Privacy Policy for RAV VPN Site & Services

Your privacy is our priority, but your trust in us is equally important. That's why we want to be as transparent as possible in our policies. We want you to understand the type of information we collect, why we collect that data, and exactly how we use the information we collect.

In Brief

• RAV VPN is a zero-logs VPN service provider, which means that we do not monitor, collect, or log your browsing activity when you are connected to our Services (as such term is defined below).
• In general, however, we monitor our Services activity to measure its performance and improve functionality.
• We do not sell or rent personal information to others, under any circumstances.
• Your data is secured and rendered anonymous whenever you are connected to our Services.
• In order to provide you with our Services, we need to collect an email address and payment method which will be used by our third-party payment processors to process transactions.

This Privacy Policy (the "Policy”) applies to the information Reason Cybersecurity Ltd. (“we”, “our” and “us”) collects about visitors to https://reasonlabs.com/platform/products/vpn (the "Site") and subscribers to the RAV VPN applications (including both the desktop and mobile versions)(the "Services"). Our Terms of Use, including their limitation on liability, apply to the Privacy Policy. You can read them at https://reasonlabs.com/platform/products/vpn/terms.

Information We Collect

RAV VPN does not monitor, collect, or log your browsing activity, under any circumstances, on any platform.

While you are not required to provide any identifiable ("personal") information to browse our Site, in order to subscribe to our Services, you must first create an account and register with us. This is solely to maintain an active subscription to our service.

Site

We aggregate and process information from Site visitors using cookies, pixels, and similar technologies, such as Google Analytics. In such cases of automated collection, the focus of this data collection is on our Site performance, fraud detection, and prevention purposes, not on your personal information. You can browse our Site without submitting any personal information. The only data we collect from all visitors is in order to improve our Site. This information is aggregated, offering a high-level view of our Site activity, including:

• Page requests
• Browser type and version
• Operating System
• Bounce rate
• Average time spent on our Site
• IP Address and based on your IP, your country

When you use the Site, we may collect and use information from your device including your IP address, user agent, your activity log on the Website, a unique identifier generated by us and your operating system and browser.

Services

You may need to provide an active email address to use the service. Additionally, if you choose to purchase a Premium subscription, you will be required to provide your address and payment method (which will be used by our third-party payment processors to process transactions), and your full name, which will be also used by us for sending you messages about the Services

We may also collect and process aggregated anonymous data, such as your language preference, device model and brand, country, operating system, lengths of sessions, server usage, crash reports, UI interactions, app build version and API requests. We will only use such aggregated anonymous data to optimize and improve our Services identify bugs and diagnose app crashes.

Website Cookies

Cookies collect information about the use of our Site, and provide users with basic functionality; such as allowing you to save your account credentials to your browser. The cookies used for our Site are not connected to our Services in any way and cannot be tied to your Service activity.

We use third-party service providers to aggregate non-personally identifiable Site data. These third parties, such as Google Analytics, use cookies and tracking pixels placed on our Site to collect, analyze, and generate reports on Site usage for us. The collection and processing of data from our Site by third-party service providers is consistent with this Policy. We do not provide these third parties with personal information about any specific user.

Opt-Out for All Website Cookies

Many web browsers accept cookies automatically. There are many resources that advise you on adjusting cookie settings, such as About Cookies. You can block cookies any time by adjusting your browser settings, visiting the Network Advertising Initiative opt-out page, or by disabling specific third-party pixels (see below). Please note that some of the features on our Site depend on cookies to properly function.

Opt-Out from Third-Party Pixels

Source	Listing	About	Opt-out
Google Ads	googleadservices.com / gstatic.com / fonts.gstatic.com	Learn More	Disable
Google Analytics	google-analytics.com / ssl-googleanalytics.com	Learn More	Disable

How We Use Your Information

We do not sell personal information to third parties under any circumstance.

Site

The information we collect through our Site is used for the following general purposes:

• Process. To create your account, collect payment for our Services (by our third party payment processors), verify your identity when you log into the Site, and administer accounts;
• Analyze. To monitor usage and trends in order to better understand how our Site is found and used, manage customer relationships, and approach users with relevant content;
• Communicate. To send you information periodically about news, products, services, and offers made available by us, our affiliates or our marketing partners;
• Troubleshooting. To respond to your requests for help and technical assistance, and maintain internal records of support histories.

Services

The information we collect through our Services is used for the following general purposes:

• Process. To create your account, collect payment for our Services (by our third party payment processors), verify your identity when you log into the Service, and administer accounts;
• Troubleshooting. To understand the source and cause of app crashes, and to improve functionality;
• Support. To communicate with you, including for support purposes, and for sending you Services-related information such as invoices, updates, security alerts;
• Operation and improvement of our Services. To provide, support and operate the Services as well as to further develop, enhance and improve our Services and your user experience with our Services; and
• Security. To detect and prevent fraud, security and other issues of technical nature.

