Privacy Policy

Last Updated: February 23, 2026

INTRODUCTION

ASL19 Inc. d/b/a BeePass VPN, 192 Spadina Ave, Toronto, Canada ("BeePass", "we", or "us") is committed to protecting the privacy and the rights of any individual in relation to their personal data. For the processing activities described in this Policy, BeePass generally acts as a data controller within the meaning of Art. 4 (7) GDPR and Art. 5 (j) FADP.

As a provider of a service aimed at prioritizing your privacy while helping you bypass internet censorship, we aim to collect the minimal amount of data required to provide you with a reliable and optimal service. This often raises difficult questions regarding the data we may collect in providing you with our products and services.

The purpose of this privacy policy (the "Policy") is to inform you of BeePass's privacy practices and policies in accordance with Art. 13 et seq. of the Regulation (EU) 2016/679 ("GDPR") and Art. 19 of the Swiss Federal Data Protection Act ("FADP"), including:

how and why BeePass collects your personal data through your use of or access to our products and services via our website, https://beepassvpn.com (the "Website") and/or through our web or mobile application (the "Platform") (collectively, the "Services");
which types of Personal Data BeePass collects, uses, and discloses;
how BeePass may use your Personal Data;
with which parties BeePass may share your Personal Data; and
contact information should you have questions or concerns about BeePass's privacy practices.

BeePass will only process your Personal Data in accordance with the applicable privacy laws, including the GDPR and the FADP. We encourage you to read this Policy carefully.

CHANGES TO THIS POLICY

We may change this Policy from time to time. Any updated versions of this Policy will be announced and posted on BeePass's Website https://beepassvpn.com. The amended Policy will be effective as of the date of posting. You are responsible for checking if any amendments have been made to this Policy. Your continued use of our Website or our Services following a change to this Policy will constitute your consent to collection, use, and disclosure of your Personal Data as described in the amended Policy.

OVERVIEW OF OUR PRIVACY PRACTICES

Our privacy practices are summarized here. Under this Policy, BeePass:

collects Personal Data when you use our VPN service, our Website, make inquiries, and in the course of delivering our Services;
shares this Personal Data with third-party service providers (including Amazon, Google, Sentry, and Telegram) for the purposes of administering, supporting our Website and Services, and for feedback and crash report monitoring;
collects, uses, and discloses this Personal Data to provide our products and Services;
except as set out in (2) & (3), does not share your Personal Data with third parties unless authorized or required by law, as part of the sale of a business or as disclosed to you when the information is collected;
may transfer Personal Data to trusted third-party service providers in different countries, subject to applicable data protection safeguards;
retains your Personal Data in compliance with our legal obligations and only as long as necessary for the purposes for which it was collected;
allows you to withdraw your consent at any time for processing activities that are based on your consent;
mitigates the risk and impact of potential harms involved in the disclosure of Personal Data through the adoption of reasonable physical, technical, and organizational procedures appropriate to the sensitivity of the data in an effort to safeguard the Personal Data you provide to us; and
provides you with updates if there are any changes to this Policy and our privacy practices through announcements on our Website.

Further information with respect to our privacy practices is set out below.

WHAT IS PERSONAL DATA?

"Personal Data" means any information relating to an identified or identifiable natural person (Art. 4 (1) GDPR; Art. 5 (a) FADP), which may include, but is not limited to, your name, address, e-mail address, and telephone number.

Personal Data does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

Depending on the applicable law, we may only process Personal Data if there is a specific legal basis for doing so. Under the FADP, the processing of Personal Data does not require a specific legal basis but must comply with the applicable data protection principles, in particular those set out in Art. 6 et seqq. FADP.

Where the GDPR applies, we process Personal Data only where one of the legal cases provided under the GDPR is met. In such cases, we rely on the following legal bases when processing your personal data:

performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR);
compliance with legal obligations (Art. 6 (1) (c) GDPR);
legitimate interests, in particular service security, abuse prevention, and network integrity, where such interests are not overridden by your rights (Art. 6 (1) (f) GDPR);
consent, where required (Art. 6 (1) (a) and Art. 9 (2) GDPR),
in exceptional cases, protection of vital interests (Art. 6 (1) (d) GDPR).

TYPES OF DATA WE COLLECT, USE, DISCLOSE AND PROCESS

If you access or use our Website or Services, we may, either directly or through an authorized third-party, collect, use, disclose, and process the types of data set out below from and about you, in compliance with applicable data protection laws.

