Name: Doppler VPN
Brand: Doppler VPN
Price: 7.99 USD
Availability: InStock

This Data Processing Agreement ("DPA") forms part of the agreement between you and SIMNETIQ LTD (Company Number 16861177), registered at 2 Frederick Street, Kings Cross, London, WC1X 0ND, United Kingdom, governing the processing of personal data in connection with Doppler VPN services.

1. Scope & Definitions

This DPA applies to all processing of personal data carried out by SIMNETIQ LTD (the "Controller") and any processors engaged to deliver Doppler VPN services. "Data Subjects" means users of Doppler VPN services. "Personal Data" means any information relating to an identified or identifiable natural person, as defined under the UK GDPR and EU GDPR. "Processor" means any entity that processes personal data on behalf of the Controller.

2. Processing Purpose & Instructions

Personal data is processed solely for the purposes of: VPN service provision and infrastructure management, user account creation and management, payment processing and subscription management, customer support and communication, and service improvement through anonymised analytics. All processing is carried out in accordance with the Controller's documented instructions and applicable data protection law.

3. Data Controller & Processor Roles

SIMNETIQ LTD acts as the Data Controller, determining the purposes and means of processing personal data. Third-party service providers engaged by SIMNETIQ LTD act as Data Processors and are bound by contractual obligations equivalent to those set out in this DPA.

4. Types of Personal Data Processed

The following categories of personal data may be processed: account identifiers (randomly generated VPN-XXXX-XXXX-XXXX format), email addresses (when voluntarily provided for account recovery or support), device identifiers (anonymous, not linked to personal identity), payment records (processed by third-party payment providers — Revolut, Apple, Google), and support correspondence (email communications with our support team). We do not process sensitive or special category data.

5. Security Measures

We implement appropriate technical and organisational measures to ensure the security of personal data, including: VLESS-Reality encryption for all VPN traffic, TLS encryption for all web communications, strict access controls on production systems with principle of least privilege, regular security audits and infrastructure reviews, data minimisation by design across all services, and a strict no-logs policy for VPN usage — we do not store, inspect, or retain any data passing through our VPN tunnel.

6. Sub-processor Obligations

All sub-processors are bound by data processing terms equivalent to those in this DPA. A current list of sub-processors is maintained at dopplervpn.org/subprocessors. We will provide at least 30 days' notice before engaging any new sub-processor. Data Subjects may object to the appointment of a new sub-processor by contacting support@simnetiq.store within the notice period.

7. Data Subject Rights

Data Subjects have the right to: access their personal data held by the Controller, rectification of inaccurate personal data, erasure of personal data ("right to be forgotten"), data portability in a structured, commonly used format, restriction of processing, objection to processing based on legitimate interests. To exercise any of these rights, contact support@simnetiq.store. We will respond to all requests within 30 days.

8. Data Breach Notification

In the event of a personal data breach, the Controller will: notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by law), notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, document the breach including its effects and remedial actions taken, and cooperate with supervisory authorities as required.

9. Data Retention

Personal data is retained only as long as necessary for the purposes stated in this DPA: account information is retained while the account is active and for 30 days after deletion to allow for recovery, payment records are retained for 6 years as required by UK tax and accounting law, support correspondence is retained for 12 months after resolution, and VPN usage data is NOT retained — our no-logs policy means we do not have the technical ability to associate specific network activity with individual users.

10. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure adequate safeguards through: Standard Contractual Clauses (SCCs) approved by the European Commission, UK adequacy decisions where applicable, and other legally recognised transfer mechanisms. Our VPN infrastructure spans multiple countries; however, due to our no-logs policy, VPN traffic data is encrypted and not stored in any jurisdiction.

11. Audit Rights

Data Subjects may request information about how their personal data is processed by contacting support@simnetiq.store. SIMNETIQ LTD conducts an annual compliance review of its data processing activities and sub-processor arrangements to ensure ongoing compliance with applicable data protection laws.

12. Term & Termination

This DPA is effective for as long as the Data Subject uses Doppler VPN services. Upon termination of service use, personal data will be deleted in accordance with the retention periods specified in Section 9. Data that is no longer needed will be securely erased. Data required to be retained by law will be securely stored for the applicable retention period and then deleted.