As previously outlined RAV VPN does not collect or log any traffic of its Services, under any circumstances. We may, however, compile some statistical information related to app crashes.

We currently use the following third party providers: (i) to process your payment if you choose to purchase our subscription-based services, we use Cleverbridge. You can read about the measures taken by Cleverbridge to protect your information at: https://store.reasonsecurity.com/1679/?scope=opprivacy (ii) Google Analytics to analyze and monitor our performance. You can read about the measures taken by Google to protect your information at: http://www.google.com/intl/en/policies/privacy/ We also implemented Demographic & Interest reports feature by Google Analytics Advertising service. We are enabling Google Analytics to collect data from you via Google advertising cookies and anonymous identifiers. You can read more about such practice here: https://support.google.com/analytics/answer/2700409?hl=en We are using such Demographic & Interest reports received from Google for statistical analytics and to better optimize RAV VPN for you. You can opt-out of such Google Analytics Advertising feature through Google Analytics' currently available opt-outs in the following link: https://tools.google.com/dlpage/gaoptout/; (iii) Amazon Web Services, Inc. servers to process your information. You can read about the measures taken by Amazon to protect the security of their servers and your information at: https://aws.amazon.com/security/; (iv) ZenDesk, Inc. to provide you with support services. You can read about the measures taken by ZenDesk to protect the security of their servers and your information at: https://www.zendesk.com/company/privacy/; (v) Mudhook, for providing the VPN solution. You can read about the measures taken by Mudhook to protect the security of their servers and your information at: https://www.ipvanish.com/privacy-policy/. If we use additional third party service providers in the future, we will update this Privacy Policy to include the description of their services and any additional pertinent information on them; (vi) Sendgrid, for providing us with email related services. You can read about the measures taken by Sendgrid to protect your information here - https://www.twilio.com/legal/privacy; (vii) Mailchimp, for providing us with email related services. You can read about the measures taken by Mailchimp to protect your information here - https://mailchimp.com/legal/privacy.

Security Measures We Have In Place

In the workplace

We use industry best security measures to protect your personal information from loss, theft, misuse, or unauthorized access. All of our employees are kept up-to-date on these best practices. In addition, we restrict employee access to service administrative panels to only those who require such access in order to perform their job functions.

On the internet

We make all of your data concealed and safeguarded as often as possible. Where appropriate, we use encryption, access controls, passwords, and physical security measures to protect the information we collect and maintain about you against unauthorized access and disclosure.

Transactional emails

We send a small number of emails for transactional purposes, all of which we’ve outlined below.

Password

• Password reset - if, for any reason, you’ve requested to reset your RAV VPN account password, then you’ll receive a password reset email. This email provides a unique password-reset link and instructs how to complete your password reset;
• New password - if, for any reason, you’ve completed a password reset, then you’ll receive a new password email. This email confirms your password reset and explains how to change your password in the future, if you wish to;

Product Awareness

• All new subscribers to RAV VPN receive product awareness emails. These emails offer application tips and helpful hints to RAV VPN account holders who may be unfamiliar with the benefits and inner-workings of a VPN.

Unsubscribing From Promotional Emails

You may opt-out from receiving future promotional emails at any time by clicking the ‘Unsubscribe' link contained in the bottom of every email. While you may not receive promotional emails on behalf of RAV VPN, you will continue to receive transactional emails from us. Transactional emails are system-generated communications that pertain to your account status; we will only send these emails during one of the instances listed in the section above.

Children's Privacy

Our Site and Services are not intended for anyone under the age of 18 years old. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us so that we can delete the child's information.

Changes to This Policy

From time to time, we may change and/or update this Privacy Policy. We recommend you regularly review this page for updates. Your continued use of the Site or Services constitutes your acceptance of the then-effective Privacy Policy.

Data Location & Retention

The nature of our services requires us and our service providers to maintain and process your data globally in order to meet our legal obligations and to provide you with the Services effectively. Several countries will be involved, including Europe, the U.S., Israel, and others.

While privacy laws may differ from country to country, we and our service providers will adhere to the standards we have set for ourselves in this Privacy Policy, and apply appropriate measures to prevent misuse of your personal data regardless of whether or not the data laws of that country require us to do so.

We will store information collected from you for as long as you are using our Services. If you decide to uninstall the Services, your data will be retained for an additional period of 30 days, following which, it will be deidentified.

Data Subject Rights

If you wish to exercise your privacy rights under any applicable law, including the EU or UK General Data Protection Regulation (collectively, the “GDPR”), the Swiss Federal Act on Data Protection (the “FDPA”), the California Consumer Privacy Act (the “CCPA”), the California Privacy Rights Act (the “CPRA”) and the Virginia Consumer Data Protection Act (the “VCDPA”). please send us an email to: support@reasonlabs.com. We will make reasonable efforts to accommodate

your request, as applicable to privacy laws. Please note that we may ask for additional information, in order to authenticate and validate your identity and process your request (including personal data).

