policy, feel free to contact us at privacy@tunnelbear.com

2.2 Disclosure of Information to Third Parties

Except as described below, TunnelBear will NOT disclose any information to other commercial parties under any circumstance.

In the event TunnelBear is required to comply with law enforcement where subpoenas, warrants or other legal documents have been provided, valid under Canadian jurisdiction, the extent of disclosure is limited to the “Personal Information” listed within this privacy policy.

As noted above, TunnelBear utilizes PCI-compliant third party payment processors to collect your credit card and other billing information.

If our organization structure changes (i.e we undergo a restructuring or are acquired), we may need to migrate your Personal Information to a third party related to a business transaction, but, we will ensure that such a third party has entered into an agreement under which the use of your Personal Information is only related to purposes necessary for the transaction.

TunnelBear does NOT store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers. Additionally, we cannot disclose information about the applications, services or websites our users consume while connected to our Services; as TunnelBear does NOT store this information.

2.3 Consent

Unless otherwise required by law, we will obtain your consent whenever we collect your Personal Information or make changes to the Operational Information we store. Your consent may be expressed or implied. In certain circumstances your consent may be implied by your actions. For example, by providing us Personal Information to sign up for our Service, it is implied that we can use such information as we outlined in this privacy policy.

The form of consent sought by TunnelBear may vary depending on the nature of the information. In determining the appropriate form of consent, TunnelBear will take into account the sensitivity of the information and your reasonable expectations. Implied consent will generally be appropriate where information is less sensitive.

You have the right to withhold your consent on any request to use your Personal Information. To exercise your choices, or ask questions about your Personal Information, please contact: privacy@tunnelbear.com

2.4 Limiting Collection

We take great care to not collect Personal Information indiscriminately and limit collection to the minimum necessary information required to operate our service. By limiting the collection of data, we help to protect the privacy and security of your Personal Information.

2.5 Limiting Use, Disclosure, and Retention

We will not use your Personal Information for any purpose that you have not consented to. TunnelBear will NOT sell or trade Personal Information for commercial purposes.

Only TunnelBear’s employees with a business need to know or whose duties require, are granted access to our customers’ Personal Information. All such employees will be required as a condition of employment to respect the confidentiality of our customers’ Personal Information.

We store your Personal Information only as long as is necessary for the purposes for which it is collected. We erase or destroy the records containing Personal Information when they are no longer required; this will be done in ways that will ensure your continued privacy.

2.6 Accuracy

It is your responsibility to inform TunnelBear of any relevant changes in your Personal Information by updating your account information.

2.7 Safeguards

TunnelBear uses exceptionally strong safeguards to protect the privacy of all our records, including your Personal Information. We implement physical, business and technical security measures. These strong safeguards are designed to prevent unauthorized access, disclosure, loss, theft, copying, use or modification to your Personal Information.

2.8 Openness and Transparency

So that you can be confident that we are handling your Personal Information appropriately, we take extraordinary measures to document our policies and provide openness and transparency around the data we collect, why we collect it and how we handle it.

2.9 Individual Access

If at any time you have a question about our records containing your Personal Information, we will do our best to answer it. You have the right to be told about the kind of Personal Information we maintain and how it is used. Upon request, we will provide you with information regarding the existence, use and disclosure of your Personal Information.

2.10 Addressing Comments and Concerns

We believe in an open dialogue, and understand that this privacy policy is an evolving document. We welcome your thoughts and feedback on how we're doing.

2.11 Changes to Our Privacy Policy

We may need to change our Privacy Policy from time-to-time and all updates will be posted online. Your continued use of our Services after the effective date of such changes constitutes your acceptance of such changes. We will post an effective date at the top of the page for your convenience.