Welcome to the Presto VPN iOS application and thank you for your interest in this Privacy Policy!
We know that the handling of your personal data is important to you. For this reason, we take the greatest possible care when handling your personal data and thus ensure a high level of data security. We respect the personal rights of our users and are aware of the importance of protecting the personal data we receive from you.
This Privacy Policy contains information about our data protection practices and measures as well as the rights to which you are entitled within the framework of the Turkish Law on the Protection of Personal Data No. 6698 (the "PPD") and the EU's General Data Protection Regulation ("GDPR"). Given the similarities between the PPD and the GDPR, no conflict should arise pursuing a uniform approach. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.
The controller within the meaning of the PPD and the GDPR for the processing of personal data is:
Esinti Yazılım Teknoloji ve Giyim San. Tic. Ltd. Şti
Address: Feriköy Mahallesi Fırın Sokak No:69/2 Bomonti Şişli İstanbul TURKEY
E-Mail: info@esintilimited.com
If you have any questions about the processing of your personal data, as well as your rights regarding data protection, please contact us.
This privacy policy applies to the Presto VPN iOS applications ("the App").
When designing the APP, we have made sure that as little as possible information that directly identifies you is collected. As however some countries including the European Union, have a broad definition of personal data this policy covers it. In this sense we would need to first of all explore the definition of personal data.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our VPN infrastructure is designed not to retain logs of your online activity. Specifically:
No user accounts. The APP does not require you to create an account, and we do not collect your name, email address, or other directly identifying information to use the VPN. Your device is associated with an anonymous, app-generated device identifier (on iOS, the Identifier for Vendor, "IDFV"), which is used to verify your subscription status and to provide the service.
Connection records. When you start a VPN connection, our servers record which VPN server location you connect to and the time of the connection, associated with your anonymous device identifier and your subscription identifier. We retain these connection records for a maximum of 3 months (90 days), after which they are automatically deleted. We process them for the purposes of operating and securing our network and detecting and preventing fraud and abuse of the service (such as automated abuse or the unauthorized sharing of subscriptions). The legal basis for this processing is our legitimate interest in the security and integrity of our service (Art. 6 (1) f) GDPR).
These connection records show which of our servers you connected to and when. They do not reveal — and cannot be used to determine — the websites, services, or destinations you access through the VPN, your DNS queries, the content of your traffic, or how long you stayed connected. We do not combine connection records with any browsing or activity data, because we do not collect such data. To limit the lifetime of any single connection, VPN sessions are also automatically terminated after a maximum of 24 hours.
For clarity, this no-activity-logging commitment relates specifically to the traffic that passes through our VPN servers. It is distinct from the connection records described above and from the operational, analytics, attribution, and subscription data that is necessary to operate the APP itself (such as install events, in-app events, crash reports, and subscription status), which is described in detail in the relevant sections below (Firebase, Google Admob, AppsFlyer, Adapty). None of this data is derived from the contents of your VPN traffic.
The processing of your personal data may be based on the following legal grounds:
The PPD grants the following rights:
The GDPR grants the following rights:
To assert these rights, please contact us at any time using the details provided. You also have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.
To exercise your rights, please contact us. In accordance with the PPD/GDPR, we will need to confirm your identity to process your requests and we may require you to provide your device identifier or information associated with your transactions, or to provide government identification, signed declarations and other proof of identity.
If you believe that the personal data, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing or withdraw your consent, please contact us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer your requests. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Personal data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our APP. As indicated above we have made sure that as little as possible information that directly identifies you is collected.
If you contact us, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you. If you contact us through the support option within the APP, your device identifier (IDFV) may be included in your message so that we can identify your device and assist you more effectively. We delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations. The legal basis for processing is our legitimate interest and/ or a contractual or precontractual measure.
a) Downloading the APP
The APP can be downloaded from the Apple App service "App Store" a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install our APP.
Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
b) Installing the APP
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
c) Starting the App
Every time you start the APP, your data is synchronized, and your device communicates with our server through a signed token associated with your anonymous device identifier. The transmission takes place automatically and is a prerequisite for the secure functioning of the APP and is therefore mandatory.
d) Device information
We, or Apple and our service providers on our behalf, collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, the device identifier (on iOS, the Identifier for Vendor, "IDFV"), device type, device-specific and APP settings and properties, APP crashes, and — only where you have granted tracking permission under Apple's App Tracking Transparency framework — the device's Advertising Identifier ("IDFA").
