Privacy Policy

Last updated: March 17, 2026

1. Who We Are

Shieldeum Limited ("Shieldeum," "we," "us," or "our") is the data controller responsible for your personal data. We are incorporated in Hong Kong and our registered address is Suite C, Level 7, World Trust Tower, 50 Stanley Street, Central, Hong Kong.

Shieldeum provides virtual private network (VPN) services, related applications, and a supporting website at shieldeum.net.

2. Scope

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. It applies to all Shieldeum services, including our VPN applications, website, help center, and any communications you have with us.

By using our services, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of our services.

3. Data We Collect

We collect the minimum data necessary to provide and improve our service.

3.1 Account Data

When you create an account, we collect your email address (or username) and subscription status. This information is used to authenticate you, manage your subscription, and communicate service-related updates.

3.2 Payment Data

Payments are processed by third-party payment providers. Depending on the method you choose (credit card, cryptocurrency, or local payment options), the payment provider may collect billing details such as card number, billing address, or wallet address. We receive only a transaction identifier and confirmation of payment status. We do not store full credit card numbers on our systems.

3.3 Support Communications

If you contact us through our help center or by email, we retain the content of those communications (including any attachments) to resolve your inquiry and improve our service.

3.4 Diagnostics and Telemetry

Our applications may collect minimal, non-identifying diagnostic data such as crash reports, connection success rates, and app version information. This data does not include browsing activity, DNS queries, or IP addresses. You can opt out of diagnostic reporting in the app settings where available.

3.5 Website Data

Our website may use cookies and similar technologies to understand how visitors interact with our pages, remember preferences, and measure campaign effectiveness. You can manage cookie preferences through your browser settings. For more detail, see our Cookie Policy.

4. Data We Do Not Collect

Our VPN infrastructure is built on a strict zero-logs principle. Our VPN servers operate on RAM only (diskless), meaning all session data is ephemeral and wiped on every reboot. We do not log or store:

  • Browsing activity or traffic destination
  • DNS queries made while connected to the VPN
  • Connection timestamps
  • Source IP addresses
  • Bandwidth usage that could be linked to an individual user
  • Any content you access, download, or share through our servers

Because this data is never written to persistent storage, it cannot be retrieved, shared, or disclosed to any third party.

5. How We Use Data

We use the personal data described in Section 3 for the following purposes:

  • Service delivery: to create and maintain your account, authenticate sessions, and provide VPN connectivity.
  • Billing: to process payments, issue receipts, and manage subscriptions.
  • Support: to respond to your inquiries and troubleshoot issues.
  • Security: to protect our infrastructure against abuse, fraud, and denial-of-service attacks.
  • Improvement: to identify and fix bugs, and to understand general usage patterns (without identifying individual users).
  • Legal compliance: to meet applicable legal or regulatory obligations.

7. Sharing and Third-Party Processors

We do not sell your personal data. We share data only in the following limited circumstances:

  • Payment processors: to handle billing and refund transactions. These providers operate under their own privacy policies and are contractually obligated to protect your data.
  • Infrastructure providers: hosting, content delivery, and server infrastructure partners who help us operate the service. They process data on our behalf and under our instructions.
  • Support and communication tools: platforms we use to manage support inquiries and send service-related emails.
  • Legal requirements: if compelled by valid legal process, we may be required to disclose the limited account data we hold. However, because we do not log VPN activity, we cannot provide data we do not possess.

8. International Data Transfers

Shieldeum is based in Hong Kong. Our VPN servers are located across 77 locations worldwide. Your personal data (such as account and billing information) may be transferred to and processed in jurisdictions outside your country of residence.

Where applicable, we implement appropriate safeguards for international transfers, including standard contractual clauses or reliance on adequacy decisions recognized by relevant authorities. These measures are designed to ensure your data receives a consistent level of protection regardless of where it is processed.

9. Data Retention

  • Account data: retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law.
  • Billing records: retained for the period required by applicable tax and financial regulations.
  • Support communications: retained for up to 2 years after resolution to provide context for follow-up inquiries.
  • VPN activity logs: not retained, because they are never collected. Our RAM-only server architecture ensures all session data is cleared on reboot.

10. Security Measures

We apply technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, regular security assessments, and the use of RAM-only VPN servers that prevent persistent data storage.

While no system is completely immune to risk, we continuously review and strengthen our security practices to protect against unauthorized access, alteration, or disclosure.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data, subject to legal retention requirements.
  • Objection: object to processing based on legitimate interests.
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: request that we limit processing under certain circumstances.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us through our support page. We will respond within 30 days, or sooner where required by law.

12. Children's Privacy

Shieldeum services are intended for individuals aged 18 and older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or in-app notification.

We encourage you to review this policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, you can reach us at: