Privacy Policy

This is the privacy policy which applies to the business of Enigma Incorporated Ltd (“we”or “us”or “Enigma Inc”) relating to the provision of products/devices or VPN services to our customers. We have a separate privacy policy for our consultancy businesses.

We are a Data Controller and Processor under UK law derived from the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy describes how we use your personal information and for which purpose. There may be times when we use your information for reasons not set out herein, in which case we will clearly explain the reason(s) for doing so.

We strive to collect the minimum amount of data required to operate our business or provide a service. We do not sell your data.

We do not track, and we do not log.

We explicitly do not collect or store the following data:

  • Users’ IP addresses visiting our websites
  • Users’ IP addresses upon service connection
  • DNS Queries whilst connected
  • Any information about the applications, services or websites used by our customers

The collection and use of your personal information will depend on the particular relationship and arrangements in place between us. We would only use and share information where it is necessary for us to meet its legitimate interests as described below.

  1. Security

The protection of personal data is a fundamental right. Access to this information held by us is limited and we have systems and procedures in place to protect this information and keep it confidential. We monitor and revise the appropriateness of these security measures on a regular basis.

We process personal data in relation to:

  • The use of our website to undertake comparison tests
  • The opening of an account with us
  • The purchase of VPN services and/or products/devices

and the individuals associated with these entities.

  1. What type of personal data is collected and processed by us, and on what basis?

We limit the collection of personal data information which we can process pursuant to a lawful basis, namely a contractual necessity, a legal obligation or to meet our legitimate interests. We seek to limit data collection as follows:

  1. Account Data

  • Name
  • Email address
  • Contact details for marketing, communications, purchase receipts, and occasional product news
  • Twitter ID (optional)
  • Completion of our twitter promotion
  • Confirmation of valid email address
  • Whether or not a user is a paid user
  • The provision of unlimited data to paid users
  • Subscription expiry date

  1. Operational Data

We also collect and store “Operational Data” required to operate our services. This is data that we collect and store when you connect to our network. We seek to limit the collection of this data as follows:

  • OS Version (e.g. iOS 7)
  • User support, troubleshooting and product planning
  • EnigmaNet App Version (e.g. PC version 2.1.1)
  • Operational activity this month (e.g. number of account logins, creation of accounts, payments made, any upgrades to paid subscription, online ad referrals, completion of Twitter bonuses, etc)
  • Customer satisfaction, support, network demand planning
  • Total data used this month (e.g. 22.34 GB)
  • Troubleshooting account and payment related issues and tracking where sales come from (such events are not related to the time and activity of VPN usage)

  1. Personal and Financial Data Collected at Payment

Making a purchase with a credit card on any service will result in personal data being exchanged with payment processors. Due to UK legislation, payment by Bitcoin or other cryptocurrencies would involve the collection of additional personal data including additional checks on whether individuals are politically exposed persons, or one of their close relatives.

Credit Card Transactions

We process credit card payment information securely through third party payment providers such as Stripe. Credit card processors may store personal data associated with financial transactions outside the UK.

When you pay with a credit card, we may obtain the following payment data:

  • Cardholder last name (e.g. Smith)
  • Date of card use (e.g. 2022/01/01)
  • Last four numbers of credit card (e.g. 4567)
  • Card Billing address
  • Card Expiry
  • Session information (e.g. device type, operating system, IP address at time of payment)

What do we use it for?

  • To operate, evaluate and improve our business
  • To carry out auditing, accounting and other internal functions
  • To prevent credit card fraud
  • To monitor compliance with applicable laws and regulations
  • To carry out security maintenance over Enigma Inc’s systems
  • To comply with applicable laws and regulations

We can securely log-in and view the data stored by third party payment providers such as Stripe. We adopt all available security and available multi-factor authentication measures.

Whilst processing this information does not override your rights, we have a legitimate interest in using it as it could potentially assist Enigma Inc in further developing its business, raising interest from professional investors, increasing its assets under management and keeping existing investors and other interested parties appraised of new developments.

Direct marketing procedures are limited to period updates sent to a very limited distribution list of Business Contacts. Recipients of these emails are given the opportunity to opt-out from the distribution list so that their information is not used for such a purpose.The use of personal data for regular updates is targeted and proportionate in accordance with the guidelines issued by the Information Commissioner’s Office regarding the GDPR provision of “legitimate interest”.

  1. Cookies and Persistent Trackers

In building our websites and apps, we have tried to avoid the use of cookies in your browser.

Unlike many of our competitors, we do not use any tracking tools for any purposes.

  1. How do we obtain Personal Data?

We collect personal data in a number of ways:

  • From information provided directly by an individual
  • The collection of information received from third-party suppliers in relation to services, including but not limited to fraud prevention, employment, or other background checks
  • Automatic collection of data from our systems when someone visits our website
  • From publicly available sources, such as company websites, press and online engines

  1. Transferring Information Overseas

Personal data is stored on our systems based in the United Kingdom, the EU, and the USA.

Electronically stored information may be transferred outside the UK. When such transfers take place, we ensure the transfer of information to either a country or organisation which has been categorised as adequate by the European Commission or UK authorities and/or meets the same standards of data protection as the UK, or an organisation pursuant to a contract between us and the third-party on terms that contain data privacy provisions approved by the European Commission or UK authorities.

