Privacy Policy
Last Updated: July 9, 2026
This Privacy Policy explains how Foggy Froggy Networks ("Foggy Froggy Networks," "we," "us," or "our") collects, uses, discloses, and protects personal data when you visit our website, create an account, purchase a subscription, or use our VPN service (collectively, the "Service"). Privacy is not an add-on to our product; it is the product. This Policy should be read together with our Terms of Service and our No-Logs Policy, each referenced here by name. If anything in this Policy is unclear, we encourage you to contact us using the details at the end of this page.
1. Data Controller
The data controller responsible for personal data processed in connection with the Service is Foggy Froggy Networks, located at 1930 Sheridan Ave, Cody, WY 82414, USA. For all matters concerning this Privacy Policy, including the exercise of your privacy rights, you may reach us by email at support@foggyfroggynetworks.com or by postal mail at the address above.
2. Our Core Principle: Data Minimization
Foggy Froggy Networks operates under a strict no-logs policy. We design every system, from our AMD EPYC servers with NVMe SSD storage and ECC RAM to our billing pipeline, around a single question: do we genuinely need this data to deliver the Service? If the answer is no, we do not collect it. The result is that the personal data we hold about you is limited to the minimum required to maintain your account, process your payments, and keep the network healthy. The technical details of what is and is not recorded on our VPN nodes are set out in our No-Logs Policy.
3. Personal Data We Collect
We collect only the following categories of data:
- Account data: the email address you register with, a hashed form of your password, your chosen subscription plan (SOLO, FAMILY, PRO, or CORPORATE), and the hardware identifiers (HWIDs) bound to your device slots under our 1 HWID = 1 Device licensing model. HWIDs are used solely to enforce plan device limits and cannot be used by us to observe your traffic.
- Payment records: transaction identifiers, amounts, dates, and payment status, as processed by our third-party payment processors. We do not store full payment card numbers on our own systems; our processors handle card data under their own security certifications.
- Aggregate bandwidth counters: per-account totals of data transferred, maintained as running counters for capacity planning and abuse prevention. These counters are aggregate figures only; they are not tied to timestamps of individual sessions, destinations, or the content of your traffic.
- Support correspondence: messages you voluntarily send to our support team, together with the email address you send them from.
4. Personal Data We Do NOT Collect
Because the Service exists to protect your privacy, we deliberately do not collect, store, or process:
- Your browsing history or any record of the websites, applications, or services you access through the VPN;
- Traffic destination data, including destination IP addresses, hostnames, or ports of your connections;
- DNS queries made through our DNS-leak-protected resolvers;
- Connection or activity timestamps associated with your originating IP address, or any mapping between your real IP address, an assigned VPN IP address, and a point in time;
- The content of any communications transmitted through the VPN tunnel.
We cannot disclose, sell, or lose data that we never possess. This is the practical meaning of our strict no-logs policy.
5. How We Use Personal Data
We use the limited data described in Section 3 to: (a) create and administer your account and authenticate your access; (b) enforce plan device limits through HWID binding; (c) process payments, renewals, and refunds; (d) provide customer support and respond to your inquiries; (e) monitor aggregate network capacity across our servers in 17 countries so that we can maintain fewer than 100 users per node, speeds of up to 1 Gbps per connection, and 99.9%+ uptime; (f) detect and prevent fraud, payment abuse, and violations of our Terms of Service; and (g) comply with legal obligations that apply to us. We do not use your personal data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.
6. Legal Bases for Processing
Where the General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases: performance of a contract (Article 6(1)(b) GDPR) for account administration, HWID device binding, payment processing, and support; legitimate interests (Article 6(1)(f) GDPR) for fraud prevention, network capacity planning using aggregate bandwidth counters, and securing our infrastructure, in each case balanced against your rights and freedoms; legal obligation (Article 6(1)(c) GDPR) for tax, accounting, and other statutory record-keeping tied to payment transactions; and consent (Article 6(1)(a) GDPR) for optional communications such as product announcements, which you may withdraw at any time without affecting the Service.
7. Cookies and Similar Technologies
Our website uses a minimal set of cookies. Strictly necessary cookies maintain your login session, keep your shopping cart functional during checkout, and support basic security functions such as fraud prevention; these cannot be switched off because the site cannot operate without them. Where we use any optional analytics, we use aggregate, privacy-respecting measurements and honor your browser or consent-banner choices. We do not use third-party advertising cookies, cross-site tracking pixels, or social-media trackers on our website, and no cookies of any kind are involved in the operation of the VPN tunnel itself.
8. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy. Account data is retained while your account is active and is deleted or irreversibly anonymized within ninety (90) days after account closure, except where a longer period is required by law. Payment records are retained for the period required by applicable tax and accounting legislation, typically up to seven (7) years, in the systems of our payment processors and our accounting records. Aggregate bandwidth counters are reset on a rolling basis and are not retained in identifiable form beyond the current billing cycle plus a short reconciliation window. Support correspondence is retained for up to twenty-four (24) months to allow us to handle follow-up questions, after which it is deleted. Because our VPN nodes do not record activity logs, there is no traffic data to retain or delete.
9. Data Sharing and Disclosure
We do not sell, rent, or trade personal data, and we do not share it with advertisers or data brokers. We disclose personal data only in the following limited circumstances: (a) to payment processors, strictly to the extent necessary to complete transactions you initiate; (b) to infrastructure and email service providers acting as our processors under contracts that restrict their use of the data to providing services to us; (c) to competent authorities when we receive a legally valid and enforceable demand, subject to the constraint that we can only produce the minimal categories of data described in Section 3 — never browsing history, traffic destinations, DNS queries, or IP-and-timestamp records, because such data does not exist on our systems; and (d) in connection with a corporate transaction such as a merger or asset sale, in which case the successor remains bound by commitments at least as protective as this Policy.
10. International Data Transfers
Foggy Froggy Networks is based in the United States, and our VPN servers are located in 17 countries: the United States, Canada, the United Kingdom, Germany, the Netherlands, France, Switzerland, Sweden, Finland, Poland, Singapore, Japan, South Korea, Australia, India, Brazil, and Turkey. Importantly, the location of a VPN node you connect to does not determine where your personal data is stored: account and billing data is held in our central systems in the United States, and the nodes themselves hold no activity logs. Where we transfer personal data of individuals in the European Economic Area, the United Kingdom, or Switzerland to jurisdictions without an adequacy determination, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and equivalent UK and Swiss mechanisms.
11. Security Measures
We apply technical and organizational measures proportionate to the sensitivity of the data we hold. These include: strong encryption of VPN traffic in transit with DNS leak protection and IPv6 leak protection; server infrastructure built on AMD EPYC processors with ECC RAM to guard against silent memory corruption and NVMe SSD storage with full-disk encryption for the limited system data that must exist; strict access controls and role-based permissions for staff; hashed and salted storage of passwords; network segmentation between billing systems and VPN infrastructure; capacity discipline of fewer than 100 users per node; and 24/7 infrastructure monitoring designed to detect anomalies at the system level without inspecting user traffic. No security measure is absolute, but our most important safeguard is architectural: the data most attackers would want simply is not there.
12. Your Privacy Rights
Depending on your place of residence, you may have some or all of the following rights. Under the GDPR and similar laws, you may request: access to the personal data we hold about you; rectification of inaccurate data; erasure of your data; restriction of processing; portability of data you provided to us in a structured, commonly used format; and objection to processing based on legitimate interests. You may also withdraw consent at any time where processing is based on consent, and you may lodge a complaint with your local supervisory authority. If you are a California resident, the California Consumer Privacy Act as amended (CCPA/CPRA) gives you the rights to know, to delete, to correct, and to non-discrimination for exercising your rights; we do not sell or share personal information as those terms are defined in California law, so there is nothing to opt out of. To exercise any right, contact us using the details below; we will verify your identity using your account email address and respond within the timeframe required by applicable law, generally thirty (30) days for GDPR requests and forty-five (45) days for CCPA requests.
13. Children's Privacy
The Service is not directed to children, and we do not knowingly collect personal data from anyone under the age of sixteen (16), or under the age of eighteen (18) where account creation requires legal majority. If you believe a child has provided us with personal data, please contact us and we will delete the associated account and data promptly. Parents and guardians who permit household members to use devices under a FAMILY or other multi-device plan remain responsible for those devices under our Terms of Service.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and notify registered subscribers by email or in-service notice before the changes take effect. We will never retroactively weaken the protections applied to data collected under an earlier version of this Policy, and no update will ever introduce the collection of browsing history, traffic destinations, DNS queries, or IP-and-timestamp logs, which would contradict our No-Logs Policy.
15. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact Foggy Froggy Networks using the details below. Please include your account email address so we can locate your records and respond efficiently.
EMAIL: support@foggyfroggynetworks.com
ADDRESS: 1930 Sheridan Ave, Cody, WY 82414, USA
PHONE: +1 (209) 815-0452