Our promise
KEN VPN is built on a strict zero-log policy. We do not monitor, record, log, store, or share any of your browsing activity, connection timestamps, DNS queries, or IP addresses while connected to our VPN service.
This policy explains, in plain terms, the small amount of information we do handle to run your account, and the far larger amount we deliberately never touch.
01Who We Are
KEN VPN is operated by KEN Secure Ltd ("we", "us", "our"). Our website is located at kensecure.com and our service is delivered through the KEN VPN mobile application ("the App"). This Privacy Policy explains how we collect, use, and protect information when you use our services.
02Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address. Required for account authentication and important service notifications.
- Display name. Optional, used to personalise your experience.
- Password. Stored as a securely hashed value (bcrypt). We never store or can view your plain text password.
2.2 Subscription & Payment Information
If you subscribe to a paid plan, payments are processed by Stripe. We store your Stripe customer ID to manage your subscription. We never see, store, or process your credit card number, CVV, or full billing details. Stripe handles this directly under PCI-DSS compliance.
2.3 Device Information
When you register a device with KEN VPN, we store a device identifier, device name, platform type (Android/iOS), and a VPN-internal IP address. This is required for the WireGuard protocol to function.
2.4 Aggregate Bandwidth Usage
We track the total amount of bandwidth consumed per account for capacity planning and fair use (the Free tier includes unlimited data but is speed-capped, while KEN Pro is full speed). This is a cumulative number only. We do not record which websites, services, or IP addresses the bandwidth was used for.
2.5 Wi-Fi Network Name (On-Device Only)
The KEN VPN app for Android asks for the location permission. This is not used to track where you are: Android requires that permission before any app may read the name (SSID) of the Wi-Fi network you are connected to. KEN uses the network name entirely on your device to power unsafe Wi-Fi alerts and your trusted-network Smart Rules. Your location and your Wi-Fi network names are never stored, never transmitted, and never leave your device. If you decline the permission, the VPN works normally and only the Wi-Fi safety features are unavailable.
2.6 Push Notifications
To deliver service alerts (for example security notices or important account messages), the app registers a push notification token with Google Firebase Cloud Messaging. This token is a device identifier used only to route notifications to your device. It carries no location, browsing, or usage information, and it is removed when your device is signed out or your account is deleted.
03What We Do NOT Collect
We want to be completely transparent about what we never collect or store:
04How We Use Your Information
We use the information we collect solely for:
- Providing the VPN service. Authenticating your account, managing your subscription tier, and assigning VPN configurations.
- Enforcing plan limits. Tracking aggregate bandwidth to ensure fair usage across tiers.
- Service communications. Sending essential emails such as welcome messages, password resets, and upgrade confirmations.
- Service improvement. Aggregate, anonymised statistics to monitor server health and capacity planning.
05Data Storage & Security
Your account data is stored on secure servers hosted by Hetzner, with locations spanning multiple regions. All data in transit is encrypted using TLS 1.3. VPN tunnel traffic is encrypted using WireGuard's ChaCha20-Poly1305 cipher suite. Passwords are hashed with bcrypt before storage. Access to production systems is restricted to authorised personnel only.
06Data Sharing
We do not sell, rent, or trade your personal information to any third party. We share data only with:
- Stripe. For payment processing (see their privacy policy).
- Google Firebase. For sign-in with Google or Apple (authentication) and for delivering push notifications (Cloud Messaging). Firebase processes your sign-in identity and push token on our behalf (see Google's privacy documentation).
- Resend. For transactional email delivery (see their privacy policy).
- Anthropic. Powers KEN AI features such as Scam Check. When you choose to submit text for analysis, it is processed by Anthropic's Claude models on our behalf. We redact numbers and identifiers before sending, the content is never linked to your name, email, or account, it is used only to produce your result, it is not stored by KEN, and it is not used to train AI models (see their privacy policy).
- Enzoic. Powers the Dark Web Monitor. When you run a scan or keep monitoring enabled, the email address you choose to monitor is checked against Enzoic's breach-exposure database. Only that email address is shared, and only for this lookup (see their privacy policy).
- Law enforcement. Only if required by valid legal process (court order, warrant). Even then, due to our zero-log policy, we have minimal data to provide.
07Data Retention
Your account data is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymised aggregate statistics (total bandwidth served, server utilisation) may be retained indefinitely as they contain no personal information.
08Your Rights
Under UK GDPR and applicable data protection law, you have the right to:
To exercise any of these rights, contact us at [email protected].
09Children's Privacy
KEN VPN is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. The "Last updated" date at the top of this page indicates the most recent revision.
12Contact Us
If you have questions or concerns about this Privacy Policy or our data practices:
- Email: [email protected]
- General support: [email protected]