A lot of people have been asking us our response to these questions so I thought I’ll set them out here.
1. Do you keep ANY logs which would allow you or a 3rd party to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold?
No we do not keep logs. However as per our policy, if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or cpu usage) we may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers).
Once the user is identified, we will terminate the offending user, issue him an e-mail for the reason of termination and wipe the logs from our system.
Turning on logs for troubleshooting is a very last resort and is necessary to ensure the integrity of our services. It has happened very rarely (only a handful of times in our 6 years of operation) and such information was not disclosed to third parties but merely used to terminate the offending user. In any case logs were usually enabled for not more than few hours and only for the particular server that was experiencing abuse.
2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?
We’re a Malaysian incorporated company which is not subject to any mandatory data retention laws. As we don’t keep logs, there is not much information to share even when requested.
3. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
Servers hosted in US or categorized as “surfing/streaming’ have P2P disabled on them. As for other servers, they are not subject to DMCA and we have a good working relationship with our server providers.
In the event DMCA notices or similar are given to us, we normally respond that we don’t have such content hosted on our networks and if the provider is adamant, we will terminate our relationship with the server provider and find a new one. We will not reveal the user that generated that DMCA notice (nor can we with no logs taken). Over the years, we have identified server providers that we can work with and understand the nature of our business.
4. Which payment systems do you operate and how are these linked to individual user accounts
We accept BitCoin, Liberty Reserve, Paypal and MolPay (Malaysian online bank-ins) and also direct bank-ins for Malaysian users.
For each order, there is an Order ID that is tied to a user name which is marked as paid or not and the method of payment. BitCoins would be the most anonymous form of payment since all other payment processors would require some identifying information. However to sign up to our service, all is needed is a working e-mail and you are free to use placeholder names etc etc. Only in the event of dispute or chargeback cases (especially with credit cards), additional info is requested which is to be expected when using a credit card (unless a prepaid visa is used).
Our order/portal system is not linked to your authentication to our VPN servers and exists completely independent of it since we use a certificate based authentication system.