Legal

Privacy Policy

Last updated: February 11, 2026

1. Who we are

This Privacy Policy applies to QAL VPN services provided by QAL VPN PTY LTD ("QAL VPN", "we", "our", "us"). QAL VPN PTY LTD is based in Victoria, Australia (ABN 29 662 691 714, ACN 662 691 714).

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also consider international privacy obligations for users outside Australia.

2. Scope of this policy

This policy covers personal information collected through:

  • the QAL VPN website, including account portal;
  • QAL VPN desktop and mobile applications;
  • customer support and billing interactions; and
  • security and service reliability operations.

3. Information we collect

3.1 Account and identity data

  • email address and authentication identifiers;
  • account status and entitlement metadata; and
  • support communications you send to us.

3.2 Billing data

Subscription billing is processed by Stripe. We receive subscription status, plan identifiers, and customer reference data necessary to grant or revoke service access. We do not store full payment card numbers.

3.3 Device and service telemetry

We may collect limited operational telemetry required to keep service functioning, such as app version, selected region metadata, connection event timing, and error diagnostics. We use this data for reliability, abuse prevention, and support.

3.4 Cryptographic and security metadata

When optional post-quantum mode is enabled, additional cryptographic metadata may be exchanged to support hybrid key establishment. This is used only for secure session setup and service operation.

4. How we use information

We use information to:

  • authenticate users and secure accounts;
  • enforce subscription entitlement before VPN access;
  • operate, maintain, and improve performance of our services;
  • detect abuse, fraud, or security incidents;
  • respond to support requests; and
  • meet legal, regulatory, and compliance requirements.

5. Lawful basis and consent

We process personal information where necessary to perform our contract with you (providing VPN services), for legitimate business interests (security and operations), where you provide consent (for optional communications), and where required by law.

6. Disclosure of information

We may disclose personal information to:

  • cloud and infrastructure providers supporting service delivery;
  • identity and authentication providers;
  • payment and billing providers (including Stripe);
  • professional advisers (legal, accounting, security); and
  • law enforcement or regulators where legally required.

We do not sell personal information to third parties.

7. International data handling

Because our platform uses global infrastructure, information may be processed outside Australia. We take reasonable steps to ensure recipients handle personal information consistently with this policy and applicable law.

8. Security controls

We apply layered safeguards, including:

  • encryption in transit;
  • credential and access controls;
  • segmentation of critical systems;
  • monitoring and incident response workflows; and
  • controlled access to production data.

No system is perfectly secure. We continually improve controls and respond to incidents according to severity and legal requirements.

9. Retention and deletion

We keep personal information only as long as needed for service operations, legal obligations, dispute resolution, and fraud prevention. Retention periods vary by data category and regulatory requirements.

When information is no longer required, we delete or de-identify it using reasonable technical and organizational controls.

10. Your rights

Subject to applicable law, you may request to:

  • access personal information we hold about you;
  • correct inaccurate information;
  • delete account data (subject to required retention);
  • restrict or object to certain processing; and
  • receive certain data in a portable format.

To exercise rights, contact us at support@qalvpn.com.

11. Cookies and web technologies

Our website may use cookies or similar technologies for session continuity, security, and analytics. You can control browser cookie settings, though disabling certain cookies may affect functionality.

12. Children

QAL VPN services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided data to us, contact us and we will take appropriate action.

13. Changes to this policy

We may update this policy periodically. Material changes will be published on our website with an updated date. Continued use of QAL VPN after an update constitutes acceptance of the revised policy.

14. Complaints and regulator contact

If you have a privacy complaint, contact us first so we can investigate and respond. If unresolved, you can contact the Office of the Australian Information Commissioner (OAIC):

15. Contact us

QAL VPN PTY LTD
Victoria, Australia
Email: support@qalvpn.com