Privacy Policy — RocketVPN
Privacy Policy of Xenex Networks LLC d/b/a RocketVPN — what we collect, what we don't, and how we handle your data.
Last updated: 1 January 2026
This Privacy Policy (the "Policy") forms part of the Terms of Service between you and Xenex Networks LLC, a Delaware limited liability company doing business as RocketVPN ("RocketVPN", "we", "us", "our"). It explains what personal information we collect, how we use it, with whom we share it, and what choices you have. By creating an account or otherwise using the Service you confirm that you have read, understood, and accepted this Policy together with our Terms of Service and Refund Policy.
1. Data Controller
The data controller responsible for processing your personal data is Xenex Networks LLC, registered in the State of Delaware, USA, with mailing address: 3911 Concord Pike #8030 SMB#32597, Wilmington, DE 19803, USA. For all privacy-related enquiries, contact support@rocketvpn.net.
2. Information We Collect
To deliver the Service we collect the minimum information necessary:
- Account data — your e-mail address (used as login) and a one-way hashed password. We do not store your plaintext password.
- Billing data — payment-method type, transaction identifier, billing currency, and the total amount paid. Card numbers, CVV codes, and full bank details are processed exclusively by our payment-processing partners (Section 7) and never reach our servers.
- Operational metadata — aggregated counters of active connections per server, total daily bandwidth per account (used for fair-use enforcement on unmetered plans), and the timestamp of your most recent connection. These records do not contain origin or destination IP addresses, websites visited, DNS queries, or the content of your traffic.
- Support correspondence — when you contact our support team we retain the messages exchanged for as long as the matter is open and for a reasonable period thereafter.
- Website analytics — pages visited on rocketvpn.net (server-side counters) and aggregated browser/device statistics. No cross-site tracking cookies are placed.
3. No-Logs Commitment
We do not log, retain, or have access to any of the following while you are connected to the Service:
- Browsing history or visited URLs;
- DNS queries and DNS responses;
- The content of your network traffic (encrypted or otherwise);
- Origin IP addresses associated with active sessions beyond the technical minimum required to route packets in real time;
- Connection start/stop times tied to a specific user account.
Our infrastructure runs RAM-only encrypted nodes wherever technically feasible. Server logging is configured to discard connection metadata after the immediate routing decision.
4. Why We Process Data & Legal Basis
| Purpose | Legal basis (GDPR / Delaware UCITA) |
|---|---|
| Provide the VPN Service and authenticate your account | Performance of contract |
| Process payments and issue receipts | Performance of contract; legal obligation (tax/accounting) |
| Detect and prevent fraud, abuse, and DDoS attacks | Legitimate interest (network integrity) |
| Respond to support requests | Performance of contract |
| Comply with court orders, subpoenas, and other valid legal process under United States federal and Delaware state law | Legal obligation |
| Send service announcements (security alerts, billing notices) | Performance of contract |
| Send optional marketing e-mails | Consent (you may withdraw at any time) |
5. Cookies & Local Storage
Our website uses only essential cookies (session token after login, language preference) and a small amount of local storage to remember your dashboard settings. We do not use third-party advertising cookies, behavioural-tracking pixels, or fingerprinting libraries.
6. Disclosure to Third Parties
We disclose personal data only to the categories of recipients listed below, and only the minimum data required for the stated purpose:
- Payment processors — to authorise and settle your payments. Each processor is bound by PCI-DSS and acts as an independent data controller for the card data it handles.
- Hosting and infrastructure providers — for the operation of our servers; bound by data-processing agreements equivalent to the standard contractual clauses.
- Legal authorities — when compelled by a valid subpoena, court order, or other legal process under applicable United States federal or Delaware state law. We will, where lawful, notify the affected user and challenge requests we believe to be overbroad or improperly served.
- Successor in interest — in connection with a merger, acquisition, or sale of all or part of our business, subject to the continued application of this Policy.
We do not sell, rent, or trade your personal information to advertisers or data brokers.
7. International Data Transfers
Personal data is stored in the United States and may be transferred to other jurisdictions where our servers are operated. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (2021/914) and supplementary technical safeguards. You may request a copy of the safeguards in place by writing to support@rocketvpn.net.
8. Data Retention
| Category | Retention period |
|---|---|
| Account data (e-mail, hashed password) | For the lifetime of the account; deleted within 30 days of account closure |
| Billing records | 7 years (US tax-record retention) |
| Support correspondence | 2 years from the closure of the support ticket |
| Operational metadata | Aggregated daily; raw counters retained no longer than 30 days |
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — obtain a copy of the personal data we hold about you;
- Rectification — correct inaccurate or incomplete data;
- Erasure — request deletion of your account and associated personal data, subject to retention obligations under applicable law;
- Restriction or objection — limit or object to certain processing activities;
- Portability — receive your data in a structured, commonly used, machine-readable format;
- Withdraw consent — at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
- Lodge a complaint — with a supervisory authority (e.g. your national data-protection regulator).
To exercise any of these rights, write to support@rocketvpn.net. We respond within the timeframes mandated by applicable law (generally within 30 calendar days).
10. Security
We apply industry-standard technical and organisational measures: TLS 1.3 for data in transit, AES-256 for data at rest, two-factor authentication available for all accounts, segregated production and administrative networks, and least-privilege access control with comprehensive audit logging of administrative actions. No system is perfectly secure; in the unlikely event of a breach affecting your personal data, we will notify you and the relevant supervisory authorities within the timeframes required by applicable law.
11. Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it.
12. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes take effect 14 days after publication on this page; your continued use of the Service constitutes acceptance of the revised Policy.
13. Governing Law
This Policy is governed by the laws of the State of Delaware, USA, without regard to its conflict-of-laws principles, and complemented by mandatory consumer-protection and data-protection laws of your country of residence where they grant you broader rights.
14. Contact
Xenex Networks LLC
3911 Concord Pike #8030 SMB#32597
Wilmington, DE 19803, USA
Privacy enquiries: support@rocketvpn.net