November 25, 2020
This Privacy Policy describes how TunnelBear LLC. ("TunnelBear") handles your Personal Data when you use our services ("Services").
By using our Services and/or registering for an account, you are accepting the terms of this Privacy Policy and our Terms of Service, which are integrated here by reference.
TunnelBear is a global company. Although our physical servers are located in many different countries around the world, TunnelBear does not store Personal Data outside of Canada's physical borders. By using our services, you authorize TunnelBear to use your information according to Canada's laws, regardless of which country you are located in.
If you have any questions or comments about this Privacy Policy, please contact us at: privacy (at) tunnelbear.com

1. Personal Data Collection and Use
As a provider of an online privacy service, we ultimately strive to collect the minimal amount of information required to operate our service. This often means difficult trade-offs between the information we collect and the performance of our service.
We believe in an open dialogue because this Privacy Policy is an evolving document. We welcome your thoughts and feedback on how we're doing.
1.1 What is Personal Data?
As described below, "Personal Data" means any information relating to an identified or identifiable natural person ("Individual") and includes information provided by you while using our Services. If we use or store Personal Data with information that is non-personal, we will consider the combination as Personal Data.
1.2 Account User Data
When you create or update your TunnelBear user account, we collect and store this "Account Data". The Account Data stored is listed below in its entirety:
Email address (Marketing, communications, purchase receipts and occasional product news)
Twitter ID (optional) (Completion of our Twitter promotion)
Email confirmed (Confirmation that your email address is valid)
Paid user (Provide paid users with unlimited data)
Paid user expiry date (Provide paid service until this date)

1.3 Operational Data
TunnelBear also collects and stores "Operational Data" required to operate our Services. This is data that we collect and store when you connect to our network. Operational data is listed below in its entirety:
OS Version e.g. iOS 7 (User support, troubleshooting and product planning)
TunnelBear App Version e.g. PC version 2.1.1 (User support and troubleshooting)
Active this month e.g. 1 or 0 (Customer satisfaction, support, network demand planning)
Total data used this month e.g. 22.34 GB (Customer satisfaction, support, network demand planning, granting free user data)
Operational events e.g. Created an account, complete Twitter bonus, made a payment, upgraded to paid subscription, online ad referrals (Troubleshooting account and payment related issues and tracking where sales come from; these events are not related to the time and activity of VPN usage)

1.4 Personal and Financial Data Collected at Payment
Making a purchase with a credit card on any service will result in Personal Data being exchanged with payment processors. For an anonymous purchase experience, TunnelBear offers payment through Bitcoin. No information is collected or stored from Bitcoin transactions.
Credit Card Transactions
TunnelBear processes credit card payment information securely through Stripe and PayPal. Credit card processors may store Personal Data associated with financial transactions outside of Canada's borders.
When you pay with credit card, TunnelBear stores the following information:
Cardholder last name e.g. Smith (For use in credit card fraud prevention)
Date of card use e.g. 2014/01/01 (For use in credit card fraud prevention)
Last four Numbers of Credit Card e.g. 5555 (For use in credit card fraud prevention)

TunnelBear does not store, but can securely login and view the following information through our third party payment processors Stripe and PayPal:
Card billing address (For use in credit card fraud prevention)
Card expiry (For use in credit card fraud prevention)
Last four Numbers of Credit Card (For use in credit card fraud prevention)
Session information e.g. Device type, operating system, IP address at time of payment (For use in credit card fraud prevention)

TunnelBear never stores your complete credit card number or your location at time of payment. To keep your payment information secure, we adopt all available security and multi-factor authentication measures available from these providers.
TunnelBear operates exclusively with PCI compliant payment processors. Only our payment processors have the ability to collect, use and access your full credit card information and other financial information. They can use this information solely for the purpose of charging and invoicing you for our (paid) Services.

1.5 Cookies and Persistent Trackers
In building our website and apps, we have tried to limit the number of services with access to store cookies in your browser. There are currently three third-party services with this ability. These services store data for as short a time as possible.

tb_mkt - TunnelBear marketing - Session
TunnelBear records a bit of information that helps us track how people are finding TunnelBear.

tb_ref - TunnelBear marketing - Session
This cookie helps us understand which TunnelBear touchpoint (eg: website, email) led you to purchase TunnelBear.

tb_overlay - TunnelBear marketing - 1 day
This cookie lets us know if you've already acknowledged any overlays that we display for our marketing or outreach initiatives. It does not contain any personal information.

ac - TunnelBear marketing - 1 year
This cookie lets us know if you've already acknowledged our cookie banner. It saves your preferences so that the banner doesn't show up every time you visit the site.

TB_SESSION - TunnelBear website customization - 7 days
This cookie stores your account type and is used to customize your TunnelBear.com account.
For example, if you have a paid account, we set your bearType to Grizzly and all of the graphics change to Grizzly Bears. We set a cookie so we don't have to continue checking your account type in the database as you use the website.


PLAY_SESSION - TunnelBear authentication - 7 days
PLAY_SESSION is the authentication token for TunnelBear.com. It allows you to use your account without having to continuously login.

tb_user - TunnelBear authentication - 30 days
tb_user allows us to understand whether you are a new or returning visitor to our website. By setting this cookie, we're able to customize the content on our own without using any third party tools.

XSRF-TOKEN - TunnelBear XSRF protection - 1 year
One common attack used against website visitors is a cross-site request forgery attack. TunnelBear uses this cookie to protect you from XSRF attacks.

_ga - Google Analytics – IP anonymization enabled - 2 years
To make our website better, we use Google Analytics (GA) to see how many people are visiting it. We have set GA to use the minimum available retention period and not store IP addresses.

_gaid - Google Analytics – IP anonymization enabled - 24 hours
To make our website better, we use Google Analytics (GA) to see how many people are visiting it. We have set GA to use the minimum available retention period and not store IP addresses.

_gat - Google Analytics – IP anonymization enabled - 1 minute
Google Analytics uses this cookie to limit the number of requests that we can make to their service in a given time period.

_gac - Google Ads - 90 days
If you visit our website from a Google Ads campaign, this cookie helps us understand how our campaigns are performing.

_gcl - Google Ads - 90 days
If you visit our website from a Google Ads campaign, this cookie helps us understand how our campaigns are performing.

_cfuid - DDoS protection - Cloudflare ID - 1 year
TunnelBear uses Cloudflare to protect our service from DDoS attacks. Cloudflare uses _cfuid in your browser so that once they have checked to see if you're a bot, they won't have to check again while you use our website.

_stripe_mid - Payment provider - Stripe user -1 year
TunnelBear uses Stripe to process credit card payments on our website. Stripe uses this cookie to help prevent fraud on TunnelBear.com.

_stripe_sid - Payment provider - Stripe session - 24 hours
TunnelBear uses Stripe to process credit card payments on our website. Stripe uses this cookie to help prevent fraud on TunnelBear.com.

TunnelBear for Teams
L1c - Browser ID cookie - Session
LinkedIn insights and ads tags

BizoID - LinkedIn Ad Analytics - 6 months
LinkedIn insights and ads tags

BizoData - LinkedIn Ad Analytics - 6 months
LinkedIn insights and ads tags

BizoUser MatchHistory - LinkedIn Ad Analytics -6 months
LinkedIn insights and ads tags

BizoNetwork PartnerIndex - LinkedIn Ad Analytics - 6 months
LinkedIn insight tags

_hjClosedSurveyInvites - Hotjar cookie. - 365 days
This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.

_hjDonePolls - Hotjar cookie.- 365 days
This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.

_hjMinimizedPolls - Hotjar cookie.- 365 days
This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through the site.

_hjDoneTestersWidgets - Hotjar cookie.- 365 days
This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.

_hjMinimizedTestersWidgets - Hotjar cookie.- 365 days
This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through the site.

_hjIncludedInSample - Hotjar cookie.- 365 days
This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.

_hjShownFeedbackMessage - Hotjar cookie. - 365 days
This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.

_hjid - Hotjar cookie.- 365 days
This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.


1.6 Other Data TunnelBear Just does NOT Collect
TunnelBear explicitly does NOT collect, store or log the following data:
• IP addresses visiting our website
• IP addresses upon service connection
• DNS Queries while connected
• Any information about the applications, services or websites our users use while connected to our Service

No logging!
2. Personal Data
Any Personal Data you provide to TunnelBear will be administered according to the following principles:
2.1 Accountability
Should you have any concerns about how your Personal Data is handled or questions about this Privacy Policy, feel free to contact us at privacy (at) tunnelbear.com
2.2 Disclosure of Personal Data to Third Parties
Except as described below, TunnelBear will NOT disclose any Personal Data to other commercial parties under any circumstance:
We may send data to third-party service providers who operate services that help us with: customer support; email; hosting, protecting, and securing the TunnelBear infrastructure; DDoS prevention; payment processing; as well as understanding website analytics, app analytics, account and payment related service usage.
In the event TunnelBear is served with a valid subpoena, warrant or other legal document and applicable law requires TunnelBear to comply, the extent of disclosure is limited to the Personal Data listed within this Privacy Notice.
As noted above, TunnelBear utilizes PCI-compliant third-party payment processors to collect your credit card and other billing information.
If our organization structure changes (e.g., we undergo a restructuring or are acquired), we may need to migrate your Personal Data to a third party related to a business transaction, but, we will ensure that such a third party has entered into an agreement under which the use of your Personal Data is only related to purposes necessary for the transaction.
TunnelBear does NOT store users' originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers. Additionally, we cannot disclose information about the applications, services, or websites our users consume while connected to our Services; as TunnelBear does NOT store this information.