We use the Google Firebase developer platform and related features and services provided by Google Inc and Google Ireland Limited. Google Firebase is a platform for developers of apps for mobile devices. The Google Firebase developer platform offers a variety of features. A list of these features can be found at: https://firebase.google.com/terms/. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy
We use the following Google Firebase services in our app:
By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes.
Our App is built using the Freemium Model. As such, the Free Tier of the APP uses the Google Admob service, provided by Google, to display advertisements.
Whether the advertisements you see are personalized depends on your tracking permission under Apple's App Tracking Transparency framework (see the "App Tracking Transparency (ATT)" section below). If you grant tracking permission, Google may use your device's Advertising Identifier (IDFA) and similar technologies to display personalized advertising. If you do not grant permission, the advertisements shown are non-personalized (contextual), and Google may still use limited, non-identifying information to serve, cap, and measure these advertisements.
You can review how Google handles data for advertising at https://policies.google.com/technologies/ads and in Google's Privacy Policy at https://policies.google.com/privacy, and you can manage tracking permission and ad-related settings on your device at any time.
We use AppsFlyer, a mobile attribution and marketing analytics service provided by AppsFlyer Ltd., 14 Maskit Street, Herzliya, Israel. AppsFlyer helps us measure the performance of our marketing campaigns, understand how users discover and interact with our App, and detect fraudulent installs.
To do so, AppsFlyer may collect and process information such as device identifiers (including IDFV, and IDFA where you have granted permission under Apple's App Tracking Transparency framework), IP address, device type, operating system version, network information, app install and in-app event data, and attribution information.
The legal basis for this processing is our legitimate interest in measuring and optimizing the performance of our App and our marketing activities (Art. 6 (1) f) GDPR), and where required, your consent (Art. 6 (1) a) GDPR).
Data processed by AppsFlyer may be transferred to and stored on servers located outside the European Union, including in Israel and the United States. The transfer is carried out in accordance with the provisions of Art. 46 GDPR. More information about AppsFlyer's privacy practices is available at https://www.appsflyer.com/legal/services-privacy-policy/.
For the management and analysis of in-app purchases and subscriptions, the APP uses the product Adapty from Adapty Tech Inc. Adapty enables us to manage subscriptions, run paywall experiments, and analyze monetization performance.
To do so, Adapty may collect and process information such as device identifiers, IP address, transaction and subscription information, app version, and in-app event data related to purchases and paywalls.
The legal basis for this processing is our legitimate interest in providing and improving the App's subscription functionality (Art. 6 (1) f) GDPR) as well as the performance of a contract (Art. 6 (1) b) GDPR) where the processing is necessary to deliver the subscription service you have purchased.
The transfer is carried out in accordance with the provisions of Art. 46 GDPR. You consent to the collection of data by the APP and its transmission to Adapty. If the storage of the provided data by the third-party provider is not desired, the use of the APP is to be refrained from. More information about Adapty's privacy practices is available at https://adapty.io/privacy/.
In accordance with Apple's App Tracking Transparency framework, the APP requests your permission before accessing your device's Advertising Identifier (IDFA) for the purpose of tracking you across apps and websites owned by other companies. The permission prompt is shown by the operating system; if you do not grant permission, the operating system does not make a usable IDFA available to the APP or to the third-party services it uses, and certain features such as personalized advertising and cross-app attribution measurement will be limited or disabled.
Granting or denying this permission does not affect your ability to use the core VPN functionality of the APP. We never use the IDFA — or any other identifier — to track your browsing or your activity through the VPN tunnel, in line with the no-activity-logging commitment described in this policy. You can review or change your tracking permission at any time via your device Settings under Privacy & Security > Tracking.
Where you grant permission, the IDFA may be processed by the third-party services described in this policy, including Google Admob, AppsFlyer, and Adapty, for advertising and attribution purposes. Where you deny permission, these services continue to operate using non-identifying device signals (such as the IDFV), in compliance with Apple's policies.
The legal basis for the processing of the IDFA, where collected, is your consent (Art. 6 (1) a) GDPR).
Advertisers and third parties also may collect information about your activity on our APP, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our APP and on third-party sites and applications.
You can opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. You may also be able to choose to control targeted advertising on other websites and platforms that you visit. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.
The main reason we use your data is to deliver and improve our services as follows:
We keep your personal data only as long as we need it for legitimate business purposes and as permitted by applicable law.
Because the APP does not require you to create an account, most of the data we process is associated only with an anonymous, app-generated device identifier (IDFV) rather than with your real-world identity. You can stop all further collection of information by the APP at any time by uninstalling it (see "Uninstall" below).
