Privacy Policy
This Privacy Policy explains how Quorinava Limited ("Quorinava", "we", "us", "our"), a private limited company incorporated in Hong Kong with its registered office at Unit 1603, 16th Floor, The L. Plaza, 367–375 Queen's Road Central, Sheung Wan, Hong Kong, collects, uses, discloses and protects personal data in connection with our website, our white-label VPN platform, and the BoltVPN product (collectively, the "Services").
1. Who this policy applies to
- Website visitors — people who browse our website or contact us for a demo or pricing.
- Business clients — companies and their representatives who license our white-label VPN platform.
- End users — users of VPN applications operated by our business clients on our infrastructure. For end-user data we generally act as a data processor on behalf of the client that operates the branded app; the client's own privacy policy applies in the first instance.
2. Data we collect
2.1 Data you provide
- Contact details (name, business email, company name, phone number) when you request a demo, pricing or support;
- Account credentials and billing details of business clients;
- End-user account data required for sign-in (email address, or an Apple/Google account identifier) and subscription status.
2.2 Data collected automatically
- Basic website analytics (pages visited, approximate location derived from IP, device and browser type);
- Aggregate, non-identifying service metrics (server load, total bandwidth, crash reports).
3. How we use data
- To provide, maintain and improve the Services;
- To respond to enquiries and provide customer and technical support;
- To process subscriptions and payments (via the Apple App Store, Google Play, or invoicing for business clients);
- To secure the Services, prevent fraud and enforce our Terms of Use;
- To comply with legal obligations applicable to us, including the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO").
4. Legal bases
Where the GDPR or similar laws apply to particular users, we rely on: performance of a contract (providing the Services), legitimate interests (security, service improvement, B2B communications), consent (optional analytics and marketing), and compliance with legal obligations.
5. Sharing of data
We do not sell personal data. We share data only with:
- Service providers who help us operate the Services (hosting and server infrastructure providers, payment processors, analytics and support tooling), bound by data processing agreements;
- Our business clients, in respect of end users of that client's own branded application;
- Public authorities, where required by applicable law and valid legal process. Because we do not retain VPN traffic logs, we are unable to produce browsing activity we do not hold.
6. International transfers
Our infrastructure spans multiple countries. Where personal data is transferred across borders, we use appropriate safeguards, such as contractual data protection clauses, consistent with the PDPO and, where applicable, GDPR transfer mechanisms.
7. Retention
We retain personal data only as long as necessary for the purposes described above: enquiry data for up to 24 months, business client account and billing records for the duration of the contract plus statutory retention periods, and end-user account data for the life of the account. VPN traffic data is not retained at all.
8. Security
We apply industry-standard measures including encryption in transit (WireGuard®, TLS), encryption at rest for account data, access controls, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your rights
Subject to applicable law, you may request access to, correction or deletion of your personal data, object to or restrict certain processing, and withdraw consent at any time. End users of client-branded apps should contact the operator of their app in the first instance; we will assist our clients in fulfilling such requests. To exercise rights against Quorinava Limited, contact us at the address below. You may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong, or your local supervisory authority.
10. Children
The Services are not directed at children under 16, and we do not knowingly collect personal data from them.
11. Changes to this policy
We may update this policy from time to time. The current version is always available on this page with its effective date. Material changes will be notified to business clients directly.
12. Contact
Quorinava Limited
Unit 1603, 16th Floor, The L. Plaza, 367–375 Queen's Road Central, Sheung Wan, Hong Kong
Email: a@itzenit.com