2.3 Consent and Legitimate Interest
When you sign up for our Service and provide us Personal Data, you allow us to process that information in accordance with this Privacy Policy. We rely on legitimate interest for marketing, research, and fraud prevention. We will obtain your consent where required by law.
You have the right to ask us not to contact you. To exercise your choices or ask questions about your Personal Data, please contact us by visiting our privacy center.
2.4 Limiting Collection
We take great care to not collect Personal Data indiscriminately and limit collection to the minimum necessary information required to operate our service. By limiting the collection of data, we help to protect the privacy and security of your Personal Data.
2.5 Limiting Use, Disclosure, and Retention
We will not use your Personal Data for any purpose that you have not consented to. TunnelBear will NOT sell or trade Personal Data for commercial purposes.
Only TunnelBear's employees with a business need to know or whose duties require, are granted access to our customers' Personal Data. All such employees will be required as a condition of employment to respect the confidentiality of our customers' Personal Data.
We store your Personal Data only as long as is necessary for the purposes for which it is collected, to provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. We erase or destroy the records containing Personal Data when they are no longer required; this will be done in ways that will ensure your continued privacy.
2.6 Accuracy
It is your responsibility to inform TunnelBear of any relevant changes in your Personal Data by updating your account information.
2.7 Safeguards
TunnelBear uses exceptionally strong safeguards to protect the privacy of all our records, including your Personal Data. We implement physical, business and technical security measures. These strong safeguards are designed to prevent unauthorized access, disclosure, loss, theft, copying, use or modification to your Personal Data.
2.8 Openness and Transparency
So that you can be confident that we are handling your Personal Data appropriately, we take extraordinary measures to document our policies and provide openness and transparency around the data we collect, why we collect it and how we handle it.
2.9 Individual Access
If at any time you have a question about our records containing your Personal Data, we will do our best to answer it. You have the right to be told about the kind of Personal Data we maintain and how it is used. Upon request, we will provide you with information regarding the existence, use and disclosure of your Personal Data.
2.10 Individual Access
If you are visiting from the European Union, please note that by providing your Personal Data, you consent to any transfer of your Personal Data to Canada and processing of your Personal Data globally in accordance with this Policy.
2.11 Rights of Access, Rectification, Erasure, and Restriction
You have the right to inquire as to whether TunnelBear is Processing Personal Data about you, request access to Personal Data, and ask that we correct, amend or delete your Personal Data where it is inaccurate.
Visit TunnelBear's privacy center to request access to, receive (port), seek rectification, or request erasure of Personal Data held about you by TunnelBear.
To protect your privacy, TunnelBear requires you to login to your account with a username and password before granting you access to or allowing you to make any changes to your Personal Data.
TunnelBear makes good faith efforts to provide you with the ability to delete your Personal Data, however there may be circumstances in which TunnelBear is unable to delete all your Personal Data. For example, we are unable to delete it where we are legally required to keep it, including where we need it to continue to offer you the service or if you are involved in litigation with us, we would be required to retain your personal data, which is limited to the fields we discuss above in 1.2, 1.3 and 1.4.
If TunnelBear determines that your Personal Data cannot be deleted, we will explain why and provide a contact for further inquiries.
If you have any questions about our privacy practices, this Privacy Policy, or how to lodge a complaint with the appropriate authority, please contact TunnelBear by email at privacy (at) tunnelbear.com. We will address your concerns and attempt to resolve any privacy issues in a timely manner.
If your privacy concerns or complaints are not addressed to your satisfaction by TunnelBear you may contact the Office of the Privacy Commissioner of Canada for further guidance at:
Office of the Privacy Commissioner of Canada 
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
TTY: (819) 994-6591
www.priv.gc.ca

Residents of California

Your California Privacy Rights - Shine the Light Law
TunnelBear does not share information that identifies you personally with non-affiliated third parties for our own marketing use without your permission.
California Consumer Privacy Act
If you are a resident of California, you may exercise your rights in Personal Data by visiting TunnelBear's privacy center to request access to, receive (port), seek rectification, or request erasure of Personal Data held about you by TunnelBear. For purposes of the California Consumer Privacy Act, TunnelBear does not "sell" your Personal Data.
Residents of Nevada
TunnelBear does not sell information that identifies you personally with non-affiliated third parties. TunnelBear will not sell or trade Personal Data for commercial purposes.
2.12 Changes to Our Privacy Policy
We may need to change our Privacy Policy from time-to-time and all updates will be posted online. Your continued use of our Services after the effective date of such changes constitutes your acceptance of such changes. We will post an effective date at the top of the page for your convenience.

Our Terms of Service are available at https://www.tunnelbear.com/tos