Privacy Policy

Last Updated: October 31, 2024

Table of Contents:

1. Introduction

2. What Information Do We Collect About You?

3. How Do We Use Your Information?

4. Disclosure of Information - Who Do We Share Your Information With and Why?

5. Product Specific Privacy Notices

6. Cookies and Other Tracking Technologies

7. Use of Advertising Services with Free VPN Products

8. Information Security

9. International Data Transfers

10. Data Retention

11. Your Rights

12. Technology Licensing

13. Age Restrictions

14. Privacy Policy Updates

15. Contact Us

1. Introduction. At Hotspot Shield, we believe it’s important that everyone, regardless of their situation, can obtain secure and private access to the internet. We always aim to provide this access without compromising the privacy of our customers. Hotspot Shield is provided by Anchorfree, LLC or Pango GmbH, and a part of the Pango Group “Pango” (hereinafter referred to as “we”, “us”, or “our”).

This Privacy Policy describes our privacy practices across the various products, services, applications, and websites that link to this policy (we refer to these collectively as our “Services”, or individually as a “Product” or “Service”). This Privacy Policy applies to the access or use of our Services, and you agree to be bound by this Privacy Policy if you access or use our Services. If you do not agree with this Privacy Policy or any provisions hereof, please do not use our Services.

Though many of our Services are made available to consumers directly, some of our Services are offered to businesses or enterprise customers. For those Services, our customer is a business entity or other organization that may authorize individual end users (e.g. employees or customers) to use the Services that it has purchased or licensed from us. Where an organization is our customer, it may maintain accounts with us through which it and its users may submit information (“Customer Data”). In such cases, the organization that purchased or licensed our Services typically controls those accounts associated with their users and the organization may receive some Customer Data in order to maintain the account. In this case, we are generally a processor of Customer Data and the organization is the controller of such Customer Data. See the ‘Disclosure of Information’ section below for additional details.

To contact us, please see the “Contact Us” section below for more information.

2. What Information Do We Collect About You? This section describes the categories of personal data (or ‘personal information’) we may collect from and/or about you. The types of information described below are not collected in all situations and may vary depending on the Service you use. We collect the applicable information you provide through your use of a Service or Services, or as needed in specific Service-specific situations. For example, as noted in our VPN Products Privacy Notice, our VPN Products only collect a limited amount of personal data, and specifies that the collection of any websites or apps visited during a VPN session are not connected to any individual user, and therefore cannot be used for advertising or marketing purposes. Please see our ‘Product Specific Privacy Notices’ section below for more information.

2.1. Information You Provide to Us

2.2 Information Collected when You use Our Services.

2.3. Information Provided to Us by Third Parties.

3. How Do We Use Your Information? We use the information we collect for various purposes described in this section. For visitors from the European Economic Area (EEA) or U.K., we also describe, below, our lawful basis for processing personal data.

4. Disclosure of Information - Who Do We Share Your Information With and Why?

We may disclose or use your information in the following circumstances, as applicable:

Where your personal data may be shared with such third parties, we protect your data by entering into agreements containing appropriate confidentiality and data processing terms with the applicable third parties, reviewing their security practices, and limiting information sharing to the scope of what they are helping us with.

5. Product Specific Privacy Notices and Terms. To better understand the privacy practices for our VPN Products, please see Our VPN Products Privacy Notice.

6. Cookies and Other Tracking Technologies. We use various technologies in our Services to help us collect certain website or app user information.

These technologies include:

6.1 Use of Cookies; Your Choices

For visitors to Pango.co, we currently do not use third party advertising or cookies that enable preferences.

7. Use of Advertising Services With Free VPN Products

We may use the following advertising services to provide ads with our free VPN products:

CompanyPrivacy Policy or Opt-Out
Unity Adshttps://unity.com/legal/privacy-policy
Ironsourcehttps://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
Digital Turbinehttps://www.digitalturbine.com/legal/privacy-policy
InMobihttps://advertising.inmobi.com/page/opt-out
Kochavahttps://www.kochava.com/privacy/opt-out/
Mintegralhttps://www.mintegral.com/en/privacy
Metahttps://www.facebook.com/privacy/policy/
Apppsflyerhttps://www.appsflyer.com/legal/opt-out/

In addition, you may opt-out of interest-based mobile advertising by utilizing the Digital Advertising Alliance (DAA) AppChoices app.

8. Information Security. We understand the importance of protecting information provided to or collected by us, including personal data, and employ reasonable and appropriate methods (including a range of administrative, organizational, technical, and physical safeguards designed to protect your data such as use of best practices, procedures, policies, training, technology, and oversight) to protect against and reduce the risk of unauthorized access, loss, or release of data. Access to your account or services information is restricted to our employees or contractors who require such access to perform their job functions. While our controls are strong and we strive to protect your personal information through these various means, we cannot guarantee or warrant the security of the information, as no data security measures can guarantee 100% protection. We recommend you take every precaution in protecting your personal information when you are on the Internet or otherwise. You should change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.

9. International Data Transfers. Depending on where you reside and what Services you use, Pango may transfer your personal data to countries other than the one in which you reside. We do this to facilitate our operations, and transferees include other Pango companies, service providers, and partners. Laws in other countries may be different to those that apply where you reside. For example, personal data collected within the U.K., Switzerland or the European Economic Area (EEA) may be transferred and processed in the United States for purposes described in this policy. However, we put in place appropriate safeguards that help to ensure that such data receives an adequate level of protection, which typically includes Pango and corporate recipients executing the Standard Contractual Clauses (aka ‘Model Contracts’) adopted by the European Commission or UK for such transfers to the U.S.

In addition, Pango Group (including Anchorfree LLC) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Pango has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Pango has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov. Click here to view our EU/Swiss-U.S. Data Privacy Framework Privacy Policy You may contact us if you would like more information about such safeguards.