WHAT DATA WE MAY COLLECT

HOW WE USE THE DATA AND HOW IT IS COLLECTED

WHO THE DATA IS SHARED WITH

ACCOUNT INFORMATION

While you can use our free service without registration, accessing Premium features requires account creation. Data collection varies based on your subscription tier.

If you become a Premium user, we only collect your email address for account creation, and this service is password-less.

If you make a payment through Stripe to access Premium features, we collect your email address from payments.

If you request support through our Telegram helpdesk bot, we will collect your Telegram ID, and any other information you provided on your public Telegram account without limitation. The information included:

Email address
Telegram ID

We collect this data for the following purposes: (a) to send you the verification link for our premium service; (b) to provide the Services to you; (c) to communicate with you effectively, where necessary, in relation to your use of the Services; and (d) to support the operation and management of the Services.

This information is collected when you:

access or use our Website or Services;
Communicate with our representatives; and
Communicate with others through the Services.

Data collected in connection with access to the Website and Services may be disclosed to our authorized third-party service providers, such as:

Amazon Web Services, our storage and hosting provider
Google, our analytics and research provider
Telegram, our helpdesk bot
Stripe
Google Play and Apple App Store

These providers are contractually required to process Personal Data in accordance with their respective privacy policies. Please refer to the section below "PASSING ON TO THIRD PARTIES" to access their policies.

FEEDBACK AND CRASH REPORTS

Since our Services are built for circumvention, there may be situations where we need additional information about your context and usage to troubleshoot and/or improve our Services.

This is why we allow users to send feedback from the Website. If our Services crash or a fatal exception occurs (collectively, a "Crash"), or if you manually send feedback through the Platform, the information listed below will be shared with us:

The country from which you accessed the Services related to the Crash;
Statically compiled exception messages;
Technical information, including, without limitation, operating system name and version of device, phone model (if applicable), browser type, and version number;
Any other information you may provide through your feedback.

We recommend not including Personal Data, but if you would like us to follow up or help troubleshoot an issue, you can share your email address or Telegram username through the in-app feedback form.

This data is used to: (a) protect the Services and ourselves against adversaries trying to block or disrupt our Services; (b) assess the performance of our networks and optimize resources to improve our services to you; and (c) contact you in connection with your account and your inquiries.

This information is collected through the submission of the feedback form you submit or through automated technologies or interactions when reporting a Crash.

This information may be shared with hosting and cybersecurity service providers to ensure platform security and performance, such as:

Amazon Web Services, our storage and hosting provider
Google, our analytics and research provider
Telegram, our account integration provider

This information is not used for marketing, profiling, or to identify you personally.

PLATFORM USAGE INFORMATION

We collect your Platform usage data such as the hourly number of bytes transferred when you use our services and the country of origin from which you are connecting.

We will not collect the websites you visit, services you access, or your online activity, and we will not store the IP address assigned to you by your internet service provider.

We primarily use this data for analytics and to enhance your overall user experience, as well as to monitor use of the Platform and Services to support their proper functioning and further improvement and optimization.

This information is collected:

when you sign up for our Website;
when you access or use our Website or Services;
during communications between you and our representatives; and
during communications between you and other users on the Website.

Usage data may be disclosed to analytics partners to help us understand user behavior and improve our Platform and Services functionality, such as:

Amazon Web Services, our hosting provider
Google, our research and analytics provider

This data is aggregated and anonymized wherever possible.

WEBSITE USAGE INFORMATION

As you navigate through and use our Website, we may automatically collect the following types of data: usage details, traffic data, and information about your computer and internet connection, including your IP address, operating system, and browser type.

We primarily use this data for analytics and to enhance your overall user experience, and to monitor use of the Website and Services to support their proper functioning and further improvement and optimization.

This information is collected through the use of automated technologies such as cookies. This Policy provides further details about how we use cookies below.

Usage data may be disclosed to analytics partners to help us understand user behavior and improve our Website and Services functionality, such as:

Amazon Web Services, our hosting provider
Google, our research and analytics provider

This data is aggregated and anonymized wherever possible.

OTHER INFORMATION PROVIDED BY YOU

We may collect Personal Data from you when you make inquiries about our products and services, request assistance through our customer service department, or when you voluntarily subscribe to a BeePass service or newsletter.