You may have different privacy rights, depending on your country or state of residence, please see further details in the sub-sections below (as applicable to you):

1. European Economic Area (“EEA”) and United Kingdom (“UK”) and Switzerland:

If you are located in the EEA, UK or Switzerland, the GDPR or FDPA (as applicable) apply to you.

We act as controllers and process personal information as necessary for the performance of our agreement with you.

When we process your personal information upon your usage of our Services, we do so on the basis of your consent. Providing such personal information and using our Services, as well as your acceptance of this Privacy Policy and our Terms of Service, shall be deemed as your consent to the processing of your personal information for all purposes detailed under this Privacy Policy. If you wish to revoke your consent, please contact us at support@reasonlabs.com.

We may also process your personal information to comply with applicable legal requirements and/or obligations, and to support our legitimate interests in developing, maintaining, and improving our Services.

Please note that under the GDPR or FDPA you may the following rights (each, to the extent available under the law which applies to you):

1. Right to Access: You have the right to request access to the personal information that we hold about you.
2. Right to Receive Information: You have the right to receive information concerning the processing of your personal information.
3. Right to Block: You have the right to request to block or restrict the processing of your personal information.
4. Right to Erasure (Deletion): You have the right to ask that we erase (the “right to be forgotten”) and rectify your personal information (that we process as controllers).
5. Right to Object: You have the right to object to processing, which is based on our legitimate interests.
6. Right to Withdraw Your Consent: You have the right to withdraw your consent for the processing of your personal information.

To submit a request for exercising your rights, please contact us at the following address: support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity.

If we have not addressed your concerns, note that you also have a right to file a complaint with the applicable supervisory authority (e.g., of your domicile or country).

2. United States of America:

If you are a resident of California or Virginia, the CCPA, CPRA or VCDPA (and/or similar state laws, as applicable) apply to you, and this section explains your rights under State privacy laws and contains disclosures required by law.

For the purposes hereof, we collect personal information as a business (as defined under applicable privacy state laws). Such information is used and disclosed for “business purposes”.

Please note that under the CCPA, CPRA or VCDPA (and/or similar state laws, as applicable) you may the following rights (each, to the extent available under the law which applies to you):

1. Right to Know: You have the right to know the categories and specific pieces of personal information that are being collected about you.
2. Right to Disclose: You have the right to ask that we disclose certain information about our collection and/or use of your personal information during the past 12 months.
3. Right to Delete: You have the right to ask that we delete the personal information we have collected from you and retained.
4. Right to Opt-Out: You have the right to opt out of the 'sale' of your personal information by a business.
5. Right to Equal Service and Price: You have the right not to receive discriminatory treatment for exercising the mentioned rights.

To submit a request for exercising your rights, please contact us at the following address: support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity. You may also appoint an authorized agent to exercise these privacy rights on your behalf (subject to certain limitations such as identity verification process and the submission of written approval to act on your behalf).

This Privacy Policy describes what Personal Information we may collect and its sources, how it is deleted and retained. Furthermore, we have provided information about our processing of your information. Note that we may share (as such term is defined under the CPRA) information with third parties such as business partners who have accepted our contractual limitations as to their disclosure, use, and retention of such personal information. Nevertheless, for the purposes and intents of the CCPA or CPRA, we do not sell your personal information.

Privacy Settings and Requests

RAV VPN provides information about our data privacy policies, including how we use cookies, in the Privacy section of this website. We also provide tools on this website that allow users to control privacy preferences for certain aspects of using this site or interacting with RAV VPN, such as for cookies and marketing. If you have any data privacy or personal data questions or requests, please contact data_requests@reasonlabs.com.

Please note that you are not legally required to provide us with any personal data, and may provide it (or avoid doing so) at your own wish. In case you disagree with any terms set forth in the Privacy Policy, or you do not wish to provide us with your personal data, or to have it processed by us or any of our service providers, we urge you to stop using the Site and our Services immediately.

In case that you ask us to exercise any of your rights under this Privacy Policy or any applicable law, please note that we may ask you to provide us certain credentials to make sure that you are the person you claim you are, to ask you to provide further information to better understand the nature and scope of information that you request to access, and to avoid disclosure to you of personal information related to others. We will retain such additional information for legal purposes (e.g., as proof of the identity of the person submitting the request).

Representative for Data Subjects in the EU and UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/12015696620

How to Contact Us

For questions about this Site, RAV VPN Services, or for more information about the matters discussed in this Privacy Policy, please contact us at: support@reasonlabs.com.