We only require a username and password when you signup to our service. Email can be provided if you wish to be able to recover your password in case you forget it, as well as receive periodic service updates. We use 3rd party payment processors. When you pay for a premium account, we store the transaction ID of your payment for a period of 30 days for fraud prevention purposes.
We store total amount of bandwidth your account has consumed in 1 month period, which is reset every month on the day of your registration. This is used to enforce free tier limitations as well as prevent abuse. We do not store historical usage. We also store a timestamp of your last activity on the Windscribe network, this is done to weed out inactive accounts. We do not store connection logs, IP timestamps, or sites you visit (we are firm believer that one's browsing history should be taken to one's grave).
For the duration of your connection the following is stored in server's memory: OpenVPN/IKEv2 username, VPN server connected to, time of connection, amount of data transferred during the session. We also store number of parallel connections at any given time to prevent rampant abuse and account sharing. Individual VPN sessions are not stored.
If for some strange reason you decide not to use our service anymore, the only piece of information that will remain is your username, password and email address (if you provided it). We periodically prune inactive accounts. You can delete your account at any time via our website.
Since we store the bare minimum for a customer to actually use our service, any request for user data would yield nothing of value. We do not store any logs on who used what IP address, so we cannot tie user activity to any single user.
We will do our best to avoid any changes, which includes moving the company to a different jurisdiction. If drastic policy changes are required due to a race of giant spiders enslaving all of humanity and forcing us to log our users under the threat of consumption, and we cannot continue providing service under the above mentioned terms, users (with valid email accounts) will be notified. That will be the least of your concern however, you know, because of the giant spiders.