If you wish to request deletion of data associated with your device, you can contact us using the details in this policy. In order to locate the relevant data, we may ask you to provide your device identifier. We will then delete or anonymize the data we hold, unless:
Data held by third-party service providers (such as Apple, Google/Firebase, AppsFlyer, and Adapty) is also subject to those providers' own retention practices, as described in their respective privacy policies. We cannot promise that all data will be deleted within a specific time-frame due to technical constraints.
The VPN servers that route your encrypted internet traffic (so-called "exit nodes") are operated on infrastructure provided by DigitalOcean. We may add additional infrastructure providers, including Amazon AWS, in the future; in such cases, this Privacy Policy will be updated accordingly.
In line with our no-activity-logging commitment described above, the VPN servers that route your traffic do not log the websites you visit, the destination IP addresses you connect to, your DNS queries, the content of your traffic, or how long you stay connected. Processing on these servers is limited to what is technically required to establish and maintain the encrypted VPN tunnel between your device and our servers. Separately, as described in the "Connection records" section above, we record which VPN server you connect to and the time of connection, retained for up to 3 months for security and abuse-prevention purposes.
We have selected infrastructure providers that offer industry-standard physical, network, and operational security controls. Our infrastructure providers operate data centers in multiple jurisdictions, including jurisdictions outside the European Union. We have no influence over the legal regimes of the jurisdictions in which our infrastructure providers operate. Because we do not retain activity logs, we are unable to disclose your browsing history, the websites or services you accessed, your DNS queries, or the content of your traffic in response to any legal request, as we do not hold this information. The connection records described above (which server you connected to, and when) are retained for up to 3 months and may be subject to lawful disclosure where we receive a binding legal request.
In general, your APP data is saved and stored on our secure servers operated using DigitalOcean (and, where applicable, Amazon AWS). These providers restrict access to a select group of employees who have a business purpose to access personal data, log employee access to systems that contain personal data and only permit access to personal data by employees who sign in with 2-factor authentication.
In addition, we only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
We work hard to protect you from unauthorized access to or alteration, disclosure, or destruction of your personal data. As with all online technology, we take steps to secure your data, however we do not promise, and you should not expect, that your personal data will always remain secure. We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical, and organizational security measures. We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security.
Further, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
We may disclose your personal data to third parties:
We may also disclose your personal data to a governmental or regulatory body, law enforcement, or other authorities, in order to enforce our terms of use for the APP, to cooperate with any legally binding direction, request or order from such parties, or to report any suspected unlawful activity.
In responding to any such request, we will only disclose data that we actually hold at the time of the request. Because of the no-activity-logging architecture described above, we are technically unable to produce VPN activity logs, browsing history, the websites or services you have connected to through our VPN, records associating your originating IP address with destination IP addresses, or DNS query records — because this data is not retained in the first place. Data that we do hold — such as the connection records described above (which server you connected to, and when, for up to 3 months), and subscription, attribution, and analytics data described in this policy — may be subject to lawful disclosure where we receive a binding legal request.
The App is aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
You are not obliged to provide us with personal data. However, depending on the individual case as described above, the provision of certain personal data may be necessary for the provision of the services. If you do not provide us with this personal data, we may not be able to provide the requested service.
The APP may send you push notifications, including service-related notifications and, where applicable, promotional messages. Push notifications are not enabled in all versions of the APP, and where they are used, they require your permission, which is requested by your device's operating system. If push notifications are enabled, they are delivered via Apple Push Notification service (APNs), and may be facilitated by Firebase Cloud Messaging. You can adjust or stop receiving push notifications at any time via your device settings.
We may request access or permission to certain functions from your mobile device (Access to VPN configurations and Push notifications). The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can change your permissions at any time via the Settings Menu of your operation system.
You can stop the collection of information by our APP by uninstalling it using the standard uninstall procedure for your device.
We do not make automated decisions in individual cases, including profiling.
Because we're always looking for new and innovative ways to improve our APP, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
Any comments or queries on this policy should be directed to us using the following contact details:
Esinti Yazılım Teknoloji ve Giyim San. Tic. Ltd. Şti
Address: Feriköy Mahallesi Fırın Sokak No:69/2 Bomonti Şişli İstanbul TURKEY
E-Mail: info@esintilimited.com
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.
This Privacy Policy was last updated on Wednesday, June 10, 2026.
Copyright © 2022 PrestoVPN - All Rights Reserved.
TELİF HAKKI © 2026 ESINTI YAZILIM TEKNOLOJI VE GIYIM SAN. TIC LTD STI - TÜM HAKLARI SAKLIDIR.