Privacy Policy

Last updated: January 1, 2026. We are committed to protecting your privacy. This policy explains exactly what data we collect, why, and how we safeguard it.

1. Introduction

CyberGhost VPN ("CyberGhost," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our VPN service, website, and applications.

CyberGhost is headquartered in Bucharest, Romania, and operates under Romanian and European Union law, including the General Data Protection Regulation (GDPR). We are outside the 5/9/14-Eyes intelligence-sharing alliances, which means we are not subject to mass surveillance laws that would compel us to collect or share user data with foreign governments.

2. Our No-Logs Policy

CyberGhost operates a strict, independently verified no-logs policy. We do not collect, store, or share:

  • Your browsing history or the websites you visit
  • The content of your internet traffic
  • Your real IP address while using the VPN
  • Connection timestamps or session durations
  • Bandwidth usage per session
  • DNS queries made through our servers

This policy has been independently audited by Deloitte, one of the world's leading audit firms. The audit confirmed that our technical infrastructure and internal processes match our stated no-logs commitments. We also publish quarterly transparency reports detailing any legal requests we receive.

3. Information We Do Collect

3.1 Account Information

To create a CyberGhost account, we collect your email address and a hashed password. We do not require your real name, address, or phone number. You may also sign up using a cryptocurrency payment for maximum anonymity — in which case even your email is optional.

3.2 Payment Information

Payment processing is handled by third-party processors (Stripe, PayPal, etc.). We do not store your full credit card number on our servers. We retain only the transaction ID, subscription type, and expiry date necessary to manage your account.

3.3 Aggregated Analytics

We collect anonymized, aggregated data about server load and network performance to improve our infrastructure. This data cannot be linked to individual users and contains no personally identifiable information.

3.4 Support Interactions

If you contact our support team, we collect the information you voluntarily provide (such as your email, device type, and description of the issue) to resolve your request. Support tickets are retained for 30 days after resolution.

4. How We Use Your Information

We use the limited data we collect solely to:

  • Provide, maintain, and improve our VPN service
  • Process payments and manage your subscription
  • Send service-related communications (receipts, renewal notices)
  • Respond to support requests
  • Comply with legal obligations where required

We do not sell, rent, or share your personal data with advertisers or data brokers under any circumstances.

5. Data Sharing and Third Parties

We share minimal data only with:

  • Payment processors: To complete your transaction securely
  • Infrastructure providers: Server hosting partners who are contractually bound to strict confidentiality
  • Legal authorities: Only when legally compelled — however, since we hold no activity logs, any such request yields no meaningful user data

6. Data Retention

Account information is retained for as long as your subscription is active plus 30 days after cancellation to process any refund requests. Support ticket data is deleted after 30 days. We do not retain any VPN connection logs — ever.

7. Your Rights Under GDPR

As a user in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Lodge a complaint with a data protection authority

To exercise any of these rights, contact our privacy team via the Contact page.

8. Security Measures

We employ industry-standard security measures including AES-256 encryption, TLS for data in transit, regular security audits, and strict internal access controls. Only authorized personnel with a legitimate need can access account data, and all such access is logged and audited.

9. Cookies

Our website uses only essential cookies necessary for the site to function and analytics cookies to understand usage patterns. We do not use advertising or tracking cookies. You can disable non-essential cookies in your browser settings at any time.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify registered users via email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

  • Via our Contact page
  • By email: privacy@cyberghostvpn.com
  • By post: CyberGhost S.R.L., Bucharest, Romania