Privacy policy

Last updated: version 251201, December 2025
Controller: IPlumVPN B.V., Zodiakplein 44, 2516CD, The Hague, The Netherlands, KVK 85814067
Contact: privacy@keepyourhomeip.com

We process your personal data solely to provide and secure our services in line with the GDPR. If processing is based on legitimate interest, our legitimate interests for processing have been assessed and documented in a Legitimate Interest Assessment available upon request.

This policy explains how IPlumVPN B.V. under the name of KeepYourHomeIP ("KYHIP", "we", "us") processes your personal data for our website, your account and devices, and our VPN service.  It is divided into the following sections:

  • A) Website and Communication
  • B) Account and Device Management
  • C) WireGuard Configuration and Diagnostics

Core baseline: we do not log your browsing history, traffic contents, DNS queries, connection timestamps, session durations, or source/outgoing IP addresses. 

We process only the personal data that is strictly necessary for the purposes set out in this policy, adhering to the principle of data minimization.

By visiting our website, creating an account, or using our services, you confirm you have read this Privacy Policy and the Terms of Use.

We process personal data only where one or more of the following apply:

  • Contract, to provide, maintain, and support the services you requested.
  • Legal obligation, to meet accounting and tax recordkeeping duties.
  • Legitimate interests, to secure the service against malicious activity, prevent financial fraud, and ensure the ongoing stability and performance of our systems, provided our interests do not override your rights and freedoms.
  • Consent, for non-essential cookies/analytics or marketing; can be withdrawn at any time.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

Part A, Website and Communication (keepyourhomeip.com)

Categories of data

  • Essential technical data (Shopify-hosted storefront): Our store runs on Shopify. Shopify sets strictly necessary cookies and processes limited technical data (e.g., IP address, device/browser info) in its platform/CDN to operate checkout, security, and fraud prevention. These are required for the site to function and do not require consent.
  • Analytics and marketing cookies: These load only if you consent via our cookie banner. You can change your choice at any time, see reference in ‘Cookies and analytics’ hereunder.
  • Communication: This can be done by emailing us directly, using the contact form on our website, submitting a ticket, or interacting with our chatbot.

Purposes and legal bases

  • Fulfilling orders, customer service, and servicing your purchases (contract).
  • Tax and accounting compliance (legal obligation).
  • Site reliability, security, and abuse prevention (legitimate interests).
  • Measuring site usage through non-essential cookies (consent).

Cookies and analytics

  • Essential cookies (checkout, security) operate without consent.
  • Non-essential cookies (e.g., analytics) load only after opt-in. You can change or withdraw consent at any time via the cookie settings link in the footer.

Retention

We will not keep your personal data longer than is necessary for the purpose for which it was collected or for which it is processed. We keep some data for a certain period because we are required to do so by law, for example on the basis of tax and financial legislation. The starting point is then the statutory retention period.

  • Orders/invoices: kept as required by law (typically 7 years; certain VAT records may require longer).
  • Support emails: kept while the ticket is open and up to 24 months thereafter unless you request earlier deletion where legally possible.
  • Analytics data: retained according to your consent choices and vendor settings.

Part B, Account and Device Management (account.keepyourhomeip.com)

What we store

  • Account and billing identifiers: account ID, name, email, phone, address, order/subscription status.
  • Device identifiers (per added router): serial number, device ID, MAC address.
  • Operational status flags (shown in UI): e.g., router online/offline; Auto-Configuration Server (ACS) state (locked/unlocked).
  • WireGuard keys associated with your devices/peers.
  • Ephemeral visibility (not retained): certain live values (e.g., "last IP seen", transient service states) may be displayed to you for diagnostics but are not stored as logs.

What we do not process

We do not collect or centrally process device/router telemetry; telemetry remains local on your device.

Purposes and legal bases

  • Provisioning accounts and devices, entitlement management, diagnostics shown in the UI (contract).
  • Security, service integrity, and fraud prevention (legitimate interests).

Retention

  • Account profile and device registry: retained while your account is active and up to 30 days after closure for reconciliation and fraud prevention, unless a longer legal retention applies to specific records (e.g., invoices).
  • Ephemeral diagnostics: UI-only; not logged.

Part C, WireGuard Configuration and Diagnostics

What we store and where

On our relay servers we store the WireGuard configuration needed to provide the service (e.g., public keys, assigned/internal addresses/allowed IPs, server interface settings).

