Privacy policy

We do not track anything. No logs. No profiling. No surveillance.

Overview

Blackout VPN collects and stores as little data as possible. We do not log your activity, your IP address, your traffic, or your behavior. This policy explains exactly what we do collect, why, how long we keep it, and who has access to it.

Data we collect from you

Payment information: When you purchase a Blackout VPN key, we receive payment confirmation data including transaction ID, date, amount, and payment method identifier. We do not store your full payment card details, bank account information, or billing address. Payment processing is handled by third-party payment processors (PayPal, Monero, cash-by-mail).

VPN usage data: We do not collect, store, or log any information about your VPN usage, including:

  • Your IP address (before or after connection)
  • Websites you visit or domains you access
  • DNS queries or DNS history
  • Connection times, duration, or frequency
  • Bandwidth usage or traffic volume
  • Device identifiers or device information
  • Geographic location or location history

Support and contact data: If you contact us for support, we only store what is necessary to resolve your issue (e.g., your transaction ID or key identifier). We do not store personal details beyond this.

Data we do not collect

The Blackout VPN app contains no analytics libraries, no crash reporting SDKs, no telemetry, no advertising networks, no tracking pixels, and no fingerprinting. The website contains no cookies, no web beacons, and no third-party tracking scripts. We literally cannot collect data about your behavior even if we wanted to.

VPN technical details (Apple/Google required disclosure)

How the VPN works: Blackout VPN encrypts your internet traffic and routes it through our servers. Your real IP address is masked from websites you visit.

What we can see: We can see that a key is connected to our infrastructure. We do not inspect, monitor, or log the content of your traffic or your DNS queries.

What we cannot see: We cannot see which websites you visit, which apps you use, what you download, or any details about your online activity.

DNS handling: We do not perform DNS inspection or DNS logging. DNS queries may pass through our infrastructure but are not recorded.

Session data: Ephemeral session data (connection logs, routing information, temporary buffers) exists only in volatile memory and is automatically wiped when your connection ends or the server reboots. This data is never written to persistent storage.

Traffic blocking or filtering: We do not block, filter, or modify your traffic. We do not impose content restrictions, bandwidth throttling, or access limitations based on destination.

Abuse handling and infrastructure protection

If we detect a key being used for infrastructure attacks (DDoS, brute force, port scanning, or other abuse), we may:

  • Revoke that individual key
  • Log the fact of abuse (not content, not destinations) for infrastructure security
  • Refuse to issue new keys to the same payment method if abuse is severe and repeated

We do not share abuse data with third parties, governments, or law enforcement unless legally required by valid legal process.

Third-party services and data sharing

Payment processors: PayPal, Monero, and cash handlers receive only payment information necessary to process your transaction. They do not receive any information about your VPN usage or activity.

Hosting providers: Our infrastructure host (VPS/server provider) may see that encrypted traffic passes through our infrastructure but cannot see your data or activity because traffic is encrypted end-to-end.

No data sales, advertising, or analytics: We do not sell, rent, or share your data with advertisers, analytics firms, data brokers, or marketing companies. We do not use your data to build profiles or predict your behavior.

Data retention and deletion

VPN activity: Zero logs. No data about your usage is retained.

Payment metadata: Transaction ID, date, and amount are retained for seven years as required by Australian tax law (ATO record-keeping obligations). This data is never linked to your key, your IP address, or your activity. After seven years, this data is permanently deleted.

Support records: Support interaction records are retained only as long as necessary to resolve your issue, typically 30-90 days, then deleted.

Server logs: Basic security access logs (firewall, intrusion detection) are retained temporarily and rotated regularly. These logs do not contain content or user-identifying information.

Volatile memory: Session data, connection buffers, and routing information exist only in RAM and are wiped on connection termination or server reboot.

Your VPN key and account information

VPN keys are generated client-side and validated on our servers using one-way cryptographic hashes. We maintain no database linking keys to customer identities, payment methods, or any personal information. If you lose your key, we cannot recover it because no such link exists by design. This is a feature, not a bug—it protects your privacy.

Law enforcement and legal requests

We comply with all valid legal processes and court orders from competent authorities. However, because we collect and retain zero personal data and zero activity logs, we have nothing to provide in response to requests for user information or activity history. Any disclosure we make is limited to payment metadata (transaction ID, date, amount) if a valid legal order requires it.

Children's privacy (COPPA compliance)

Blackout VPN is not intended for children under 13 years old (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete that information immediately. Parents or guardians who believe a child has provided information to us should contact hide@blackoutvpn.au.

Your privacy rights

GDPR (European users): You have rights to access, correct, delete, and export personal data. Because we collect no personal data, these rights are automatically satisfied.

Australian Privacy Principles (APPs): You have rights under the Privacy Act 1988 (Cth). Because we collect no personal data linked to your identity, these protections are automatically in effect.

CCPA (California users): You have rights to know what data is collected, delete personal information, and opt-out of data sales. We collect no personal data and sell no data.

To exercise your rights: Contact hide@blackoutvpn.au with your request. We will respond within 30 days or confirm that no personal data exists to fulfill the request.

International data transfers

Our servers are located in Australia. Payment processors (PayPal, Monero) may transfer payment metadata internationally according to their own privacy policies. Traffic routed through our VPN infrastructure is encrypted and does not constitute a data transfer.

Security and encryption

All data transmitted between you and Blackout VPN is encrypted using industry-standard protocols. Payment data is encrypted in transit and at rest. We use no default or weak credentials. We do not sell or disclose encryption keys.

Contact and dispute resolution

If you have concerns about how we handle your data, contact hide@blackoutvpn.au. If you are an Australian resident and believe we have violated the Privacy Act, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Changes to this policy

We may update this policy from time to time. Material changes will be posted here and notified in the app. Continued use of the service after changes constitutes acceptance of the updated policy.

About this policy

Blackout VPN is operated by M.E KILIC and D.J TAYLOR, a registered partnership in Queensland, Australia.

Business address: Lvl 19 10 Eagle St, Brisbane City QLD 4000, Australia.

Contact: hide@blackoutvpn.au for all privacy-related questions.

Effective date: 25 November 2025