This information is used: (a) to provide customer service and support to you; (b) to contact you in connection with your account and your inquiries; (c) to administer our Website, user account(s) and to manage the emails that we send.

This information collected to access the Website and Services is disclosed to our authorized third-party service providers, such as:

Amazon Web Services, our storage and hosting provider
Google, our analytics and research provider
Telegram, our account integration provider
Firebase, our mobile and web app development provider

In addition to the specific use and disclosure of information set out above, we may use and disclose your Personal Data when such use or disclosure is required or permitted by applicable law and, where applicable, based on the legal grounds set out in section "Legal Basis For Processing Personal Data" above, in particular in order to: (a) comply with legal obligations or binding legal process; (b) respond to lawful requests from public and government authorities, including public and government authorities outside your country of residence; (c) enforce the terms of the agreements for our products and services; (d) protect our rights, operations, or property; (e) allow us to pursue available legal remedies or limit the potential damages. Any such use or disclosure is limited to what is legally required or strictly necessary in the relevant circumstances.

PASSING ON TO THIRD PARTIES

We do not sell, rent, or lease any Personal Data to third parties. We disclose Personal Data to third parties only where permitted or required by applicable law and in accordance with the purposes and legal bases described in this Privacy Notice. Where a disclosure requires your consent under applicable law, we will obtain such consent prior to the disclosure.

If we are involved in the sale or transfer of some or all of our business, then we may disclose your Personal Data to the extent necessary in connection with the transfer or sale but will require the acquiring organization to agree to protect the confidentiality of your Personal Data in a manner that is consistent with this Policy.

We may share your Personal Data with the following trusted third parties:

Amazon Web Services: https://aws.amazon.com/compliance/data-privacy-faq/
Telegram: https://telegram.org/privacy#6-bot-messages
Google: https://policies.google.com/privacy?hl=en-US
Firebase: https://firebase.google.com/support/privacy

For the purposes set out in this Policy and where necessary, we may share Personal Data with courts, regulatory authorities, government agencies, and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

HOW WE SECURE YOUR INFORMATION

We keep the Personal Data we collect about you confidential in accordance with this Policy and have adopted reasonable physical, technical, and organizational procedures appropriate to the sensitivity of the data to safeguard the Personal Data you provide to us. These measures include:

Access Control: Access is strictly limited to authorized staff trained in data security and privacy, who are bound by strict confidentiality policies.
Digital Security: We regularly update our systems with advanced encryption and technologies to prevent and address vulnerabilities.
Data Backups: Regular backups are maintained to ensure data resilience against loss, system failures, or malicious threats.
Data Retention: Personal Data is retained only as long as necessary to fulfill service obligations or meet legal requirements.
Data Disposal: After the retention period, data is securely deleted or de-identified using industry-standard methods in compliance with applicable privacy laws.
Security Monitoring: Technical data is used for ongoing audits and risk assessments to protect against unauthorized access and breaches.

We implement appropriate technical and organizational security measures to protect Personal Data against unauthorized access, loss, or misuse, in accordance with applicable data protection law. However, no method of transmission over the internet or electronic storage is entirely risk-free.

You can find BeePass/Outline's security audit reports here.

When using the default server of our Services, we cannot guarantee that all information about your internet traffic will be fully private. When connecting to a website using TLS (HTTPS) the content you are sending and receiving will be encrypted; however the domain name of the website you are connecting to can still be visible to someone with full access to your network, such as your internet service provider, since they can connect to BeePass and access the same key your device will use to encrypt your requests. When connecting to a website not using TLS (HTTP), the full content you are sending and receiving could be seen by someone with full access to your network. By using the default server, you acknowledge this risk. If you're concerned with this, we recommend requesting a different server from our Telegram or email bot. This information is provided for transparency purposes and does not limit our obligation to implement appropriate technical and organizational security measures under applicable data protection law.

CROSS-BORDER TRANSFERS

In some circumstances, your Personal Data may be transferred to other third-party service providers located within or outside of the EEA or Switzerland, on a worldwide basis. Before transferring Personal Data cross-border, we ensure that such transfers comply with applicable data protection laws, including Art. 44-46 GDPR and Art. 16 FADP. Cross-border transfers take place only when an adequate level of data protection is ensured. This may be achieved, as applicable, through an adequacy decision recognised under applicable law; the conclusion of appropriate contractual safeguards, such as standard contractual clauses; and/or other safeguards, including data processing agreements and appropriate technical and organizational measures.

