Zenshield Privacy Policy
Last Updated: March 10, 2026
This Privacy Policy explains how REPOCKET PTE. LTD. ("Repocket," "we," "us," or "our") collects, uses, processes, discloses, and protects personal information in connection with the Zenshield software, VPN service, bandwidth sharing functionality, and related websites (collectively, the "Services").
This Privacy Policy applies to Zenshield desktop applications (including Windows and macOS), Zenshield mobile applications (including iOS and Android), and any associated websites operated under Zenshield brand. This Privacy Policy forms part of and should be read together with the Zenshield End User License Agreement ("EULA"). By installing, accessing, or using the Services, you acknowledge that your personal information will be processed as described in this Privacy Policy.
For the purposes of applicable data protection laws, REPOCKET PTE. LTD. (with address at 60 Paya Lebar Road, #11-03 Paya Lebar Square, Singapore 409051) is the data controller responsible for the processing of personal information described in this Privacy Policy. Our email is hello@zenshield.com
We may update this Privacy Policy from time to time to reflect changes to the Services, our practices, legal requirements, or platform requirements. The "Last Updated" date at the top of this Privacy Policy indicates when it was most recently revised. If we make material changes, we will take reasonable steps to provide notice, such as by posting an updated version on our website or providing notice within the Services. Your continued use of the Services after an updated Privacy Policy becomes effective constitutes your acceptance of the updated Policy.
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is handled, you may contact us using the details above.
1. INFORMATION WE COLLECT
1.1. Information we collect
We collect personal information and related technical data only to the extent necessary to provide, secure, and improve the Services. The categories of information we collect are described below.
| Category of Information | What We Collect | Purpose of Collection |
|---|---|---|
| Information You Provide | Email address; hashed account password; support communications (including attachments); optional profile details (if provided) | Account creation and management; authentication; user support; service communications |
| Account and Consent Records | EULA acceptance records; Bandwidth Sharing acceptance records; timestamps of consent; IP address at time of consent; app version, device type, or platform at acceptance | Demonstrate contractual acceptance; maintain compliance records; legal defense; security auditing |
| Network and Technical Information | Incoming IP address; VPN server IP assigned; selected country/server location; session timestamps and duration; device type; operating system and version; app version; ISP/ASN (if collected); crash logs and diagnostics | Operate VPN service; allocate servers; maintain network integrity; troubleshoot issues; prevent abuse; improve performance |
| Bandwidth Sharing Data | External IP participation in proxy network; routing-related metadata; abuse prevention logs; network integrity monitoring data | Operate managed proxy network; allocate routing; monitor misuse; ensure compliance and security |
| Analytics and Website Data | Website analytics data (e.g., Google Analytics, PostHog); device identifiers for diagnostics; cookies; SDK performance analytics | Understand usage patterns; improve functionality; maintain service reliability; diagnose technical issues |
1.2. Limitations
Zenshield is designed to limit the collection of sensitive network activity data. Specifically:
- We do not store your browsing history.
- We do not retain DNS query logs.
- We do not inspect or store the content of your communications.
- We do not perform deep packet inspection of VPN traffic.
- We do not use VPN traffic for advertising tracking purposes.
- We do not build behavioral advertising profiles based on your VPN usage.
Our data collection practices are limited to what is necessary to operate, secure, and improve the Services as described in this Privacy Policy.
1.3 Processing Overview
We process personal information only where necessary to provide the Services, maintain security, comply with legal obligations, and operate the bandwidth sharing model described in this Privacy Policy. The table below summarizes the categories of personal information we process, the purposes for which we process them, and the applicable legal bases:
| Category of Data | Purpose of Processing | Legal Basis (EEA/UK) |
|---|---|---|
| Account Information (email, credentials) | Create and manage user accounts; authenticate access; provide customer support | Performance of contract |
| Consent Records | Maintain evidence of acceptance of the EULA and Bandwidth Sharing participation | Legal obligation; Legitimate interests (compliance and legal defense) |
| Network and Session Information | Establish and maintain VPN connections; allocate servers; ensure service functionality | Performance of contract |
| Bandwidth Sharing Data | Operate and manage proxy network participation; allocate routing; monitor integrity | Performance of contract; Legitimate interests (network operation and security) |
| Technical and Diagnostic Data | Troubleshoot errors; improve performance; detect misuse | Legitimate interests |
| Security and Abuse Logs | Prevent fraud, abuse, cyberattacks, and policy violations | Legitimate interests; Legal obligation (where applicable) |
| Analytics Data | Analyze usage patterns; improve features; optimize performance | Legitimate interests |
| Legal Request Data | Respond to lawful requests and regulatory requirements | Legal obligation |
1.4. Children data
We do not knowingly collect personal information from individuals who do not meet the applicable minimum age requirement of at least 16 years of age. If we become aware that personal information has been collected from a user who does not meet the required age threshold, we will take reasonable steps to delete such information and terminate the associated account, unless retention is required for legal purposes. If you believe that a minor has provided personal information in violation of this Policy, you may contact us using the contact details provided below. Parents or legal guardians who believe that their child has submitted personal information to us without authorization may request that we delete such information.