  1. Sharing Information with Third Parties

We only share personal data with third parties pursuant to the legitimate interests described above. However, we may be required to share information with other entities by law, in connection with any legal proceedings or in response to an enforcement action or investigation carried out by an authority or regulator. We do not transfer such information to third parties for their own marketing purposes without requesting your express consent. We do not sell or buy personal data from other providers. We may send information to third-party providers who operate services that help us with: customer support, email, hosting, protecting, and securing our infrastructure, DDoS prevention, payment processing, as well as understanding website analytics, app analytics, account and payment related service usage.

  1. How long will the information be stored?

We retain your personal data for as long as it is considered necessary for the purpose for which it was collected, subject to the applicable laws and regulations. The retention period is determined on the type of information, the nature of the activity and the rules and regulations applicable at the time. In general, we have policies and procedures in place to keep records for up to seven years.

We may have to retain personal data for longer periods, especially where Enigma Inc has been ordered to withhold destruction of the information by the Courts or an authority or agency as evidence.

  1. What are your rights?

Should you wish to contact us in relation to any of your rights under the GDPR, you can either write to our registered office address at 50 Sloane Avenue, Suite 103, London, England, SW3 3DD or send an email to legal@enigmainc.co.uk quoting GDPR in the subject heading.

Irrespective of the nature of your GDPR request, we will respond to you within 30 days of receipt of your initial notification to confirm whether we can take any action. If we believe that we have good grounds not to meet your request, we will notify you and explain the reasons for not doing so.

  1. The right to access your data

If you would like to receive a copy of the personal information that we hold on you, you can contact us as per the above instructions. We may need to verify your identify before we can take any further steps in response to your request.

  1. The right to rectify your data

If you believe that Enigma Inc holds inaccurate information on you, you can request us to rectify and update it. We may have to withhold the processing of your personal data until the new information has been verified and updated on Enigma Inc’s systems.

  1. The right to erase your data

If you believe that Enigma Inc is processing your data unlawfully, at a time when it no longer needs to or for the purpose for which it was provided, you can request for your personal data to be erased. However, this request is not absolute under the GDPR and depending on the circumstances, Enigma Inc may not be able to meet your request.

  1. The right to restrict the processing of your data

You may wish to ask Enigma Inc to limit the processing of your data if you believe that the information is being unlawfully processed and/or we no longer need it for a particular purpose. This request is not absolute under the GDPR and Enigma Inc’s ability to meet it will depend on the circumstances.

  1. The right to data portability

You have the right to receive a copy of the personal data that we hold on you, and/or ask us to transfer your personal data to someone else. Either way, we will seek to provide you with the information on a portable format which is safe and machine-readable.

  1. The right to object to the processing of your data and/or direct marketing

You have the right to object to the processing of your personal data by us. However, please note that this right is not absolute under the GDPR. It is therefore subject to certain record-keeping requirements. Applicable laws and regulations may restrict our ability to meet any request to stop processing your information. However, you retain an absolute right to ask us to stop processing your information for direct marketing purposes. Should wish you to notify us of such a request, please contact us using the details set out above. In the event that we rely on your permission to use your information for a particular purpose, you retain the right to withdraw your consent at any time.

  1. The right to withdraw your consent

As set out in this Privacy Policy and depending on the nature of our relationship with you, we rely on our legitimate interests in order to process personal information. As we do not rely on express consents as a lawful basis for processing your information, we may therefore not be in a position to meet a request to stop processing it. However, should you wish to withdraw your permission in relation to our periodic market or investment updates, please email us your request and we will stop using your data for the purpose of direct marketing.

  1. The right to lodge a complaint with the regulator

Should you wish to complain about the way we use your personal data or handle your request pursuant to your rights under the GDPR, please contact our Data Compliance Officer in the first instance. He will investigate the matter and aim to address your concerns within 30 days of receipt of your complaint. You can also lodge a complaint with the Information Commissioner’s Office (ICO). For more information, please visit ico.org.uk.

  1. Residents of California and Nevada

Residents of California – We do not share information that identifies you personally with non-affiliated third parties for our own marketing use without your permission.

California Consumer Privacy Act – If you are a resident of California, you may exercise your rights to personal data by contacting legal@enigmainc.co.uk quoting “California Consumer Privacy Act” in the subject heading to request access to, receive (port), seek rectification, or request erasure of personal data held about you. For the purposes of the California Consumer Privacy Act, we do not “sell” your personal data.

Residents of Nevada – We do not sell information that identifies you personally with non-affiliated third parties. We do not sell or trade personal data for commercial purposes.

  1. Changes to our Privacy Policy

We may need to change our privacy policy from time to time and all updates will be posted online. Your continued use of our products/devices and/or services after the effective date of such changes constitutes your acceptance of such changes. This privacy policy is effective from 24 January 2022.

Contact Information

If you have any questions in relation to this Privacy Policy or how Enigma Inc processes personal data, please contact our Data Compliance Officer at:

Enigma Incorporated Ltd,

c/o Park Vale Capital Limited,

50 Sloane Avenue,

London, England, SW3 3DD

E: legal@enigmainc.co.uk