How We Handle Your Data


The average privacy policy isn’t exciting to read – let alone easy to understand. Many companies utilize convoluted language and broad generalizations to conceal dodgy behavior, and most of us would never consent to these policies if they were presented clearly. We’ve taken a stand against these tricky practices by presenting our Data Use Policy in plain language, clearly laying out our responsibilities and your rights. This Data Use Policy shares the same values as IVPN and its parent company Privatus Limited, which funds The Privacy Issue. If you’d like further information on either, please get in touch:



1. What data is collected and stored when I visit The Privacy Issue?

The Privacy Issue has selected Matomo as its Web analytics platform. Web analytics allow us to understand our users engagement with our site to understand where it delivers value, and where it can be improved in terms of usability, simplicity, and speed. It also helps us to understand where our site visitors originate, and audit those referring sites to ensure they aren't making unfounded or exaggerated claims.

Matomo is Free and Open-Source Software (FOSS) that is hosted on our own server infrastructure to ensure your privacy (unlike platforms such as Google Analytics). For example, the Center for Data Privacy Protection in France (CNIL) recommended Matomo as the only tool that can easily ensure full compliance with privacy regulations. Matomo is used to aggregate information about our website visitors.

When your Web browser loads a page on our site, a small snippet of JavaScript code is executed within your browser which submits information such as:

  • your browser user-agent,
  • language,
  • screen resolution,
  • referring website,
  • IP address.

To ensure your privacy, The Privacy Issue discards the last two octets of the IP address.

2. Where is my data stored and who has access to it?

The Privacy Issue is subject to EU law and is in compliance with the EU Data Protection Directive (Directive 95/46/EC), which prohibits companies transferring data to overseas jurisdictions with weaker privacy laws. The Privacy Issue will not locate servers in countries where it's forced to break this compliance. Due to the nature of our logging practices, The Privacy Issue servers do not contain any personally identifiable information and thus, if seized, could not be used to identify users.

No third parties have access to any of your data. We always use first or third party tools we can host on our own servers in a protected and secure environment.


1. What are my data protection rights?

We want to make sure you are full aware of all your data protection rights. Everyone is entitled to the following:

The right to access

You have the right to request a copy of the personal data The Privacy Issue stores about you.

The right to rectification

You have the right to request that The Privacy Issue corrects any information you believe is inaccurate. You also have the right to ask The Privacy Issue to complete any information you believe is incomplete.

The right to erasure

You have the right to request that The Privacy Issue erase your personal data, under certain conditions.

The right to restrict processing

You have the right to request that The Privacy Issue restrict the processing of your personal data, under certain conditions.

The right to object to processing

You have the right to object to The Privacy Issue’s processing of your personal data, under certain conditions.

The right to data portability

You have the right to request that The Privacy Issue transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at:

2. How can I get access to the data you store on my behalf via a subject access request?

In accordance with GDPR legislation, reasonable requests for release of a specific user's data will be honored within 28 days of an acceptable request from a user or person with a provable legal relationship with that user.

We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. Any refused subject access requests will be responded to without undue delay including the refusal reason as well as recourse to refer to the supervisory authority.

Subject access requests should be made in writing to

3. Where is the regulatory authority that oversees the jurisdiction in which IVPN operates under GDPR?

The Privacy Issue is an initiative of IVPN and its parent company Privatus Limited, which is registered in Gibraltar. As such, the GDPR regulatory body is the Gibraltar Regulatory Authority. Their website can be found here:


1. What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies. For further information, visit

2. How does The Privacy Issue use cookies?

Matomo, a tool used for Web analytics hosted on our servers (see A/1.) may set a Web cookie to facilitate the identification of users who revisit the site. No other first-party or third-party cookies are placed when visiting

3. How can I manage cookies?

You can set your browser not to accept cookies. The website explains how to remove cookies from your browser.


1. How will I be informed of changes to this data use policy?

The Privacy Issue reserves the right to change this privacy policy at any time. In such cases, we will take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the The Privacy Issue website for a reasonable period of time, before the new policy becomes effective as well as emailing our existing customers. This privacy policy was last updated on January 22, 2020.

If you have any questions or comments regarding this policy, please do not hesitate to contact us.