1.5. Sensitive personal information
We do not intentionally collect or process sensitive personal information as defined under applicable law, except where necessary to provide the Services.
2. BANDWIDTH SHARING DISCLOSURE
2.1 Nature of Traffic
Zenshield provides a free VPN service that may include participation in bandwidth sharing, as further described in the Bandwidth Sharing Policy. Where bandwidth sharing is active, your device's external IP address may be used as part of a managed proxy network operated through Repocket infrastructure. In this context, your IP address may function as a routing endpoint for authorized third-party network requests. As a result, certain third-party internet traffic may egress from your external IP address. Third-party traffic routed through the proxy network:
- Is limited to controlled and monitored commercial use cases;
- Is subject to technical allocation and filtering controls;
- Does not provide third parties with access to your device, local files, accounts, or applications.
Bandwidth sharing does not allow remote control of your device.
2.2 Safeguards
We implement technical safeguards designed to reduce misuse of the proxy network, including:
- Automated detection systems;
- Maintained blocklists and destination restrictions;
- Traffic monitoring for abuse prevention;
- Response procedures for valid abuse reports.
We may block, suspend, or restrict traffic categories or destinations to comply with legal, security, or platform requirements. Zenshield does not inject, alter, redirect, or manipulate traffic generated by third-party applications installed on your device for advertising or monetization purposes. VPN traffic is not used for behavioral advertising or cross-app tracking.
3. HOW WE SHARE INFORMATION
3.1 Categories of Recipients
We may share personal information with the following categories of recipients where necessary to operate the Services:
- Cloud hosting providers, data center operators, and related infrastructure partners that enable operation of the VPN service, bandwidth sharing network, and associated systems.
- Service providers that assist us in understanding usage patterns, diagnosing technical issues, and improving performance (where analytics tools are enabled).
- Vendors that facilitate transactional emails, account communications, and customer support services.
- Service providers that assist with fraud detection, abuse prevention, security monitoring, and compliance management.
- Affiliated entities within the Repocket corporate group, where necessary for operational, security, or administrative purposes.
- Governmental authorities, courts, regulators, or law enforcement agencies where disclosure is required by applicable law or lawful process.
All third-party service providers are required to process personal information only for authorized purposes and in accordance with applicable data protection laws.
We may also share personal information in connection with a merger, acquisition, restructuring, financing transaction, or sale of assets, personal information may be disclosed to relevant parties, subject to appropriate confidentiality safeguards.
3.2 Explicit Disclosures
We do not sell or share personal information, including within the meaning of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for cross-context behavioral advertising purposes. We do not share browsing history. We do not provide advertisers with access to VPN traffic. We do not use VPN traffic data for targeted advertising.
3.3 International Transfers
Personal information may be processed in Singapore and in other jurisdictions where our service providers or infrastructure partners are located. Where personal information is transferred across international borders, we implement appropriate safeguards consistent with applicable data protection laws. Such safeguards may include:
- Contractual data protection clauses (including standard contractual clauses, where applicable);
- Data processing agreements with service providers;
- Technical and organizational measures designed to protect personal information during transfer and processing.
Our Services rely on cloud-based infrastructure and distributed network systems, which may involve processing in multiple regions. We take reasonable steps to ensure that personal information remains protected in accordance with this Privacy Policy regardless of where it is processed.
4. DATA RETENTION
We retain personal information only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce our agreements, and maintain security. Retention periods vary depending on the type of information and the purpose for which it was collected. In general:
- Account information is retained while your account is active and for a reasonable period thereafter for administrative, legal, and security purposes.
- Consent records may be retained as necessary to demonstrate compliance with legal and contractual requirements.
- Security, abuse prevention, and technical logs are retained for limited periods appropriate to operational and security needs.
- Aggregated or anonymized information that does not identify you may be retained for longer periods for analytics and service improvement.
When personal information is no longer required for the purposes described in this Privacy Policy, we will delete it or anonymize it in accordance with applicable law.
5. DATA SECURITY
We implement reasonable technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, misuse, or destruction. These measures include encryption of data in transit where appropriate, role-based access controls, internal confidentiality obligations, system monitoring to detect abuse or unauthorized activity, and established incident response procedures. Access to personal information is limited to authorized personnel and service providers who require such access for legitimate operational purposes. While we take appropriate steps to safeguard personal information, no method of transmission over the internet or electronic storage system can be guaranteed to be completely secure. Accordingly, we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will take appropriate action in accordance with applicable data protection laws.