If you change your country of residence, the Pango company responsible for your data may change accordingly, and your data may be transferred to that other company.

For users of our VPN products, if you are a UK or EEA resident and you choose to use our software to route your Internet traffic through servers in countries not deemed ‘adequate’ by the UK or EEA, then you acknowledge that such transfers are executed at your direction and with your unambiguous consent.

10. Data Retention. We generally retain your personal information for as long as is needed to provide the Services to you, or for as long as you have an account or subscription with us. We retain your personal information as reasonably necessary for the respective purpose. In determining the criteria by which to retain or dispose of your information, we consider the type, sensitivity, context, and purpose of collecting the information. We may also retain personal information if required by law, or for our legitimate interests, such as abuse detection and prevention, and defending ourselves from legal claims. Residual copies of personal data may be stored in backup systems for a limited period as a security measure to protect against data loss.

With respect to our VPN Products, we do not collect or retain data about your browsing activity while you are connected to the VPN Services.

11. Your Rights. Depending on your state or country of residence, you may have certain legal rights with respect to your personal information, subject to exceptions and limitations provided by applicable laws and regulations.

11.1 General. In general, you may have the following rights to your personal data:

For clarity, the above describes examples of rights an individual may have. You may have some, but not all of the rights described above, depending on where you reside and what laws and regulations apply to you. Additional U.S. state specific privacy rights are further described below.

You may be able to exercise some of these rights by using the settings and tools provided in our Services. For example, you may be able to update your user account details via the relevant account settings screen of our apps. You may also be able to opt out from receiving marketing communications from us by clicking an “opt out” or “unsubscribe” link in such communications.

Some mobile and web browsers transmit "do-not-track" or “opt-out preference” signals. We currently do not take action in response to these signals. Otherwise, if you wish to exercise any of these rights, you may contact us using the details in the “Contact Us” section below. As permitted by law, we may ask you to verify your identity before taking further action on your request. You may also be permitted to designate an authorized agent to submit certain requests on your behalf. If you do so, you must give the authorized agent written permission to make such requests, or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

11.2 Your California Privacy Rights. The information provided in this Privacy Policy describes the categories of personal information We may collect, process and share with certain service providers and other businesses. If you are a California resident and would like to exercise your rights to receive the specific pieces of information, or other privacy rights applicable to you, please contact us as specified in the ‘Contact Us’ section below.

We do not ‘sell’ personal information for our own monetary benefit. However, as the CCPA defines ‘sell’ broadly, some of the advertising services that support our website, marketing efforts, and mobile applications use third party advertising services that may be deemed a ‘sale’ under California law. Please see Our terms relating to your choices relating to cookies and the app-specific advertising services listed above to indicate your preferences with respect to ads or cookie usage as applicable.

California residents also have the right to limit the use of sensitive personal information if we use that information for purposes beyond what is needed to provide the Services you request or for other reasons specified in the CPPA. As we do not use or disclose sensitive personal information for other purposes without your consent, we do not offer you an option to limit the use of sensitive personal information.

11.3 Other U.S. Only State Specific Privacy Rights

If you are a resident of California, Colorado, Connecticut, Maine, Nevada, Oregon, Texas, Utah, or Virginia, you may have specific or additional rights under your state’s privacy laws.

Depending on the jurisdiction where you reside and the scope of applicability, you may have certain of the following rights with respect to your personal information:

You can exercise your right to know, access, delete, and correct data directly, or, in California, Colorado, Connecticut, Oregon, and Texas, you may appoint an authorized agent to act on your behalf, by submitting a request. You can exercise your right to opt-out of selling and sharing by visiting the applicable privacy preferences page or the cookie banner for the Service you are using. Note we may require you to verify your identity using the processes we describe in an applicable Product dashboard or the privacy choices page before we fulfill your request.

12. Technology Licensing. We occasionally license our technology to third party partners who may integrate it with applications developed and offered by those partners. Our partners, and not Anchorfree or Pango Group, are responsible for those applications and for determining what data is collected by those applications and how it is processed. Please contact the relevant partner and refer to their Privacy Policy to learn more about how those applications process your personal data.

13. Age Restrictions. Our Services are not intended for and may not be used by minors. In this context, minors are individuals under the age of 16 except for our identity and credit monitoring services, which are restricted to those under the age of 18. We do not knowingly collect personal data from minors or allow them to use our Services. If we discover that we have collected personal data from a minor, we may delete such data without notice. Please note that the legal terms under which we make certain Services available may require users to be older than 16 years of age.

14. Privacy Policy Updates. We may update this Privacy Policy from time to time in accordance with this section for reasons such as changes in laws, industry standards, and business practices. We will post updates to this page and update the “Last updated” date above. If we make updates that materially alter your privacy rights, we will also provide you with advance notice, such as via email or through the Services. If you disagree with such an update to this policy, you may cancel your Services account. If you do not cancel your account before the date the update becomes effective, your continued use of our Services will be subject to the updated Privacy Policy.

15. Contact Us. We expect this Privacy Policy to evolve over time and welcome feedback from our users about our privacy practices. If you would like to exercise your rights, have any questions or complaints about our privacy practices, you can contact us using the following details or submit your request to [email protected]:

Anchorfree LLC - Hotspot Shield

250 Northern Ave, Floor 3

Boston, Massachusetts, 02210

[email protected]


Pango GmbH

Hansmatt 32, 6370 Stans, Switzerland

[email protected]

For visitors from the UK or EEA, the GDPR gives you additional rights to contact our Data Protection Officer (DPO). We have appointed Bird & Bird DPO Services SRL as a DPO for Pango and our Services, and may be reached:

Archived Version