Privacy Policy

1.1. The data controller for personal data of Users of the Maximum VPN service (the "Service") is Sirius LTD (registration number 515230530, the "Company", "we", "us"), registered at: Grov Yosef 90, Apt. 6, Be'er Sheva, Israel.

1.2. This Policy is a mandatory disclosure under applicable data protection law.

1.3. All questions and requests should be sent to support@maximum-vpn.com.

1.4. The Terms of Service are published separately at maximum-vpn.com/en/terms-of-service.

3.1. To provide the Service, the Company processes the following categories of data:

3.2. The Company does NOT collect: first name, last name, date of birth, phone number, home address, government identifiers (passport, tax ID, SSN), or biometric data.

3.3. Infrastructure management. The Company uses automated systems (including AI load-balancers) running on on-premises servers in the jurisdictions of the State of Israel and the European Union. Operational data is not transferred to external AI providers. These systems operate solely on technical parameters and do not analyse traffic content, DNS queries, or Users' personal data for commercial purposes.

3.4. Decisions with legal or similarly significant consequences. For the blocking, suspension, or other restriction of an account (including cases of well-founded suspicion of abuse, fraud, or breach of the ToS), a mixed procedure applies:

• the automated anti-abuse system may flag the account and apply a temporary technical access restriction to protect the Service and other Users;
• the final decision to restrict or restore access is made by an authorised employee based on a review of the available technical data and context.

3.5. The Company does not make fully automated decisions about Users. A User against whom an access-restriction decision has been issued has the right to:

• receive an explanation of the reason for the decision;
• challenge the decision and present their own explanations;
• request review of the decision by another authorised employee who was not involved in the initial assessment.

4.1. The Company retains personal data only for as long as necessary for the processing purposes set out in §3. The specific retention period is determined based on the following combined criteria:

• the User's period of active use of the Service;
• a reasonably necessary period after the User stops using the Service to complete settlements and close open requests;
• operational security requirements of the infrastructure (including backup rotation);
• applicable statutes of limitation and the need to protect the rights of the Company and the User in disputes.

4.2. Account deletion. Upon the User's request submitted via the account dashboard or to support@maximum-vpn.com, the Company will delete the account and associated personal data without undue delay, except for data that must be retained under mandatory requirements of applicable law.

5.1. To provide the Service, the Company engages processors in the following categories: payment providers, hosting infrastructure, transactional email services, and support-ticket handling. Transfers to processors are made under data processing agreements. A current list of processors, indicating jurisdiction and the categories of data shared, is available on request via support@maximum-vpn.com.

5.2. The Company does not sell, rent, or share Users' personal data for third-party marketing purposes. Monetisation of User data is not carried out.

5.3. Telegram as an independent controller: when registering and using the Service via the Telegram bot, Telegram FZ-LLC (Dubai, UAE) acts as an independent data controller for its platform and processes the User's data in accordance with its own privacy policy (telegram.org/privacy). The Company is not responsible for data processing on the Telegram side. A User who wishes to minimise the data transferred can register via the web interface at app.maximum-vpn.com.

5.4. Disclosure of data to government authorities is made only on the basis of a valid court order or other legally binding instruction from a competent authority of the State of Israel or another jurisdiction in accordance with international treaties. By virtue of the No-Logs Policy (§2), the Company technically does not hold traffic logs, DNS-query logs, or session-IP correlation and therefore cannot provide such data.

6.1. Control plane — processing of personal data. The account database, billing, support correspondence logs, crash reports, and backups are hosted exclusively on servers in the jurisdictions of the State of Israel and the European Union. No other geographic regions are used by the Company to store personal data.

6.2. The State of Israel is covered by the European Commission's adequacy decision on the level of data protection, confirmed in January 2024. Transfers of personal data from the European Economic Area (EEA) to Israel do not require additional safeguards.

6.3. Data plane — VPN exit nodes. To operate the Service, the Company runs a network of VPN nodes (exit nodes) in various countries around the world. These nodes perform solely the function of transit routing of encrypted traffic and, by virtue of the No-Logs Policy (§2), do not store personal data of the User — neither IP addresses, nor DNS queries, nor traffic content, nor activity journals. Accordingly, exit nodes are not a place of processing of personal data, and their geographic location does not give rise to obligations regarding international data transfers.

6.4. Technical and organisational protection measures. The Company applies cryptographic protection for the User's traffic in transit (end-to-end VPN tunnel encryption) and for personal data at rest (encryption of databases and backups), as well as organisational measures (least-privilege access control, logging of administrative actions, regular security updates, pseudonymisation of diagnostic data). The specific cryptographic algorithms, protocol versions, and implementation details constitute the Company's trade secret and are not subject to public disclosure for security reasons; such information is provided to a competent supervisory authority upon a reasoned request.

7.1. The User is entitled to request access to the personal data being processed, its rectification, erasure, restriction of processing, portability, objection to processing, and withdrawal of consent previously granted. Requests should be sent to support@maximum-vpn.com and are processed within a reasonable period.

7.2. The User also has the right to lodge a complaint with the national data protection supervisory authority at their place of residence.

8.1. In the event of a personal data security breach that may cause a risk to the rights and freedoms of Users, the Company will notify the competent supervisory authority within 72 hours of becoming aware of the incident.

8.2. If the incident is likely to result in a high risk to the rights and freedoms of Users, the Company will, in addition and without undue delay, notify the affected Users by email and via in-app notification.

9.1. The Company reserves the right to amend this Policy. The updated version is published at maximum-vpn.com/en/privacy-policy with the date of the last update.

9.2. The Company will notify Users of material changes (affecting the categories of data processed, retention periods, transfers to third parties, or the scope of User rights) at least 14 calendar days in advance via email or in-app notification. Such changes take effect for a specific User only after explicit confirmation through an in-app modal. A User who does not agree with the updated version is entitled to stop using the Service and request deletion of the account via support@maximum-vpn.com; until confirmation is received, Service functionality requiring the updated processing basis may be limited.

9.3. Minor changes (typos, restructuring, updates to contact details) take effect upon publication and do not require separate confirmation.

10.1. The maximum-vpn.com website uses cookies to ensure the site works and for anonymous traffic analytics. Non-essential cookies are set only after the User's consent via the cookie banner; consent can be withdrawn at any time through browser settings.