Your privacy is your privacy - updated policy

11 November 2020  PRIVACY SECURITY

Our long-term goal is to not store any PII (Personally Identifiable Information). For this purpose we recently made two changes in our Privacy Policy and our No-logging of user activity Policy.

Decisions are hard to make. They always involve trade-offs. In our quest to distinguish ourselves as the most privacy-focused VPN, we often weigh “privacy + ease-of-use” against “privacy + cool features”.

For example, for user login we choose to have anonymous numbered accounts (privacy friendly but no easy way to recover a lost account) instead of the typical email/password combo (not so privacy friendly but easy for recovery).

Updates in two of our policies:

  1. We no longer store e-mail addresses associated with PayPal payments  AT ALL. As a consequence, if you forget your Mullvad account number, you’ll have to follow this guide. There is no other way for us to help you recover your account number - because you have been deleted.
  2. For payments made with credit card, PayPal, and cash we use a temporary token to connect the payment with a Mullvad account.  From now on, we will save an unused token for 120 days and a used token for 40 days. This means that we won’t be able to help you recover an account 40 days after the last payment. Your payment trace will have been deleted.

Our Privacy policy and No-logging of user activity policy have been updated to reflect these changes.

For the universal right to privacy,
Mullvad