DATA SUBJECT RIGHTS

To help you control the processing of your Personal Data, you have the following rights in relation to our data processing, depending on the applicable data protection law:

The right to request information from us as to whether and what Personal Data we process from you (Art. 15 GDPR, Art. 25 FADP);
The right to have us correct Personal Data if it is inaccurate or amend incomplete Personal Data (Art. 16 GDPR, Art. 32 (1) FADP). We will consider whether the Personal Data requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the Personal Data stating your disagreement, together with your requested amendment. If we correct your Personal Data, we will, so far as is reasonably practicable, inform every other person to whom we have disclosed that information of the correction;
The right to request deletion of your Personal Data (Art. 17 GDPR, Art. 32 (2) (c) FADP);
The right to request the restriction of the processing of your Personal Data (Art. 18 GDPR);
The right to object to the processing of your Personal Data (Art. 21 GDPR, Art. 32 (2) (a) FADP);
The right to request that we provide certain Personal Data in a commonly used electronic format or transfer it to another controller (Art. 20 GDPR, Art. 28 FADP);
The right to withdraw consent, where our processing is based on your consent (Art. 7 (3) GDPR, Art. 30 (2) FADP). The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. We may continue to process Personal Data where this is required or permitted by applicable law;
The right not to be subjected to certain automated decision-making (Art. 22 GDPR), or to express your point of view in the case of automated individual decision-making and to request that the decision be reviewed by a human (Art. 21 (2) FADP).

If you wish to exercise the above-mentioned rights in relation to us, please contact our Privacy Officer using the information in the "Contact Information" section below.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Data that we hold about you, or to give effect to other data subject rights you may be entitled to (Art. 12 (6) GDPR). In certain situations, we may not be able to fulfil your request. If that is the case, we will explain the reasons for our decision when responding to your request. For example, there may be overriding private or public interests, statutory secrecy obligations, or the request is manifestly unfounded or excessive (Art. 12 (5), Art. 15 (4) and Art. 23 GDPR, Art. 26 FADP).

If you are located in the EEA and you believe that we are unlawfully processing your Personal Data, please let us know. You have also the right to complain to your Member State data protection authority (Art. 77 GDPR). If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (Art. 49 FADP).

We must ensure that your Personal Data is accurate and up to date. Therefore, please advise us of any changes to your information by contacting us (see "Contact Information" below).

DATA RETENTION

Except as otherwise permitted or required by applicable law, we will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected and as long as we have a legitimate interest in retaining the Personal Data, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Under some circumstances we may anonymize your Personal Information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

While opting for Premium Service, if users request deletion of their account, we will retain the email address used to create an account for a period of 14 days, and users will not be able to create an account with the same email address during this period.

OUR USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies across our Website and Services to enhance your experience and deliver relevant content. These technologies help us remember your preferences, improve functionality, and support analytics and advertising efforts. In addition to first-party cookies, we may also use services from third parties.

We use the following types of cookies and tracking tools:

Essential Cookies: Required for the core functionality and security of our Website. These enable features like login, account access, and fraud prevention. These cookies are necessary and cannot be disabled.
Functional Cookies: Enhance your experience by remembering preferences such as language, region, and display settings. They also help us deliver personalized content and recommendations.
Analytical Cookies: Collect data on how you interact with our Website, such as pages visited, actions taken, and errors encountered, to help us improve performance and user experience.
Other Tracking Technologies: We may also use pixels, location tracking, and device fingerprinting to gather insights into your usage patterns and improve our Services.

You can manage your cookie preferences through your browser settings or opt-out tools where applicable. Note, however, that this may affect your experience of our Website and Services.THIRD-PARTY WEBSITES AND SERVICES

On our Website you may find links to other websites, mobile software applications, products, or services that are not owned or controlled by BeePass. This Policy does not extend to any websites, products, or services provided by third parties. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using third-party websites, products, or services.

CONTACT INFORMATION

If you would like more information about this Policy or the Personal Data collection, use, storage, and disclosure policies and practices of BeePass, including with respect to our policies and practices concerning service providers outside the EEA and Switzerland, or would like to exercise your privacy rights, please contact our Privacy Officer by e-mail at: support@beepassvpn.com.