6. RIGHTS FOR EEA / UK USERS
If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), you may have certain rights under applicable data protection laws, including the General Data Protection Regulation ("GDPR") and the UK GDPR. These rights may include the following:
- Right of Access. You have the right to request confirmation as to whether we process personal information about you and, where we do, to request access to that information together with details about how it is used.
- Right to Rectification. You have the right to request correction of inaccurate personal information and to have incomplete personal information completed.
- Right to Erasure. You have the right to request deletion of your personal information in certain circumstances, including where the information is no longer necessary for the purposes for which it was collected, or where processing is based on consent and you withdraw that consent.
- Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal information in certain situations, such as where you contest the accuracy of the data or object to processing.
- Right to Object. You have the right to object to processing based on our legitimate interests where your particular situation gives rise to such objection. You also have the right to object to processing for direct marketing purposes (although we do not use VPN traffic for direct marketing).
- Right to Data Portability. Where processing is based on contract or consent and carried out by automated means, you may have the right to receive certain personal information in a structured, commonly used, and machine-readable format and to request its transfer to another controller where technically feasible.
- Right to Withdraw Consent. Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in the EEA or the UK if you believe that our processing of your personal information violates applicable data protection laws.
To exercise any of these rights, you may contact us using the contact details provided in this Privacy Policy. We may request information necessary to verify your identity before responding to your request. We will respond to valid requests without undue delay and, in any event, within one month (30 days), unless a longer period is permitted by applicable law.
7. ADDITIONAL RIGHTS FOR CALIFORNIA RESIDENTS
If you are a resident of California, you may have certain rights under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), subject to applicable exceptions and limitations. These rights may include the following:
- Right to Know. You have the right to request that we disclose the categories of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting it, the categories of third parties with whom it is shared, and the specific pieces of personal information we hold about you.
- Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law, including where retention is necessary to provide the Services, detect security incidents, comply with legal obligations, or exercise legal claims.
- Right to Correct. You have the right to request correction of inaccurate personal information that we maintain about you.
- Right to Opt-Out of Sale or Sharing. You have the right to opt out of the sale or sharing of personal information, as those terms are defined under California law. Zenshield does not sell personal information and does not share personal information for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Personal Information. To the extent we process sensitive personal information as defined under California law, you may have the right to request limitations on its use. We do not use sensitive personal information for purposes that would require offering such limitation beyond what is necessary to provide the Services.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising your privacy rights under California law.
To exercise your California privacy rights, you may contact us using the contact details provided in this Privacy Policy. We may need to verify your identity before processing your request. We will respond to verifiable consumer requests within forty-five (45) days, unless an extension is permitted by law.
8. RIGHTS FOR RESIDENTS OF OTHER U.S. STATES
Residents of certain U.S. states may have additional privacy rights under applicable state privacy laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and similar laws. Where applicable, these rights may include:
- Right to Access. You may have the right to confirm whether we are processing your personal information and to access such information.
- Right to Delete. You may have the right to request deletion of personal information that you have provided to us or that we have obtained about you, subject to statutory exceptions.
- Right to Correct. You may have the right to request correction of inaccuracies in your personal information, taking into account the nature of the information and the purposes of processing.
- Right to Data Portability. You may have the right to obtain a copy of certain personal information in a portable and, where technically feasible, readily usable format.
- Right to Opt Out of Certain Processing. Depending on your state of residence, you may have the right to opt out of certain processing activities as defined under applicable state law.
To exercise your rights under applicable state privacy laws, you may contact us using the contact details provided in this Privacy Policy. We may take reasonable steps to verify your identity before responding. We will respond to valid requests within thirty (30) days unless a longer period is permitted by applicable law.
9. PLATFORM DISCLOSURES
Zenshield is distributed through various platforms, including desktop operating systems and mobile application stores. Certain permissions and technical functionalities are required to provide VPN services and, where applicable, bandwidth sharing.
On supported platforms, the application may request VPN-related permissions (including use of VPN framework APIs) solely for the purpose of establishing and maintaining encrypted VPN connections and related network functionality. These permissions are not used to inspect, analyze, or store the content of your internet communications.
Depending on the platform and device settings, the application may operate in the background to maintain VPN connectivity or, where applicable, bandwidth sharing functionality. Background behavior may vary depending on operating system restrictions, platform policies, and user-configurable settings.
Features, including bandwidth sharing functionality, may differ depending on the device type, operating system, or distribution channel. Some app store versions may limit or restrict certain background or network capabilities in accordance with platform requirements.
Zenshield does not use VPN traffic to track user activity across third-party applications. We do not inject advertisements into network traffic and do not manipulate third-party application data for advertising or monetization purposes.
We design and operate the Services in a manner intended to comply with applicable platform policies and technical requirements.