Customer choice and retention

Manual users
  • We save the WireGuard VPN server configuration file of our customers after the KYHIP VPN setup has been completed.
  • Our customers can opt out from saving the VPN server configuration file by simply sending an email to support@keepyourhomeip.com, expressing their desire to opt out of this data collection. Once we receive such an email, we will immediately proceed with erasing the file from our database.
  • In case troubleshooting assistance is needed for a customer who rejected saving the VPN server configuration file, we will ask them to provide us with a configuration file for testing purposes. This is necessary to determine the root cause of the issue and provide effective support.
  • If the customer is not comfortable sharing their VPN server configuration file for testing purposes, we respect their privacy. In such cases, we will provide the customer with instructions on how to test the VPN server with the WireGuard application.
Plug-and-play customers
  • Required while active: storing your WireGuard configuration including support configuration is necessary to deliver and troubleshoot the service; no opt-out is possible while the subscription is active.
  • Automatic deletion: when a subscription expires or after the cancellation period expires, the associated WireGuard configurations and keys are removed from our active systems without undue delay. Any encrypted backups (if used) are purged on their normal cycle.

Logs

We do not store access logs of your VPN activity (no browsing history, DNS queries, traffic contents, connection timestamps, session durations, or source/outgoing IP logs).

Information related to processing under Parts A, B and C

Sub-processors and Recipients

We use carefully selected service providers acting as processors to help us operate our services. Typical categories include:

A comprehensive and up-to-date list of our current sub-processors, including their location and function, is available upon request to privacy@keepyourhomeip.com, and we ensure that all processors are bound by appropriate data processing agreements (DPAs).

International transfers

If personal data is transferred outside the EEA, we use lawful transfer tools (e.g., Standard Contractual Clauses) and implement supplementary safeguards where required.

Security

We apply technical and organizational measures appropriate to the risk, including:

  • Network and platform hardening, access controls, MFA for administrative access.
  • Encryption in transit and at rest for sensitive stores.
  • Key management for WireGuard.
  • Segregation of environments and least-privilege permissions.
  • Logging and audit of administrative actions.
  • Vulnerability management, patching, and incident response procedures.
  • Encrypted backups with short, rolling retention and scheduled purging.

Your Rights

The following is an overview of the rights and protections that may be available to users in the European Economic Area ("EEA"). Detailed information is available at https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en. Please note that we have to take steps to confirm your identity before acting on your request.

  • Access to your Personal Data: know and access personal data we have collected about you
  • Rectification (correction) of your Personal Data
  • Erasure of your Personal Data
  • Restriction of processing
  • Halting of processing based on an objection
  • Data portability, the ability to receive a portable format copy of Personal Data held about you and to move the data to another data controller
  • Withdrawal of your consent from processing. Note: withdrawal does not invalidate the consent-based processing that occurred prior to withdrawal
  • To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you as the data subject
  • Lodge a complaint by exercising your rights by contacting us directly or, if all else fails, by lodging a complaint with the Dutch supervisory authority (Autoriteit Persoonsgegevens) or in your home country.
  • Within one month of the submitted request, you will receive an answer from us. Depending on the complexity and the number of the requests this period may be extended to two months.

At any time, you can contact us at support@keepyourhomeip.com. We will address any requests in accordance with applicable laws and to the best of our ability in a timely manner.

You also have the right to lodge a complaint with your local supervisory authority.

Children

We do not offer our services for use by children and, therefore, we do not knowingly collect Personal Data from, and/or about individuals under the age of sixteen (16) or under the age of majority in the jurisdiction of residency/from which the services are used. 

If you are under the age of sixteen (16), or under the age of majority in the jurisdiction where you reside or from which you use the services, do not provide any Personal Data to us without the involvement of a parent or a legal guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. If we become aware that you provide Personal Data in violation of applicable privacy laws, we reserve the right to delete such data from our files as soon as reasonably possible.

Applicable law

These conditions are governed by Dutch law. The court in the district where the controller has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.

Changes to this policy

We reserve the right to make changes to this Policy at any given time. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page. If at any point in time, we decide to make use of any personally identifiable information on file, in a manner vastly different from that which was stated when this information was initially collected, the user or users shall be promptly notified by email. Users at that time shall have the option as to whether to permit the use of their information in this separate manner. The current available version of this privacy policy is the only version that applies while visiting our website until a new version replaces the current version.

Useful links